Describe the components of an identity management solution where Salesforce is accepting identity from a 3rd party.

Federated Authentication Federated authentication using Security Assertion Markup Language (SAML) lets us send authentication and authorization data between affiliated but unrelated web services. We can log in to Salesforce from a client app. Salesforce enables federated authentication for the org automatically. Delegated Authentication Delegated authentication SSO integrates Salesforce with an authentication method that we choose. […]

Given a scenario, troubleshoot common points of failure that may be encountered in a Single Sign-on solution (SAML, OAuth, etc.).

Delegated Authentication If Delegated authentication is enabled and if there are login errors, details can be viewed under setup → Delegated Authentication Error History We can get details about the recent twenty one errors that can be filtered by username, login time and error.If Salesforce and the third party system cannot connect or if the […]

Describe the components of a Delegated Authentication solution. Describe the risks of Implementing Delegated Authentication

Use Cases Integrate Salesforce with the authentication method of your choice like LDAP.Authentication can be done with Token instead of password.Delegated authentication is managed at permission level and not at org level.Contact Salesforce for enabling Delegated authentication.There may be a slight delay in the login process. Benefits Uses a stronger form of user authentication, such […]

Describe the role(s) Connected Apps play when Salesforce needs to provide identity to a third-party system.

Use Cases Access Data with API IntegrationFor requesting access, app must be integrated with Salesforce API using OAuth 2.0 protocolOAuth enables authentication, authorization, and secure data sharing between applications through the exchange of tokens.Developers and ISVs use OAuth authorization flows to integrate their app with Salesforce API.Integrate Service Providers (SP) with Salesforce OrgWhen Salesforce acts […]

Describe the various implementation concepts of OAuth (for example; scopes, secrets, tokens, refresh tokens, token expiration, token revocation, etc.).

Grant Types Authorization Code GrantUsed to obtain both access tokens and refresh tokens optimized for confidential clientsIt is redirection-basedclient must be capable of interacting with the resource owner’s user-agent and capable of receiving incoming requests. Implicit Grantused to obtain access tokenOptimized for public clientsClients are implemented in a browser using a scripting language like JavaScript.redirection-based […]

Given a scenario, determine the most appropriate flow type to recommend when implementing an OAuth solution where Salesforce is providing identity to a third party (for example, User Agent, Web Server, JWT, etc.)

Web Server Authentication Flow are for apps hosted on a secure servermust be used when the server must protect the secretuses the “Authorization Code” grant type, which is optimized for confidential clients and may request both access and refresh tokensStepsThe web server redirects the user to Salesforce to authenticate and authorize the server to access […]

Given a scenario, identify the risks and mitigation strategies that session security and Two-Factor Authentication enable (E.g. High Assurance Sessions, 2FA, etc.)

Session Security Session security is used to limit exposure to network when a user leaves the computer unattended while still logged in. It limits the risk of internal attacks, such as one employee tries to use another employee’s session.Session timeoutControl inactive user session expiry from Session settings page. Default value is 2 hours. When the […]

Given a scenario, determine the most appropriate Two-Factor Authentication mechanism for an identity solution.

2FA Login requirements and Custom Policies for Single Sign-On, Social Sign-On and Communities 2FA can be applied to all Salesforce user interface authentication methods that include username and password, delegated authentication, SAML SSO, Social Sign-On through an Auth Provider, to users in Salesforce orgs and Communities.To enable 2FA for users assigned to a particular profile, […]

Describe the risks that Two-Factor Authentication mechanisms aim to mitigate.

Introduction to Two – Factor Authentication Two-factor authentication is a security feature that can be enabled by admins to add a second layer of security during the authentication process. It is a security process that cross-verifies users with two different forms of identification to access their Salesforce application. These two forms typically include knowledge factors […]

Given a scenario, recommend the most appropriate Salesforce license type(s) to support the identity requirements.

Identity License Identity license grants users access to Identity features. Salesforce Identity connects Salesforce users with external applications and services while giving admins control over authentication and authorization for these users. Identity licenses are included with all paid user licenses in Enterprise, Performance, and Unlimited Editions. Ten free Identity user licenses are included with each […]