Skip to content
SF CTA Study Hub

Supporting Artifacts Quick-Ref

The Tier 2 artifacts that round out your CTA presentation. Each one covers a specific scoring domain. Judges probe these less deeply than the Big 3, but a missing or weak supporting artifact can still cost you the section.

1. Integration Architecture Diagram

Purpose: Detailed view of all integration interfaces — data flows, protocols, patterns, error handling. This zooms into the arrows from your System Landscape.

What to Include

ElementDetails
Source + target systemsFor each integration point
Integration patternRequest-Reply, Fire-and-Forget, Batch, Event-Driven, Pub-Sub
ProtocolREST, SOAP, Platform Events, CDC, Streaming API, Bulk API
MiddlewareMuleSoft, Heroku, custom middleware layer
Data directionUnidirectional or bidirectional arrows
Sync vs AsyncFor each interface
FrequencyReal-time, near-real-time, scheduled (cron), event-triggered
Error handlingDead letter queues, retry logic, alerting, circuit breakers
Data transformationWhere and how data is mapped between systems
VolumesRecords/messages per interface per day

Interface Reference Table Pattern

The numbering technique

If your diagram gets too busy, number each integration (I-01, I-02…) on the diagram and create a companion table in Google Sheets with full details. Present both: diagram for visual story, table for technical depth. Judges appreciate this level of organization.

InterfaceSourceTargetPatternProtocolSync/AsyncFrequencyVolumeError Handling
I-01ERPSalesforceBatchREST Bulk APIAsyncNightly50K recordsRetry 3x, DLQ, alert
I-02SalesforceDWEvent-DrivenCDCAsyncReal-time10K/dayPlatform Event replay
I-03PortalSalesforceRequest-ReplyREST APISyncReal-time500 req/minCircuit breaker, 429 retry

Integration Pattern Decision Matrix

NeedPatternProtocol Options
Instant response requiredRequest-ReplyREST, SOAP
No response neededFire-and-ForgetPlatform Events, Outbound Message
Large data volumesBatchBulk API, ETL, Data Loader
React to record changesEvent-DrivenCDC, Platform Events
Multiple consumersPub-SubPlatform Events, Streaming API
Complex orchestrationProcess OrchestrationMuleSoft, Heroku

Mandatory Checklist (verify before presenting)

CheckPass?
MuleSoft/ESB shown as explicit layer between Salesforce and every external system?
Every arrow labeled with sync/async/batch timing?
Every arrow labeled with protocol (REST, SOAP, Platform Events, CDC, Bulk API)?
Error handling shown for each interface (retry, DLQ, alerting)?
Volumes per interface documented?
Legend included?

Common Mistakes

Integration gotchas

  • No middleware layer — direct arrows from Salesforce to external systems without MuleSoft/ESB in between. Every Salesforce-to-external connection must route through the integration layer
  • Unlabeled arrows — every arrow needs three labels: direction, timing (sync/async/batch), and protocol (REST/SOAP/Events). Use labels like “Sync REST”, “Async Platform Event”, “Batch ETL (nightly)”
  • Happy path only — judges always ask “what happens when this fails at 2 AM?”
  • No error handling — every interface needs retry logic, DLQ, and alerting
  • No volumes — “how many records?” is a guaranteed question
  • Saying “ETL” without specifics — name the tool, the steps, the schedule
  • Ignoring API limits — Salesforce has daily API call limits; how does your design stay within them?
  • Sync where async is appropriate — blocking calls for non-urgent data flows

Judge Q&A Targets

QuestionPrep
”What happens when integration X fails?”Retry count, DLQ, monitoring, manual recovery
”Why sync instead of async here?”Latency requirement from scenario
”What are the API limits?“100K calls/day (Enterprise), show you calculated
”How do you handle data conflicts?”Last-write-wins, master system designation, conflict queue

Domains scored: Integration (D5), System Architecture (D1)

2. Identity & SSO Flow Diagram

Purpose: The authentication and authorization flow showing login sequences, identity federation, and SSO across systems. Must show the actual step-by-step flow, not just “we use SAML.”

