Get to Know Salesforce Identity
- Describe how Salesforce Identity helps administrators.
- Understand how Salesforce Identity can benefit a business.
- Distinguish the difference between single sign-on (SSO) and social sign-on.
- Describe the benefits of My Domain.
What Does Salesforce Identity Do?
Salesforce Identity lets you give the right people the right access to the right resources at the right time. You control who can access your orgs and who can use apps running on the Salesforce Platform, on-premises, in other clouds, and on mobile devices.
You can probably see how controlling access helps you improve your org’s security. But did you know that you can increase security while also making it easier for your users to get to the apps and services they need to do their jobs? Well, you totally can!
When users can sign in once to access all the apps that they need, everyone benefits.
- Users don’t have to remember lots of usernames and passwords.
- Admins spend less time dealing with user login woes.
- Developers build web and mobile applications that work seamlessly with existing business processes.
- CIOs strengthen security and trust while harnessing their authentication investment.
- Customers collaborate and get their questions answered without hassle.
- Partners integrate their solutions with your Salesforce org, making it a big win for everyone.
With Salesforce Identity, you log in once to access many connected apps.
What Does “Identity” Mean Anyway?
In the tech industry, identity is a loaded term and has different meanings depending on the context. But generally, identity has come to mean that identity providers ensure that people are who they say they are.
At Salesforce, we’re talking about digital information about users, like who the user is and what the user can do in a particular context. It can also include attributes about the user, such as first and last names, contact information, maybe even a job title.
What Features Does Salesforce Identity Provide?
Identity management is a huge administrative area, and Salesforce Identity offers features to address many aspects of it. A well-designed Salesforce Identity implementation begins with determining which features are right for your org and prioritizing them. Start out by introducing one or two features. Then add more features over time.
Check out this list of the main features of Salesforce Identity. Then scroll down to learn about each one in more detail.
- Single sign-on
- Connected apps
- Social sign-on
- Multi-factor authentication
- My Domain
- Centralized user account management
- User provisioning
- App Launcher
Single sign-on (SSO) lets users access all authorized resources without logging in separately to each one—and without having to create (and remember) different user credentials for each app.
You can connect your users to several accounts and applications running in other Salesforce orgs and even in other clouds. For example, a call center rep with Salesforce Identity can click a link and be logged in immediately to other apps like Google Apps, Microsoft Office 365, or Box, if you’ve configured the apps for SSO.
And what are those “authorized resources” that your signed-on users have access to? You got it: They’re connected apps. Connected apps bring Salesforce orgs, third-party apps, and services together. If a connected app is created without implementing SSO, it acts like a bookmark. Users can get to the app from the App Launcher or dropdown app menu, but they sometimes have to sign in again to use it.
So to get the most out of connected apps, configure them for SSO. With SSO, admins can set security policies and have explicit control over who uses which apps. You can also use connected apps to manage authentication and policies for mobile applications.
Sound like a mathematical equation? Nope. It’s not. Multi-factor authentication (MFA) is a Salesforce Identity feature that is required for all users who log in directly to Salesforce. By configuring a couple of settings, you can make your org login process, you got it, multiple times more secure.
Until now, we’ve been talking about features that make it easier for your users to access the orgs and apps they need to do their jobs. MFA adds a few extra seconds to the login process, but this little bit of extra time is well worth the enhanced security for your users' accounts.
When you enable multi-factor authentication, users have to provide two or more pieces of evidence—or factors—when they log in. One factor is the user’s username and password combination. The requirement for additional factors is satisfied through the use of a verification method that the user has in their possession, such as an authenticator app or a USB security key.
With the newest version of the Salesforce Authenticator app, the second factor can be a response to a push notification on the user’s mobile device.
Multi-factor authentication helps ensure that even if an attacker acquires a user’s password, the attacker can’t log in and do harm. So while you’re expanding your authentication options with other Salesforce Identity features, be sure to secure individual access to your org with multi-factor authentication.
