Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

Salesforce apex hours :- azure active directory seamless single sign-on with salesforce updated(1)

Download as PPTX, PDF
A
Amit Chaudhary

Agenda:- 1) Single Sign On ---->Delegated Authentication ---->Federated Authentication(SAML) 2) Identity Provider(IP) 3) Service Provider(SP)

1 of 9
Farmington Hills Salesforce Developer User Group Apex Hours Azure Active Directory Seamless Single Sign-On with Salesforce #SalesforceApexHours #FarmingtonHillsSFDCDug Speaker Date Venue/Link Amit Singh, Amit Chaudhary Saturday, SEPT 08, 2018 10:00 AM EST ( 7:30 PM IST ) https://zoom.us/j/659759919
Who am I ? Amit Chaudhary (Salesforce MVP) • Active on Salesforce Developer Community • Blogging at http://amitsalesforce.blogspot.in/ • Co-Organizer of – FarmingtonHillsSFDCDug • Follow us @Amit_SFDC or @ApexHours #SalesforceApexHours #FarmingtonHillsSFDCDug
Our Speaker Amit Singh (Lightning Champion) • Active on Salesforce Success Community • Blogging @http://sfdcpanther.com • YouTuber @SFDCPanther • Lightning Champion • Group Leader Faridabad, IN Administrators Group • Follow us @cloudyamit OR @sfdc_panther #SalesforceApexHours #FarmingtonHillsSFDCDug
▶ Single Sign On ▶ Delegated Authentication ▶ Federated Authentication(SAML) ▶ Identity Provider(IP) ▶ Service Provider(SP) AGENDA #SalesforceApexHours #FarmingtonHillsSFDCDug
#FarmingtonHillsSFDCdug #SalesforceApexHours ▶ A Free Salesforce developer Org OR any Salesforce Sandbox Org ▶ My Domain Enabled (Optional) ▶ A Free Microsoft Azure Account(Trail/Subscribed) PREQUISITE
#FarmingtonHillsSFDCdug #SalesforceApexHours ▶ Sign-up for free Salesforce Developer ORG (If not) ▶ https://developer.salesforce.com/signup ▶ Sign-up for Microsoft Azure Account ▶ Required a Microsoft Outlook Account ▶ https://azure.microsoft.com/en-gb/free/ IMPORTANT LINKS
#FarmingtonHillsSFDCdug #SalesforceApexHours IDP INIATED FLOW 2 – User Click on the link for which org user want to access 1 – User login into Identity Provider with the credentials 3 – SAML Assertion is sent to salesforce server with Federation ID or Username OR custom attribute. IDP IDP INITIATED FLOW
#FarmingtonHillsSFDCdug #SalesforceApexHours 1 2 3 4 5 User enters the Custom Domain URL. Salesforce forward the SAML request to IDP. User enters the credentials which are validate by IDP. SAML assertion is returned with Federation ID OR Salesforce Username OR Custom Attribute. SP INITIATED FLOW
#FarmingtonHillsSFDCdug #SalesforceApexHours ▶ User experience: - The most apparent benefit is that users can move between services securely and uninterrupted without specifying their credentials each time. ▶ Security: - The users credentials are provided directly to the central SSO server, not the actual service that the user is trying to access, and therefore the credentials cannot be cached by the service. ▶ Resource Saving: - IT administrators can save their time and resources by utilizing the central web access management service Application. ADVANTAGE

More Related Content

Salesforce apex hours :- azure active directory seamless single sign-on with salesforce updated(1)

