Salesforce Certified Identity and Access Management Designer — Question 4

Universal Containers (UC) is setting up delegated authentication to allow employees to log in using their corporate credentials. UC's security team is concerned about the risks of exposing the corporate login service on the internet and has asked that a reliable trust mechanism be put in place between the login service and Salesforce.
What mechanism should an Architect put in place to enable a trusted connection between the login service and Salesforce?

Answer options

• A. Require the use of Salesforce security tokens on passwords.
• B. Enforce mutual authentication between systems using SSL.
• C. Set up a proxy service for the login service in the DMZ.
• D. Include Client Id and Client Secret in the login header callout.

Correct answer: B

Explanation

The correct answer is B because enforcing mutual authentication through SSL ensures that both the login service and Salesforce can verify each other's identities, enhancing security. Option A is incorrect as security tokens do not establish a trust relationship. Option C, while useful for isolation, does not directly create a trusted connection. Option D involves credentials but does not provide a secure trust mechanism.