Pass the Salesforce Identity and Access Management Designer Identity-and-Access-Management-Architect Questions and answers with CertsForce

When Salesforce is acting as an identity provider and the goal is to make a third-party application available from within Salesforce, two standard tools work together: a connected app to define trust and single sign-on behavior, and the App Launcher to give users a discoverable entry point. The connected app handles the identity relationship and protocol settings, while the launcher exposes the application from the Salesforce UI. Delegated Authentication and external data sources solve different problems and don’t provide the same app-launch experience. In Salesforce Identity architecture, this combination is common because it aligns governance and usability: the app is centrally configured through a connected app and then delivered to users as part of their Salesforce app catalog. This is why options A, C work together as the correct solution.

The AMR field in Salesforce Login History is meaningful only when the upstream identity provider includes authentication-method information in a way Salesforce can understand. Salesforce can surface AMR information from modern federation patterns, but the actual authentication methods must be asserted by the IdP. That is why architects need to think about protocol support and IdP implementation. The field is useful because it shows how the user authenticated upstream, for example whether MFA or another method was used. High-assurance session settings are related to policy enforcement, but they do not by themselves populate AMR. The key design point is that AMR is an observation of the IdP’s authentication methods, not an independent Salesforce-generated fact. This is why options A, C work together as the correct solution.