What to Include

ElementDetails
Identity Provider (IdP)Corporate AD, Okta, Azure AD, Salesforce as IdP, social login
Service Providers (SP)Salesforce orgs, portals, external systems
ProtocolSAML 2.0, OAuth 2.0, OpenID Connect
Flow typeSP-initiated vs IdP-initiated
User provisioningJIT, manual, automated via integration
MFAMulti-factor approach per user type
Portal identityHow external users authenticate (separate IdP? self-registration?)
Token managementAccess tokens, refresh tokens, session policies

SSO Flow Template (SAML SP-Initiated)

sequenceDiagram
    participant U as User
    participant SP as Salesforce (SP)
    participant IdP as Corporate IdP (Okta)

    U->>SP: 1. Access Salesforce URL
    SP->>IdP: 2. SAML AuthnRequest (redirect)
    IdP->>U: 3. Login prompt (if no session)
    U->>IdP: 4. Enter credentials + MFA
    IdP->>SP: 5. SAML Response (assertion)
    SP->>SP: 6. Validate assertion + JIT provision
    SP->>U: 7. Salesforce session established

Protocol Decision Quick-Ref

ScenarioProtocolFlow
Internal users, corporate IdPSAML 2.0SP-initiated
External portal users, social loginOpenID ConnectSP-initiated
System-to-system (no user)OAuth 2.0 JWT BearerClient Credentials
Mobile app authenticationOAuth 2.0Web Server or Device Flow
Salesforce-to-SalesforceNamed Credentials + OAuthJWT Bearer
Marketing Cloud connectOAuth 2.0Web Server

Internal vs External Identity

AspectInternal UsersExternal (Portal) Users
IdPCorporate (Okta, Azure AD)Social, self-registration, or customer IdP
ProtocolSAML 2.0 typicallyOpenID Connect or SAML
ProvisioningJIT or directory syncSelf-registration + approval
MFACorporate MFA policySMS/email verification
Session timeout2-12 hours (corporate policy)Shorter (30 min - 2 hours)
LicenseFull Salesforce licensesCommunity/Experience Cloud licenses

Common Mistakes

Identity flow gotchas

  • Saying “we use SSO” without showing the flow — judges expect the step-by-step sequence
  • Not differentiating internal vs external — they have completely different flows
  • Forgetting logout — session timeout, single logout (SLO), token revocation
  • No MFA — multi-factor authentication is expected for all production access
  • Confusing SAML roles — know which system is the IdP and which is the SP clearly
  • Missing provisioning — how do user accounts get created? JIT? Manual? Automated sync?

Domains scored: Security (D2), System Architecture (D1)

3. Data Migration Strategy

Purpose: The plan for moving data from legacy systems to Salesforce — sequencing, tooling, validation, and rollback.

What to Include

ElementDetails
Source systemsWhere data comes from
ApproachBig-bang vs phased/incremental
ETL toolingData Loader, Informatica, Jitterbit, MuleSoft
Object load orderParent objects first, junction objects last
Data cleansingDedup, validation, enrichment steps
External ID strategyHow records are matched between old and new systems
Volume estimatesRecord counts per object
ValidationHow you verify integrity post-migration
Rollback planWhat happens if migration fails midway
Cutover planWhen to switch, parallel run period

Load Sequence Rule

flowchart LR
    A["1. Users\n+ Roles"] --> B["2. Accounts"]
    B --> C["3. Contacts"]
    C --> D["4. Products\n+ Pricebooks"]
    D --> E["5. Opportunities\n+ Line Items"]
    E --> F["6. Cases"]
    F --> G["7. Junction\nObjects"]
    G --> H["8. Attachments\n+ Files"]

    style A fill:#1B96FF,color:#fff
    style G fill:#FE9339,color:#fff

The parent-first rule

Always load parent objects before children. Load junction objects after both related objects exist. Load attachments and files last. External IDs on every object enable upsert-based matching.