You learn how to set up multi-factor authentication in a later module. It’s simple, we promise.
Would you like the URL to your Salesforce org to be something that makes sense to your users? Well, you can make that happen. With the My Domain Identity feature, you can customize your Salesforce URL to include your company or brand name. For example, if you work for Jedeye Technologies, you can include the name in your Salesforce login URL: https://jedeye-tech.my.salesforce.com.
Notice that the URL ends in salesforce.com. With My Domain, you’re actually creating a subdomain within the Salesforce domain, salesforce.com.
Let's take a look at My Domain in action. In this Trailhead playground, you can see that the org's My Domain name, creative-moose-o5xbqb-dev-ed, is a subdomain of the Salesforce lightning.force.com domain.
With the My Domain feature, you can customize your login page to reflect your company’s design scheme and messaging—your brand.
- Work in multiple Salesforce orgs in the same browser
- Set up single sign-on (SSO) with external identity vendors
- Set up authentication providers, such as Google and Facebook, so that your users can log in to your Salesforce org with their social account credentials
Because having a My Domain is so important, all orgs get one by default. For production orgs, if a My Domain wasn't specified during org creation, your default My Domain is based on your internal Salesforce org ID. If you don't like your org's My Domain name, you can change it. Head over to My Domain in Salesforce Help for the details.
You learn how to customize your login process with My Domain in the User Authentication module.
Centralized User Account Management
Centralized user account management means that admins can manage all their user account tasks in one place. Administrators can easily grant users access to other apps and revoke or freeze access when they have to.
Admins can apply login policy and explicit security controls. For example, they can set a policy that prevents login attempts by anyone who doesn’t know your domain name.
Centralized user account management is good for users, too. They don’t have to remember so many usernames and passwords. No more sticky notes dangling from monitors. In short, centralized management provides greater control over security, helps reduce access-related risk, and makes life easier for end users.
User Provisioning for Connected Apps
Want to create, manage, and secure user accounts across all your orgs and connected apps? That’s what Salesforce Identity user provisioning does for you. You can manage user information quickly, cheaply, reliably, and securely across multiple systems and connected applications.
Many people with Salesforce accounts also have accounts in other clouds, such as Google Apps, Office365, Concur, or Box. Salesforce user provisioning provides a single location where admins can create, update, delete, and manage those user accounts.
The App Launcher is part of Salesforce Identity and it plays a prominent role in Lightning Experience. The App Launcher presents tiles for all the standard apps, custom apps, and connected apps in your Salesforce org. Your users can go to one location in Salesforce to access all apps—without having to log in again. You choose which third-party and other connected apps to add the App Launcher. And you control which apps are available to which users.
Here’s the App Launcher: So clickable, and so convenient.
In Lightning Experience, users can access the App Launcher on the left side of the navigation bar.
In Salesforce Classic, users can access the App Launcher from the dropdown app menu.
A Fully Integrated Solution
Let’s look at Salesforce Identity features again and see how they fit together.
Remember that diagram of a Salesforce org at the beginning of this unit? Let’s take another look at it. But this time, we’ll add a few more details. This diagram shows where all your identity information is stored in the “back office” of your Salesforce org. With a centralized identity management system, you go to one place to configure identities. Note that Directory Integration on the left side of the diagram represents a third-party technology.
Users can go from their desktop to mobile with the same login credentials. Their identity is safely shared across many places. Admins can keep user information secure, up to date, and in one place. You can see how powerful Salesforce Identity is when several features are combined.
How to Enable Salesforce Identity for Your Org
In the next unit, we look at who your users are. Knowing which groups of users you’re serving helps you plan your Salesforce Identity implementation. In later modules, we dive into Identity features in detail.
So are you ready to turn on Salesforce Identity in your org? Good news, you already have licenses. Salesforce Identity is included in standard user licenses. Salesforce also offers special Identity Only licenses for users who want features like SSO but don’t need other parts of Salesforce, like Sales Cloud or Service Cloud.