  • 1. Farmington Hills Salesforce Developer User Group Apex Hours Azure Active Directory Seamless Single Sign-On with Salesforce #SalesforceApexHours #FarmingtonHillsSFDCDug Speaker Date Venue/Link Amit Singh, Amit Chaudhary Saturday, SEPT 08, 2018 10:00 AM EST ( 7:30 PM IST ) https://zoom.us/j/659759919
  • 2. Who am I ? Amit Chaudhary (Salesforce MVP) • Active on Salesforce Developer Community • Blogging at http://amitsalesforce.blogspot.in/ • Co-Organizer of – FarmingtonHillsSFDCDug • Follow us @Amit_SFDC or @ApexHours #SalesforceApexHours #FarmingtonHillsSFDCDug
  • 3. Our Speaker Amit Singh (Lightning Champion) • Active on Salesforce Success Community • Blogging @http://sfdcpanther.com • YouTuber @SFDCPanther • Lightning Champion • Group Leader Faridabad, IN Administrators Group • Follow us @cloudyamit OR @sfdc_panther #SalesforceApexHours #FarmingtonHillsSFDCDug
  • 4. ▶ Single Sign On ▶ Delegated Authentication ▶ Federated Authentication(SAML) ▶ Identity Provider(IP) ▶ Service Provider(SP) AGENDA #SalesforceApexHours #FarmingtonHillsSFDCDug
  • 5. #FarmingtonHillsSFDCdug #SalesforceApexHours ▶ A Free Salesforce developer Org OR any Salesforce Sandbox Org ▶ My Domain Enabled (Optional) ▶ A Free Microsoft Azure Account(Trail/Subscribed) PREQUISITE
  • 6. #FarmingtonHillsSFDCdug #SalesforceApexHours ▶ Sign-up for free Salesforce Developer ORG (If not) ▶ https://developer.salesforce.com/signup ▶ Sign-up for Microsoft Azure Account ▶ Required a Microsoft Outlook Account ▶ https://azure.microsoft.com/en-gb/free/ IMPORTANT LINKS
  • 7. #FarmingtonHillsSFDCdug #SalesforceApexHours IDP INIATED FLOW 2 – User Click on the link for which org user want to access 1 – User login into Identity Provider with the credentials 3 – SAML Assertion is sent to salesforce server with Federation ID or Username OR custom attribute. IDP IDP INITIATED FLOW
  • 8. #FarmingtonHillsSFDCdug #SalesforceApexHours 1 2 3 4 5 User enters the Custom Domain URL. Salesforce forward the SAML request to IDP. User enters the credentials which are validate by IDP. SAML assertion is returned with Federation ID OR Salesforce Username OR Custom Attribute. SP INITIATED FLOW
  • 9. #FarmingtonHillsSFDCdug #SalesforceApexHours ▶ User experience: - The most apparent benefit is that users can move between services securely and uninterrupted without specifying their credentials each time. ▶ Security: - The users credentials are provided directly to the central SSO server, not the actual service that the user is trying to access, and therefore the credentials cannot be cached by the service. ▶ Resource Saving: - IT administrators can save their time and resources by utilizing the central web access management service Application. ADVANTAGE

Editor's Notes

  1. Delegated Authentication Use delegated authentication if you have mobile users in your organization, or if you want to enable single-sign on for partner portals or Customer Portals. You must request that this feature be enabled by salesforce.com. This recipe explains delegated authentication in more detail. Federated Authentication using SAML Federated authentication uses SAML, an industry standard for secure integrations. Investing in SAML with Salesforce.com can be leveraged with other products or services. If you use SAML, you don't have to expose an internal server to the Internet: the secure integration is done using the browser. In addition, Salesforce.com never handles any passwords used by your organization. For more information, see “Configuring SAML Settings for Single Sign-On” in the Salesforce.com online help.
  2. Delegated Authentication Use delegated authentication if you have mobile users in your organization, or if you want to enable single-sign on for partner portals or Customer Portals. You must request that this feature be enabled by salesforce.com. Federated Authentication using SAML Federated authentication uses SAML, an industry standard for secure integrations. Investing in SAML with Salesforce.com can be leveraged with other products or services. If you use SAML, you don't have to expose an internal server to the Internet: the secure integration is done using the browser. In addition, Salesforce.com never handles any passwords used by your organization. Difference Delegated authentication has a few drawbacks with respect to federated authentication. 1, delegated authentication is inherently **less secure than federated authentication**. Even if encrypted, delegated authentication still sends the username and password (possibly even your network password) over the internet to Force.com. Some companies have policies that preclude a third party for handling their network passwords. 2, delegated authentication **requires much more work for the company implementing it**. The Web services endpoint configured for the org must be developed, hosted, exposed on the Internet, and integrated with the company's identity store.