TA and SA

Technical Architect and System Architect resources

Get Started. It's Free
or sign up with your email address
TA and SA by Mind Map: TA and SA

1. Identity and Access Management Designer

1.1. Exam outline

1.1.1. Identity Management Concepts 34% (20 questions) Describe the risks to enterprise security that federated single sign-on solutions aim to address. Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials (e.g., name and password) to access multiple applications Having multiple credentials also increases the complexity of how each application would present users with different sign-on displays. This situation exposes an underlying deeper issue: the users would be very susceptible to phishing attacks because it increases the sign-on methods that could be spoofed. This situation reinforces a need for allowing users access to applications using Single Sign-On (SSO) as one source of authentication in today’s world where applications are increasingly becoming disjointed from being hosted on premise to the cloud. Authentication (passport - IdP Authorization (boarding Pass - token) Describe the role(s) an identity provider and service provider play in an access control solution. Identity Provider Service Provider Describe common methods how trust connections are established between two systems and the methodologies used to describe trust between an identity provider and service provider. Session Level Policies 2 Factor Authorization - riskbased Methods of trust Methodologies Given a scenario, articulate whether it is describing an authentication, authorization, or accounting scenario and what Salesforce feature should be used to accomplish the task. Understanding OAuth 2.0 Digging Deeper into OAuth Authentication Authorization Given a scenario, recommend the appropriate method for provisioning users in Salesforce and other third party services (SOAP/REST API, SAML JIT, Identity Connect, User Provisioning for Connected Apps, etc.) Identity Connect SOAP/REST API SAML JIT User Provisioning for Connected Apps Given a scenario, troubleshoot common points of failure that may be encountered in a single sign-on solution (SAML, OAuth, etc.). Check login History SAML Assertion Validator Browser add-on: Live HTTP Headers What fields can the SAML assertions have for the user? Why would you get an Assertion Expiration?

1.1.2. Accepting 3rd party Identity 21% (13 questions) Describe the components of an identity management solution where Salesforce is accepting identity from a 3rd party. Given a scenario, recommend the appropriate authentication mechanism when Salesforce needs to accept 3rd Party Identity (Enterprise Directory, Social, Community, etc.) Given a scenario, recommend the appropriate method of SAML initiation to fulfill the requirements (SP-init, IdP-init.) Describe the components of a Delegated Authentication solution. Managed at the permission level, allowing flexibility to require some users to delegate authentication while others SFDC managed. SFDC validates username and checks users permission and access settings IF SSO enabled permission for user then makes a call to the webservice to Authenticate. If enabled then SFDC no longer manages/enforces password policies Web Service passes the Uname, Pwd and source IP. Service returns "True" or "False" to Salesforce. Describe the risks of implementing delegated authentication.

1.1.3. SFDC as an identity provider 18% (11 Questions) Given a scenario, determine the most appropriate flow type to recommend when implementing an OAuth solution where Salesforce is providing identity to a 3rd party (E.g. User Agent, Web Server, JWT, etc.) Web server (Authorization Code) Gold Standard when the client can securly keep the secrete. Utilizes refresh token. Normally for Server to Server web communications User Agent (Implicit) - Normally used for mobile clients - can utilize the refresh token User Name and Password (Resource owner and password) Shouldn't be used only as last resource since this passes the Username and Password back and forth (no refresh token) Device (Client) - used by devices such as smart TVs or picture frames where they are limited input feature. (no refresh token) JWT Bearer - used between server to server with a digital certificate where no resource owner is required to put in a Uname or pwd, after the initial setup. JASON based (no refresh token) SAML Bearer - Same as JWT but XML based, SAML (No refresh token) SAML Assertion - No connected app is required (no refresh token) Describe the various implementation concepts of OAuth (E.g. scopes, secrets, tokens, refresh tokens, token expiration, token revocation, etc.) Describe the role(s) Connected Apps play when Salesforce needs to provide identity to a third party system. Connected App Key Settings Given a scenario, recommend the Salesforce technologies that should be used to provide identity to the 3rd party system. (Canvas, Connected Apps, App Launcher, etc.).

