Authentication Flows Web Server Authentication Flow are for apps hosted on a secure server must be used when the server must protect the secret uses the “Authorisation Code” grant type, which is optimised for confidential clients and may request both access and refresh tokens Steps The web server redirects the user to Salesforce to authenticate […]
Describe the capabilities for customizing the registration experience for external communities (for example; Branding options, self-registration, communications, etc.).
Each community by default comes with login, logout, password management and self registration pages and Salesforce provides the underlying code (Apex controllers) for all this. Community Builder or Visualforce can be used to customize branding and this default behavior. Brand Community Login Page We can use out own logo, change background colors, add a custom […]
Describe the role(s) Identity Connect plays in an Identity Management solution.
Identity Connect integrates Microsoft Active Directory (AD) with Salesforce. User information entered in AD is shared with Salesforce seamlessly and instantaneously. Companies that use AD for user management can use Identity Connect to manage Salesforce accounts. Identity Connect enables you to upload user data from your enterprise data store (Active Directory) to one or more […]
Given a scenario, recommend the most appropriate Salesforce license type(s) to support the identity requirements.
Identity License The Identity license grants users access to Identity features. Salesforce Identity connects Salesforce users with external applications and services, while giving admins control over authentication and authorization for these users. Identity licenses are included with all paid user licenses in Enterprise, Performance, and Unlimited Editions. Ten free Identity user licenses are included with […]
Given a scenario, identify the risks and mitigation strategies that session security and Two-Factor Authentication enable (E.g. High Assurance Sessions, 2FA, etc.).
Session Security Session security is used to limit exposure to network when a user leaves the computer unattended while still logged in. It limits the risk of internal attacks, such as one employee tries to use another employee’s session. Session timeout Control inactive user session expiry from Session settings page. Default value is 2 hours. […]
Given a scenario, determine the most appropriate Two-Factor Authentication mechanism for an identity solution.
2FA Login requirements and Custom Policies for Single Sign-On, Social Sign-On and Communities 2FA can be applied to all Salesforce user interface authentication methods that include username and password, delegated authentication, SAML SSO, Social Sign-On through an Auth Provider, to users in Salesforce orgs and Communities. To enable 2FA for users assigned to a particular […]
Describe the risks that Two-Factor Authentication mechanisms aim to mitigate.
Introduction to Two – Factor Authentication Two-factor authentication is a security feature that can be enabled by admins to add a second layer of security during the authentication process. It is a security process that cross-verifies users with two different forms of identification to access their Salesforce application. These two forms typically include knowledge factors […]
Given a scenario, recommend the Salesforce technologies that should be used to provide identity to the third-party system (Canvas, Connected Apps, App Launcher, etc.).
Describe the role(s) Connected Apps play when Salesforce needs to provide identity to a third-party system.
Use Cases Access Data with API Integration For requesting access, app must be integrated with Salesforce API using OAuth 2.0 protocol OAuth enables authentication, authorization, and secure data sharing between applications through the exchange of tokens. Developers and ISVs use OAuth authorization flows to integrate their app with Salesforce API. Integrate Service Providers (SP) with […]
Describe the various implementation concepts of OAuth (for example; scopes, secrets, tokens, refresh tokens, token expiration, token revocation, etc.).
Grant Types Authorization Code Grant Used to obtain both access tokens and refresh tokens optimized for confidential clients It is redirection-based client must be capable of interacting with the resource owner’s user-agent and capable of receiving incoming requests. Implicit Grant used to obtain access token Optimized for public clients Clients are implemented in a browser […]