Salesforce Identity: Connect and Collaborate Anywhere, Securely with Single Sign-On

Salesforce IdentityTips & Techniques for Advanced Users & Administrators

Vilas Ekbote

Director Technical Services SFDC East

facebook.com/perficient twitter.com/perficientlinkedin.com/company/perficient

• Founded in 1997

• Public, NASDAQ: PRFT

• 2013 revenue of $375 million

• Major market locations throughout

North America

• Global delivery centers in China,

Europe and India

• >2,100 colleagues

• Dedicated solution practices

• ~90% repeat business rate

• Alliance partnerships with major

technology vendors

• Multiple vendor/industry technology

and growth awards

Perficient Profile

• Combined strength of two well established Salesforce.com Gold Cloud

Alliance Partners

– Previously known as Clear Task and CoreMatrix

• 75 certified consultants, 177 Salesforce.com Certifications

• More than 450 customers

• Completed ~3,000 Salesforce engagements

• Salesforce Cloud expertise: Sales, Service, Marketing, Chatter, and custom

development on Force.com

• One of the highest Salesforce.com customer satisfaction ratings: 9.5 out

of 10!

Salesforce Business Unit

Topics

Salesforce Identity

• Overview

• Features

• Licenses

• Identity Use Cases

• Demo

– Connected Apps

– My Domain & Branded Login

– App Launcher

– Two-factor Authentication

– Identity Reports & Dashboards

• Private AppExchange

• Identity Connect

Q&A

Salesforce Identity for Everyone

5

Customers

Partners

Employees

From Any Device

Salesforce Identity Features/Technologies

6

Salesforce Identity

Single Sign on

Connected Apps

Mobile Identity

My Domain

Social Sign on

Brandable Login

Directory Integration

User & Access Management

Reports & Dashboards

Multi-factor Authentication

Open Standards Support

Overview

• What is Salesforce Identity and what does it do?

– Salesforce Identity is an Identity and Access Management Service

[IAM]

• Salesforce Identity has following capabilities:

– Cloud-based user directories

– Authentication services to verify users and keep granular control

over user access

– Access management and authorization for third-party apps

– Provisioning and de-provisioning of apps

– An API for viewing and managing your deployment of Identity

features

– Reporting on the use of apps and services by your Identity users

– Salesforce Identity Connect: for single sign-on integration with

directory services like Microsoft Active Directory

7

Licensing

• Existing customer with Enterprise Edition or above already have it free

• Salesforce Identity License – cloud based identity for mobile, web and on-premise

– [$5/user/mo. billed annually], includes:

– Single sign-on

– Mobile identity

– Chatter

– User and access management

– Cloud directory

– Multi-factor authentication

– Reporting and dashboards

– Brandable services

– Social sign-on

• Salesforce Identity Connect License – Use existing directory services

– Includes Active Directory connector for provisioning and single sign-on.

– Add-on to Salesforce Identity license

• External identities - Manage identities for customers, partners and other external users. Flexible options per user/mo. or per login/mo. available by contacting Salesforce

8

Topics

Salesforce Identity

• Overview

• Features

• Licenses


• Demo

– Connected Apps


– App Launcher





Q&A

Salesforce Identity – Employee Use Case & Setup

A company needs the employees to sign-in to multiple applications to get their job done.

• Need to setup My Domain [required]

• Optional – customize login page

• Setup Salesforce as Identity provider for Single Sign On [SSO]

• Setup SAML based SSO between Salesforce and External Application [e.g. Google Apps]

• Setup App Launcher control which users have access to which applications and provide a single place to launch external applications without logging in again

• Optional – Setup Private AppExchange

• Optional - Setup permission sets to control access to applications

• Optional - Build Reports and dashboards to track user activity and app usage

• Optional - Enhance security using two-factor authentication

• Optional – Integrate with corporate Active Directory to automatically login to Salesforce.com using their corporate user identity

10

Demo 1

• Demo Employee Flow - Salesforce Identity Single Sign-

On with Google Apps

• My Domain

• Connected Apps

• App Launcher

11

Salesforce Identity – Customer/Partner Use Case & Setup

A company needs the customers/partners to sign-in to

portal/community web sites using their Google or Facebook

credentials.

• Need to setup My Domain [required]

• Setup Google as Authentication Provider

• Configure oAuth on Google

• Customize automatic user provisioning up on login

• Setup Customer Community site and setup access permissions

• Customize customer community tabs/pages, colors and logos

• Configure Customer Community to use Google Authentication Provider

12

Demo 2

• Demo Customer Flow - Social sign-on using Google

credentials

• Social sign-on using Google Account for Customer

Community

• Automatic user provisioning and contact creation

• Private AppExchange - setup

13

Identity Reports & Dashboards

14

Topics

Salesforce Identity

• Overview

• Features

• Licenses


• Demo

– Connected Apps


– App Launcher





Q&A

Private App Exchange

16

Private AppExchange empowers organizations with their own trusted corporate app

store. You create a secure, branded location to distribute apps to your employees,

giving them the power to choose the apps that will make them most productive at

work.

Private App Exchange

17

• Private AppExchange itself is an AppExchange App

• Requires Translation Workbench must be enabled with at least one language

Topics

Salesforce Identity

• Overview

• Features

• Licenses


• Demo

– Connected Apps


– App Launcher





Q&A

Identity Connect - Overview

• Identity Connect provides Active Directory integration

• Integration includes syncing Active Directory users with one or more

Salesforce orgs

• Identity Connect acts as the Identity Service Provider (IDP) for Single

Sign On (SSO) Active Directory integration when logging into

Salesforce

• Identity Connect licenses need to be acquired – separate from

Salesforce Identity

• Identity on-premise software needs to be installed and configured

• Supports high availability configurations

• Supports Integrated Windows Authentication

19

Identity Connect - Overview

20

Outline of the Setup Process

2

Outline of the Setup Process

Setting up Identity Connect involves the configuration of multiple systems. The following

flowchart provides a high-level overview of what happens between these systems during the setup

process. Each step is discussed in more detail in the rest of this guide.

Identity Connect – Setup Steps

21

Acquire Identity Connect Licenses

Setup Connected App and My Domain

Download & Install Identity Connect behind

firewall

Configure Identity Connect to Active

Directory Connection

Configure Identity Connect to Salesforce

Connection

Map Users

Setup Sync Schedule

Configure SSO Manually or Automatically

Configure Integrated Windows

Authentication [IWA]

Configure Auditing & Reports

Check It Out Yourself!

• Salesforce Identity Implementation Guide

– http://bit.ly/1jcMjGT

• Salesforce Identity Connect Implementation Guide

– http://bit.ly/1jHFZa0

• More Information on Developerforce.com

– http://bit.ly/1fzDcff

22

http://bit.ly/1jcMjGT

http://bit.ly/1jHFZa0

http://bit.ly/1fzDcff

Salesforce Identity

Complimentary Consultation

Are you using Salesforce Identity with single sign-on

to seamlessly connect your customers, partners and

employees to all of your applications?

Questions?

Please enter your questions through the “Chat” panel

2/25/2014 24

Thank You!

For more information contact:

877-276-2120

[email protected]

www.facebook.com/perficient

www.perficient.com

www.twitter.com/perficient

Technology

Salesforce Identity: Connect and Collaborate Anywhere, Securely with Single Sign-On