Question: 1/50
A company uses a central Identity Provider (IdP) to authenticate employees. The security team wants Salesforce to accept authentication from the IdP and automatically create users on first login while ensuring users are assigned to the correct profile and permission sets based on department attributes. What should the architect recommend?
Configure Salesforce as a Service Provider with SAML JIT provisioning and map SAML assertions to User fields, then use permission set group assignment via automation based on attributes
Enable Salesforce Login Flow to create users on first login and use the login flow to assign profiles and permission sets
Use OAuth 2.0 Authorization Code Flow and create users with an Apex REST service called by the IdP after login
Implement Delegated Authentication and use an LDAP connector to create and update users in Salesforce