1.1.4. Access Management Best Practices 12% ( 7 questions) Describe the risks that Two-Factor Authentication mechanisms aim to mitigate. Given a scenario, determine the most appropriate Two-Factor Authentication mechanism for an identity solution. Given a scenario, identify the risks and mitigation strategies that session security and Two-Factor Authentication enable (E.g. High Assurance Sessions, 2FA, etc.). High Assurance sessions for reports, dashboards, email adoption campaigns Manage IP restrictions Encryption keys Manage Auth Providers Delegated Best Practices Must deploy webservice into DMZ 10 seconds for login time out, user presented with error message Generate SOAP stub from WSDL file, EXACT matches, includes capitalization Webservice avaliable to TLS IP address that originated request = SourceIP Recommend NOT to enable SSO for Admins due to Authentication server has outage Admin can disable SSO for rest of company Federated Authentication SAML Best practices SSO setting configuration has the Login URL in Salesforce to be placed in the Identity provider, some time called the recipient URL 3 minute time skew with IDP server Use SAML assertion validator located on the SSO setting config page in Salesforce, for troubleshooting Use the My Domain settings to prevent users from logging into SFDC directly. audience URL must match Entity ID value in the SSO configuration.

1.1.5. SFDC Identity 8% (5 questions) Given a scenario, recommend the most appropriate Salesforce license type(s) to support the identity requirements. External Identity License Identity license Describe the role(s) Identity Connect plays in an Identity Management solution. Ability to connect to Active Directory and provide near realtime sync between AD and Salesforce user, one way sync, to provision Salesforce Users. Provides SSO to your orginization User Provisioning only if org already has an SSO solution. Other Identity notes Deployment Considerations Password Sync plugin Integrated Windows Authentication (IWA)

1.1.6. Community (partner and customer) 7% (4 questions) Describe the capabilities for customizing the registration experience for external communities (E.g. Branding options, self-registration, communications, etc.).

1.2. Journey Guide Study resources

1.2.1. Architect Core Resources

1.2.2. Trailmix: Identity and Access Management Designer Resource Guide General Resources Understanding Authentication About Single Sign-On Identity Implementation Guide Identity How-to's OAuth.net Choosing an SSO Strategy: SAML vs OAuth2 Salesforce Identity Connect General Overview 1. SSO 2. Identity Management Suggested Activities 1. Establish a Federation ID 2. Set up your identity provider 3. Generate SAML

1.2.3. Login Flows

1.3. Destination Success

1.3.1. Trailhead: user Authentication

1.3.2. Trailhead: Identity for Customers

1.3.3. Identity Implementation Guide

1.4. Trailheads

1.4.1. Secure Identity and Access Management Identity Basics User Authentication Identity For Customers Identity Connect Basics

1.5. Other resources

1.5.1. Succeed with Salesforce SAML related errors and troubleshooting Troubleshoot SAML Assertions My Domain and its uses Types of OAuth Flows (know each of them really well since there will be tons of questions on these) Web Server User Agent Device User Name Password Two Factor Authentication (2FA) Identity Provider and Service Provider related scenarios Set up examples For Salesforce to be an identity provider what needs to be enabled? What would you use to troubleshoot issues when Salesforce is the Identity provider? Delegated Authentication SAML Federated Authentication Community Self Registration: Apex Registration Handler related scenarios What approach would be used to deprovisioning? Login Flows Just-in-Time Provisioning What are three advantages of JIT provisioning? Salesforce1 and SSO External Identity, Identity, Customer Community, Customer Community Plus, Salesforce Platform licenses and uses External Identity Identity CA-Signed Certificates and Self-Signed Certificates Active Directory (AD) and Identity Connect Connected Apps (Knowing the settings is important) Concepts like Access Token, Refresh Token, Relay State, Start URL, Callback URL Access Token Refresh Token Relay State Start URL CallBack URL

1.5.2. Video Series

1.5.3. Dzone.com https://dzone.com/articles/saml-versus-oauth-which-one https://dzone.com/articles/how-saml-authentication-works https://dzone.com/articles/depth-saml

