When Salesforce is acting as an identity provider and the goal is to make a third-party application available from within Salesforce, two standard tools work together: a connected app to define trust and single sign-on behavior, and the App Launcher to give users a discoverable entry point. The connected app handles the identity relationship and protocol settings, while the launcher exposes the application from the Salesforce UI. Delegated Authentication and external data sources solve different problems and don’t provide the same app-launch experience. In Salesforce Identity architecture, this combination is common because it aligns governance and usability: the app is centrally configured through a connected app and then delivered to users as part of their Salesforce app catalog. This is why options A, C work together as the correct solution.