Universal Containers wants to allow its customers to log in to its Experience Cloud via a third party authentication provider that supports only the OAuth protocol.
What should an identity architect do to fulfill this requirement?
A.
Contact Salesforce Support and enable delegate single sign-on.
When the external identity source supports only OAuth and there is no predefined provider type available in Salesforce, the architect should use a custom external authentication provider. Prebuilt OpenID Connect support assumes an OIDC-compliant provider, which is more specific than raw OAuth. Delegated authentication and certificate-based patterns solve different identity problems and are not meant to retrofit a nonstandard OAuth provider into Experience Cloud sign-in. The custom provider option exists precisely for this gap: it lets Salesforce participate in an authentication exchange with an external service that does not fit one of the standard built-in provider templates. In practice, this gives the architect control over how Salesforce obtains and interprets the external identity information. This is why option C is the best answer in Salesforce terms.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit