What should an identity architect recommend to prevent this from happening in the future?

Identity and Access Management Designer

Last Post by Esteban 1 year ago

1 Posts

1 Users

0 Likes

102 Views

RSS

Esteban

(@rippesteban)

Posts: 727

Noble Member

Topic starter

Northern Trail Outfitters (NTO) has an off-boarding process where a terminated employee is first disabled in the Lightweight Directory Act Protocol (LDAP) directory, then requests are sent to the various application support teams to finish user deactivations. A terminated employee recently was ableto login to NTO's Salesforce instance 24 hours after termination, even though the user was disabled in the corporate LDAP directory.

What should an identity architect recommend to prevent this from happening in the future?

A . Create a Just-in-Time provisioning registration handler to ensure users are deactivated in Salesforce as they are disabled in LDAP.
B. Configure an authentication provider to delegate authentication to the LDAP directory.
C. use a login flow to make a callout to the LDAP directory before authenticating the user to Salesforce.
D. Setup an identity provider (IdP) to authenticate users using LDAP, set up single sign-on to Salesforce and disable Login Form authentication.

Show Answer Hide Answer

Suggested Answer: B

Posted : 12/01/2023 9:27 am

Topic Tags

Identity and Access Manag

Latest Salesforce Identity and Access Management Designer Dumps Valid Version

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download PDF

Forum Jump:

Previous Topic

Next Topic