Upload
juliet-quinn
View
227
Download
1
Tags:
Embed Size (px)
Citation preview
Identity on Force.com & Benefits of SSO
Nick Simha
Where is identity needed with Salesforce.com?
Desktop Apps
Browser
User ID and password can be entered via browser.
Salesforce.com provides mechanism to programmatically pass a token though the password field.
User ID and password are user entered on device.
No way to programmatically pass a token.
No way to intercept the login request.
User ID and password are user entered in plug-in.
No way to programmatically pass a token.
Some provide mechanism to re-direct login request.
Devices
How does standard Salesforce.com authentication work?
Your Salesforce.com administrator creates a user– Email is sent to new user with their User ID and a one time use
password.– User must create a password when they first login.– Your administrator sets the password policy. (Complexity, reuse,
etc.) User Logs into Salesforce.com with a User ID and Password
– User ID must be globally unique.– User ID is typically in the form of an email address.– Password is stored in Salesforce.com as a MD5 Hash. (one way
encryption) What happens when I forget my password?
– Your administrator can reset the password. New one time use password is sent via email
– Salesforce.com support can reset the password. Just like your administrator.
Single Sign-On (SSO) enables a more seamless user experience
Benefits of Single Sign-On
Reduced Administrative Costs– All user authentication information resides in a central directory, which reduces
the need to maintain, monitor and potentially synchronized multiple stores.– Reduces password-related user support requests.
Increased ease of use / adoption– Each user only has a single username and password which grants them
seamless access to all corporate resources and Salesforce.– Single Sign-On also saves users time, since each individual sign-on process
can take 5 to 20 seconds to complete. Enhanced Security
– Password policies established for your corporate network will also be in effect for Salesforce.com.
– Automatic provisioning and deprovisioning of users prevents unwarranted access.
– Sending an authentication credential that is only valid for a single use can increase security for users who have access to sensitive data.