Salesforce Certified Identity and Access Management Practice

How does Salesforce support third-party security username/password management?

• A. Through Direct Authentication which requires Salesforce to manage passwords
• B. Through Delegated Authentication which allows external identity providers
• C. By enabling API access without authentication
• D. By offering additional password options

The correct answer is: Through Delegated Authentication which allows external identity providers

Salesforce supports third-party security username/password management through Delegated Authentication, which allows organizations to use external identity providers for user authentication. This approach enables users to log in to Salesforce using credentials managed by an identity provider that the organization has chosen, instead of having Salesforce manage those passwords directly. Delegated Authentication enhances security by leveraging established security practices of external systems that might already have stronger password policies and multifactor authentication capabilities. This option also streamlines the user experience since it can provide single sign-on (SSO) functionality, where users authenticate once to gain access to multiple applications, including Salesforce. The other options do not align with this strategy. Direct Authentication, for example, would mean that Salesforce itself is responsible for managing passwords, which is not the focus here. API access without authentication would undermine security protocols and therefore is not a viable option. While offering additional password options might improve security, it does not specifically address third-party management of username/password credentials in the same comprehensive way as Delegated Authentication does.