Preparing For The Salesforce ‘Identity and Access Management’ Designer Exam

You are currently viewing Preparing For The Salesforce ‘Identity and Access Management’ Designer Exam

I was dreading taking this exam since I have the least amount of experience in the Identity/Access management area compared to other spaces in Salesforce. I spent days going through SSO, OAuth, Community Self Registration and Identity related documentation which  was helpful conceptually but the lack of experience was a little worrisome to me. I finally mustered the courage and took the plunge today. I was 65-70% sure that I would pass the exam before clicking the Submit button and fortunately, the results were in my favor.

The exam had 65 multiple-choice questions with a 65% passing score and 120 minutes allotted to complete the exam. Like all other Architect Academy exams, the cost of this exam is USD 400. Here is the Credential Overview which is also available on the official Salesforce certification website:


The Salesforce Certified Identity and Access Management Designer credential is designed for those who assess the architecture environment and requirements and design sound, scalable and high-performing solutions on the platform that meet the Single Sign-on (SSO) requirements. Candidates should have experience communicating solutions and design trade-offs to businesses and IT stakeholders.

The Salesforce Certified Identity and Access Management Designer has the following background:

  • One year of Identity and Access Management experience
  • One year of Salesforce experience with a major component security setup and design
  • Two years of Securities Technology experience


Here are some examples of the concepts you should understand to pass the exam:

  • Understanding Configuration requirements of delegated authentication
  • Understanding configuration requirements of SAML
  • Knowledge of when to use IDP initiated vs. service provider initiated
  • Describing provisioning and de-provisioning related to SAML, Oauth, and OpenID Connect


The most important topics that you must be well versed with to pass the exam are listed below:

  • Connected Apps (Knowing the settings is important)
  • SAML related errors and troubleshooting
  • OAuth Scopes and their uses
  • My Domain and its uses
  • Types of OAuth Flows (know each of them really well since there will be tons of questions on these)
  • Two Factor Authentication (2FA)
  • Identity Provider and Service Provider related scenarios
  • Delegated Authentication
  • SAML Federated Authentication
  • Community Self Registration: Apex Registration Handler related scenarios
  • Login Flows
  • Just-in-Time Provisioning
  • Salesforce1 and SSO
  • External Identity, Identity, Customer Community, Customer Community Plus, Salesforce Platform licenses and uses
  • CA-Signed Certificates and Self-Signed Certificates
  • Active Directory (AD) and Identity Connect
  • Concepts like Access Token, Refresh Token, Relay State, Start URL, Callback URL


Above topics should cover you well for the exam. Following resources were my holy grail for the exam:

Digging Deeper into OAuth 2.0 on

Enabling Single Sign-On with the Platform

Single Sign-On with and Microsoft Active Directory Federation Services

Create a Connected App

Customize the Community Self-Registration Process with Apex

Identity Provider Values

Salesforce Communities Licenses