Northern Trail Outfitters (NTO) has an off-boarding process where a terminated employee is first disabled...

Question

Northern Trail Outfitters (NTO) has an off-boarding process where a terminated employee is first disabled in the Lightweight Directory ActProtocol (LDAP) directory, then requests are sent to the various application support teams to finish user deactivations. A terminated employee recently was able to login to NTO's Salesforce instance 24 hours after termination, even though the user was disabled in the corporate LDAP directory.
What should an identity architect recommend to prevent this from happening in the future?

Accepted Answer

B. Configure an authentication provider to delegate authentication to the LDAP directory.

Answer

A. Create a Just-in-Time provisioning registration handler to ensure users are deactivated in Salesforce as they are disabled inLDAP.

Answer

C. use a login flow to make a callout to the LDAP directory before authenticating the user to Salesforce.

Answer

D. Setup an identity provider (IdP) to authenticate users using LDAP, set up single sign-on to Salesforce and disable Login Form authentication.

Big Halloween Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: simple70

Exam Identity-and-Access-Management-Architect All Questions

Salesforce Identity and Access Management Designer Identity-and-Access-Management-Architect Question # 62 Topic 7 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts: