Skip to main content

Get to Know Salesforce Identity

Learning Objectives

After completing this module, you’ll be able to:

  • Describe how Salesforce Identity helps administrators.
  • Understand how Salesforce Identity can benefit a business.
  • Distinguish the difference between single sign-on (SSO) and social sign-on.
  • Describe the benefits of My Domain.

What Does Salesforce Identity Do?

Salesforce Identity lets you give the right people the right access to the right resources at the right time. You control who can access your orgs and who can use apps running on the Salesforce Platform, on-premises, in other clouds, and on mobile devices.

You can probably see how controlling access helps you improve your org’s security. But did you know that you can increase security while also making it easier for your users to get to the apps and services they need to do their jobs? Well, you totally can!

When users can sign in once to access all the apps that they need, everyone benefits.

  • Users don’t have to remember lots of usernames and passwords.
  • Admins spend less time dealing with user login woes.
  • Developers build web and mobile applications that work seamlessly with existing business processes.
  • CIOs strengthen security and trust while harnessing their authentication investment.
  • Customers collaborate and get their questions answered without hassle.
  • Partners integrate their solutions with your Salesforce org, making it a big win for everyone.

With Salesforce Identity, you log in once to access many connected apps.

Salesforce and Other Connected Apps

What Does “Identity” Mean Anyway?

In the tech industry, identity is a loaded term and has different meanings depending on the context. But generally, identity has come to mean that identity providers ensure that people are who they say they are.

At Salesforce, we’re talking about digital information about users, like who the user is and what the user can do in a particular context. It can also include attributes about the user, such as first and last names, contact information, maybe even a job title.

What Features Does Salesforce Identity Provide?

Identity management is a huge administrative area, and Salesforce Identity offers features to address many aspects of it. A well-designed Salesforce Identity implementation begins with determining which features are right for your org and prioritizing them. Start out by introducing one or two features. Then add more features over time.

Check out this list of the main features of Salesforce Identity. Then scroll down to learn about each one in more detail.

  • Single sign-on
  • Connected apps
  • Social sign-on
  • Multi-factor authentication
  • My Domain
  • Centralized user account management
  • User provisioning
  • App Launcher

Single Sign-On

Single sign-on (SSO) lets users access all authorized resources without logging in separately to each one—and without having to create (and remember) different user credentials for each app.

You can connect your users to several accounts and applications running in other Salesforce orgs and even in other clouds. For example, a call center rep with Salesforce Identity can click a link and be logged in immediately to other apps like Google Apps, Microsoft Office 365, or Box, if you’ve configured the apps for SSO.

Connected Apps

And what are those “authorized resources” that your signed-on users have access to? You got it: They’re connected apps. Connected apps bring Salesforce orgs, third-party apps, and services together. If a connected app is created without implementing SSO, it acts like a bookmark. Users can get to the app from the App Launcher or dropdown app menu, but they sometimes have to sign in again to use it.

So to get the most out of connected apps, configure them for SSO. With SSO, admins can set security policies and have explicit control over who uses which apps. You can also use connected apps to manage authentication and policies for mobile applications.

Social Sign-On

Social sign-on sounds a lot like single sign-on, doesn’t it? It’s easy to confuse the two, not only because the terms are similar, but also because both features make users’ lives easier.

With social sign-on, users log in to a Salesforce org with their username and password from an external authentication provider, like Facebook, X, LinkedIn, or Google. You can set up any of these providers with a few clicks. With a little bit of work, you can set up other providers, like PayPal and Amazon.

Social sign-on is especially useful when you want customers to be able to log in to an Experience Cloud site without having to create (and remember) a new username and password. Customers can log in to an Experience Cloud site using their Facebook or LinkedIn account.

Social sign-on login page

Multi-Factor Authentication

Sound like a mathematical equation? Nope. It’s not. Multi-factor authentication (MFA) is a Salesforce Identity feature that is required for all users who log in directly to Salesforce. To help users satisfy this requirement, MFA is a default part of the login process for production orgs. With MFA, your org login process is, you got it, multiple times more secure.

Note

MFA is contractually required for all users who log in to the Salesforce UI. For more information about the MFA requirement, see the Salesforce Multi-Factor Authentication FAQ.

Until now, we’ve been talking about features that make it easier for your users to access the orgs and apps they need to do their jobs. MFA adds a few extra seconds to the login process, but this little bit of extra time is well worth the enhanced security for your users' accounts.

Users have to provide two or more pieces of evidence—or factors—when they log in. One factor is the user’s username and password combination. The requirement for additional factors is satisfied through the use of a verification method that the user has in their possession, such as an authenticator app or a USB security key. With the Salesforce Authenticator app, the second factor can be a response to a push notification on the user’s mobile device.