Migration Approach Decision

FactorBig-BangPhased
RiskHigher — all-or-nothingLower — incremental validation
DowntimeSingle extended windowMultiple shorter windows
ComplexitySimpler plan, harder executionComplex plan, easier execution
Data consistencyGuaranteed at cutoverRequires delta sync between phases
CTA recommendationSmall orgs, simple dataLarge orgs, complex dependencies

Common Mistakes

Migration gotchas

  • No external IDs — how will you match records between systems during migration?
  • Wrong load order — loading Contacts before Accounts causes lookup failures
  • No validation plan — how do you verify record counts, relationship integrity, data quality post-load?
  • No rollback — judges ask “what if the migration fails halfway?” Have an answer
  • Saying “extract, cleanse, transform, load” without specifics — this is a buzzword trap. Name the tools, the rules, the schedule

Domains scored: Data (D3), Integration (D5)

4. Governance & DevOps Framework

Purpose: Environment strategy, CI/CD pipeline, release management, and organizational governance. Covers all 6 objectives of Domain 6.

What to Include

ElementDetails
EnvironmentsDev sandboxes, partial copy, full copy, staging, production
Branching strategyFeature branches, integration, release, main
CI/CD pipelineSource control -> build -> test -> deploy (with tool names)
Testing strategyUnit, integration, UAT, regression (with coverage targets)
Release cadenceSprint-based, quarterly, ad-hoc
Governance modelCoE, architecture review board, change advisory board
Code reviewPeer review, automated analysis (PMD, ESLint)
Deployment toolsSalesforce CLI, change sets, Gearset, Copado, AutoRABIT

Environment Pipeline Pattern

flowchart LR
    DEV["Developer\nSandbox\n(per developer)"]
    INT["Integration\nSandbox\n(partial copy)"]
    QA["QA / UAT\nSandbox\n(partial copy)"]
    STG["Staging\n(full copy)"]
    PROD["Production"]

    DEV -->|"PR + code review"| INT
    INT -->|"automated tests"| QA
    QA -->|"UAT sign-off"| STG
    STG -->|"CAB approval"| PROD

    style PROD fill:#d4504c,color:#fff
    style DEV fill:#2E844A,color:#fff

Governance Quick-Ref

Governance ElementPurposeWho
Center of Excellence (CoE)Standards, best practices, trainingSenior architects
Architecture Review BoardDesign sign-off for major changesCTAs, lead architects
Change Advisory Board (CAB)Production release approvalIT leadership, business
Code Review ProcessQuality gate before mergePeer developers
Automated Code AnalysisEnforce standards (PMD, ESLint)CI pipeline

Common Mistakes

Governance gotchas

  • No sandbox refresh strategy — how often do you refresh? What data is included?
  • Missing rollback plan — what happens if a production deploy fails?
  • No testing in pipeline — automated tests must run before deployment, not after
  • Vague governance — “we have a CoE” is not enough. Name the cadence, the stakeholders, the approval gates
  • Ignoring metadata conflicts — parallel development streams cause merge conflicts. How do you handle them?

Judge Q&A Targets

QuestionPrep
”How many sandboxes and what types?”Developer (per dev), Partial Copy (integration + QA), Full Copy (staging)
“What is your branching strategy?”Feature branches -> integration -> release -> main
”Where do automated tests run?”On PR creation and before deployment to QA
”What is your rollback strategy?”Quick deploy of last known good, metadata rollback via source control
”Who approves production releases?”CAB with business and IT sign-off

Domains scored: Development Lifecycle (D6)

Supporting Artifacts Checklist

Before presenting, verify every supporting artifact passes this check:

CheckSystem LandscapeIntegrationIdentityMigrationGovernance
Titled with header?
Legend included?
Tied to requirements?
Error/failure paths?N/ARequiredN/ARequiredRequired
Volumes/counts?RequiredRequired
Trade-offs annotated?

Sources