1.5.4. Provisioning Users Communities

1.5.5. Choosing an SSO Strategy

1.5.6. SFDC99

1.5.7. Which flow should I use?

1.5.8. Plurasight: Understanding Salesforce.com Single Sign-on Solution Course Overview Setting the Stage Understanding Identity Provider (IdP) Initiated SAML Understanding Service Provider (SP) Initiated SAML Understanding OAuth Flows Understanding Third-party Authorization Providers

1.5.9. General overview (Vinay) What is Identity Management definition and uses Federated identities open ID vs SAML vs OAuth OWASP OAuth vs. SAML vs. OpenID Connect SAML Overview Claims-Based Identity Federated Identity

1.5.10. How SAML, OAuth, Identity Federation works

1.5.11. Internal Study: SFDC Bedrock

2. Integrating with the Force.com Platform

3. System Architect

3.1. Integration architecture Designer

3.1.1. Destination Success Week 1 Integrating with the force.com platform Integration Security Integration User Interface Integration Business logic Data Integration Trailhead: API Basics Get to Know the Salesforce APIs Use REST API Use SOAP API Use Bulk API Use Streaming API Trailhead: Apex Integration service

3.1.2. superbadge

3.1.3. SFU-Certification guide Understanding the Basics Integrating with the Force.com Platform Integration Integration Workbook Integration Architecture Designer Resource Guide (Inking) General 1. Technologies and Overall Integration Strategy 2. Integration Solution Tools 3. Security Suggested Activities Prep and Study Certification Study Guide

3.1.4. Independent resources cory cowgill blog Succeed with Salesforce Items you need to know

3.2. Dev Life cycle & Deployment Designer

3.2.1. Exam Break down...

3.2.2. Destination Success Week 2 Intro to Force.com Development Lifecycle Intro to Application Development lifecycle Change management

3.2.3. Unsupported Metadata types

4. Application Architect

5. Administrators

5.1. Admin

5.2. Advance admin

6. Implementation Experts

6.1. Community Cloud Consultant

6.1.1. Commitment 30-40 hours

6.1.2. Recommended Experience: 2-5 years

6.2. Marketing Cloud Consultant

6.3. Pardot Consultant

6.4. Sales Could

6.5. Service Cloud Consultant

6.6. Field Service

6.6.1. Exam Outline Field Service Life Cycle Explain the Salesforce product lines: Field Service Lightning Allows you to manage work orders, scheduling, and mobile access. Create Service Resources, and crews with skills, territories and availability Multi-level territories which are regions where technicians work Track: location and status of inventory, warehouse, vehicles and customer sites Design and implement successful Field Service solutions Build Field Service solutions that are scalable and maintainable: o Scheduling and optimization o Resource management o Asset management o Inventory management o Work Order and Service Appointments lifecycle management o Contract, entitlements, and warranty o Mobility o Quoting and invoicing Prescribe business process optimization based on Field Service Lightning capabilities and customer needs

6.6.2. Implementing Field Service Lighting (FSL-201)

6.6.3. Complete Guide to Field Service

6.6.4. Trailhead Getting started

6.7. Mobile Solutions Arch Designer

6.7.1. Architect Core Resources

6.7.2. App Cloud Mobile Overview

6.7.3. Lightning Experience Development

6.7.4. Mobile Solutions Architecture Guide General Resources Salesfoce1 Platform: Mobile Strategy Video Seris Native, HTML5, Hybrid: Understanding Mobiel App Dev Options Heroku 101: Beginner's Guide to Hosting Apps in the Cloud Salesforce App Cloud API Services Guide Build an IOS App on Heroku in 10 Minutes Heroku Mobile App Template Multi-Device Strategy Power Up Your Mobile STrategy: Apps for Admins From Mobile strategy to Reality General Overview 1. Mobile Strategy and Design 2. Mobile Security Suggested Activities

6.7.5. Study Guide

7. Technical Architect

7.1. summa: my experience

7.2. How I become a CTA

7.3. Steve Simpson: My road to CTA

7.4. Cheatsheets

7.5. Blog post Charly Prinsloo