Multi-factor authentication helps ensure that even if an attacker acquires a user’s password, the attacker can’t log in and do harm.

You learn how users register verification methods for MFA in a later module. It’s simple, we promise.

Salesforce Authenticator

My Domain

Would you like the URL to your Salesforce org to be something that makes sense to your users? Well, you can make that happen. With the My Domain Identity feature, you can customize your Salesforce URL to include your company or brand name. For example, if you work for Jedeye Technologies, you can include the name in your Salesforce login URL: https://jedeye-tech.my.salesforce.com.

Notice that the URL ends in salesforce.com. With My Domain, you’re actually creating a subdomain within the Salesforce domain, salesforce.com.

Let's take a look at My Domain in action. In this Trailhead playground, you can see that the org's My Domain name, creative-moose-o5xbqb-dev-ed, is a subdomain of the Salesforce lightning.force.com domain. 

My Domain name highlighted in a Trailhead Playground URL

With the My Domain feature, you can customize your login page to reflect your company’s design scheme and messaging—your brand.

Having a My Domain isn’t just about convenience and branding your org’s login experience. It's about having more control over your login process and simplifying authentication. In fact, Salesforce requires you to have a My Domain in place to:

  • Work in multiple Salesforce orgs in the same browser
  • Set up single sign-on (SSO) with external identity vendors
  • Set up authentication providers, such as Google and Facebook, so that your users can log in to your Salesforce org with their social account credentials

Because having a My Domain is so important, all orgs get one by default. For production orgs, if a My Domain wasn't specified during org creation, your default My Domain is based on your internal Salesforce org ID. If you don't like your org's My Domain name, you can change it. Head over to My Domain in Salesforce Help for the details.

You learn how to customize your login process with My Domain in the User Authentication module.

Centralized User Account Management

Centralized user account management means that admins can manage all their user account tasks in one place. Administrators can easily grant users access to other apps and revoke or freeze access when they have to.

Admins can apply login policy and explicit security controls. For example, they can set a policy that prevents login attempts by anyone who doesn’t know your domain name.

Centralized user account management is good for users, too. They don’t have to remember so many usernames and passwords. No more sticky notes dangling from monitors. In short, centralized management provides greater control over security, helps reduce access-related risk, and makes life easier for end users.

User Provisioning for Connected Apps

Want to create, manage, and secure user accounts across all your orgs and connected apps? That’s what Salesforce Identity user provisioning does for you. You can manage user information quickly, cheaply, reliably, and securely across multiple systems and connected applications.

Many people with Salesforce accounts also have accounts in other clouds, such as Google Apps, Office365, Concur, or Box. Salesforce user provisioning provides a single location where admins can create, update, delete, and manage those user accounts.

App Launcher

The App Launcher is part of Salesforce Identity and it plays a prominent role in Lightning Experience. The App Launcher presents tiles for all the standard apps, custom apps, and connected apps in your Salesforce org. Your users can go to one location in Salesforce to access all apps—without having to log in again. You choose which third-party and other connected apps to add the App Launcher. And you control which apps are available to which users.

Here’s the App Launcher: So clickable, and so convenient.

App Launcher

In Lightning Experience, users can access the App Launcher on the left side of the navigation bar.

App Launcher in Header

In Salesforce Classic, users can access the App Launcher from the dropdown app menu.

Classic App Launcher

A Fully Integrated Solution

Let’s look at Salesforce Identity features again and see how they fit together.

Remember that diagram of a Salesforce org at the beginning of this unit? Let’s take another look at it. But this time, we’ll add a few more details. This diagram shows where all your identity information is stored in the “back office” of your Salesforce org. With a centralized identity management system, you go to one place to configure identities. Note that Directory Integration on the left side of the diagram represents a third-party technology.

Salesforce Identity features diagram

Users can go from their desktop to mobile with the same login credentials. Their identity is safely shared across many places. Admins can keep user information secure, up to date, and in one place. You can see how powerful Salesforce Identity is when several features are combined.

How to Enable Salesforce Identity for Your Org

In the next unit, we look at who your users are. Knowing which groups of users you’re serving helps you plan your Salesforce Identity implementation. In later modules, we dive into Identity features in detail.

So are you ready to turn on Salesforce Identity in your org? Good news, you already have licenses. Salesforce Identity is included in standard user licenses. Salesforce also offers special Identity Only licenses for users who want features like SSO but don’t need other parts of Salesforce, like Sales Cloud or Service Cloud.

Resources

Share your Trailhead feedback over on Salesforce Help.

We'd love to hear about your experience with Trailhead - you can now access the new feedback form anytime from the Salesforce Help site.

Learn More Continue to Share Feedback