Describe the components of an identity management solution where Salesforce is accepting identity from a 3rd party.

Federated Authentication Federated authentication using Security Assertion Markup Language (SAML) lets us send authentication and authorization data between affiliated but unrelated web services. We can log in to Salesforce from a client app. Salesforce enables federated authentication for the org automatically. Delegated Authentication Delegated authentication SSO integrates Salesforce with an authentication method that we choose. […]

Given a scenario, troubleshoot common points of failure that may be encountered in a Single Sign-on solution (SAML, OAuth, etc.).

Delegated Authentication If Delegated authentication is enabled and if there are login errors, details can be viewed under setup → Delegated Authentication Error History We can get details about the recent twenty one errors that can be filtered by username, login time and error.If Salesforce and the third party system cannot connect or if the […]

Describe the components of a Delegated Authentication solution. Describe the risks of Implementing Delegated Authentication

Use Cases Integrate Salesforce with the authentication method of your choice like LDAP.Authentication can be done with Token instead of password.Delegated authentication is managed at permission level and not at org level.Contact Salesforce for enabling Delegated authentication.There may be a slight delay in the login process. Benefits Uses a stronger form of user authentication, such […]

Describe the role(s) Connected Apps play when Salesforce needs to provide identity to a third-party system.

Use Cases Access Data with API IntegrationFor requesting access, app must be integrated with Salesforce API using OAuth 2.0 protocolOAuth enables authentication, authorization, and secure data sharing between applications through the exchange of tokens.Developers and ISVs use OAuth authorization flows to integrate their app with Salesforce API.Integrate Service Providers (SP) with Salesforce OrgWhen Salesforce acts […]

Describe the various implementation concepts of OAuth (for example; scopes, secrets, tokens, refresh tokens, token expiration, token revocation, etc.).

Grant Types Authorization Code GrantUsed to obtain both access tokens and refresh tokens optimized for confidential clientsIt is redirection-basedclient must be capable of interacting with the resource owner’s user-agent and capable of receiving incoming requests. Implicit Grantused to obtain access tokenOptimized for public clientsClients are implemented in a browser using a scripting language like JavaScript.redirection-based […]

Given a scenario, determine the most appropriate flow type to recommend when implementing an OAuth solution where Salesforce is providing identity to a third party (for example, User Agent, Web Server, JWT, etc.)

Web Server Authentication Flow are for apps hosted on a secure servermust be used when the server must protect the secretuses the “Authorization Code” grant type, which is optimized for confidential clients and may request both access and refresh tokensStepsThe web server redirects the user to Salesforce to authenticate and authorize the server to access […]