Salesforce Certified Identity and Access Management Practice

Salesforce supports third-party security username/password management through Delegated Authentication, which allows organizations to use external identity providers for user authentication. This approach enables users to log in to Salesforce using credentials managed by an identity provider that the organization has chosen, instead of having Salesforce manage those passwords directly.

Delegated Authentication enhances security by leveraging established security practices of external systems that might already have stronger password policies and multifactor authentication capabilities. This option also streamlines the user experience since it can provide single sign-on (SSO) functionality, where users authenticate once to gain access to multiple applications, including Salesforce.

The other options do not align with this strategy. Direct Authentication, for example, would mean that Salesforce itself is responsible for managing passwords, which is not the focus here. API access without authentication would undermine security protocols and therefore is not a viable option. While offering additional password options might improve security, it does not specifically address third-party management of username/password credentials in the same comprehensive way as Delegated Authentication does.