- Describe how Salesforce Identity helps administrators.
- Understand how Salesforce Identity can benefit a business.
- Distinguish the difference between single sign-on (SSO) and social sign-on.
- Describe the benefits of My Domain.
You can probably see how controlling access helps you improve your org’s security. But did you know that you can increase security while also making it easier for your users to get to the apps and services they need to do their jobs? Well, you totally can!
When users can sign in once to access all the apps that they need, everyone benefits.
- Users don’t have to remember lots of usernames and passwords.
- Admins spend less time dealing with user login woes.
- Developers build web and mobile applications that work seamlessly with existing business processes.
- CIOs strengthen security and trust while harnessing their authentication investment.
- Customers collaborate and get their questions answered without hassle.
- Partners integrate their solutions with your Salesforce org, making it a big win for everyone.
With Salesforce Identity, you log in once to access many connected apps.
At Salesforce, we’re talking about digital information about users, like who the user is and what the user can do in a particular context. It can also include attributes about the user, such as first and last names, contact information, maybe even a job title.
Check out this list of the main features of Salesforce Identity. Then scroll down to learn about each one in more detail.
- Single sign-on
- Connected apps
- Social sign-on
- Two-factor authentication
- My Domain
- Centralized user account management
- User provisioning
- Identity Connect
- App Launcher
Single sign-on (SSO) lets users access all authorized resources without logging in separately to each one—and without having to create (and remember) different user credentials for each app.
You can connect your users to several accounts and applications running in other Salesforce orgs and even in other clouds. For example, a call center rep with Salesforce Identity can click a link and be logged in immediately to other apps, like Google Apps, Microsoft Office 365, or Box.
And what are those “authorized resources” that your signed-on users have access to? You got it: They’re connected apps. Connected apps bring Salesforce orgs, third-party apps, and services together. If a connected app is created without implementing SSO, it acts like a bookmark. Users can get to the app from the App Launcher or dropdown app menu, but they sometimes have to sign in again to use it.
So to get the most out of connected apps, configure them for SSO. With SSO, admins can set security policies and have explicit control over who uses which apps. You can also use connected apps to manage authentication and policies for mobile applications.
Sound like a mathematical equation? Nope. It’s not. Two-factor authentication (2FA) is just a Salesforce Identity feature that we highly recommend that you implement. By configuring a couple of settings, you can make your org login process, you got it, twice as secure.
Until now, we’ve been talking about features that make it easier for your users to access the orgs and apps they need to do their jobs. Initially, two-factor authentication makes access a little more difficult, but this simple yet powerful tool strengthens user account security.
When you enable two-factor authentication, users have to provide a second “factor,” or proof of identity, in addition to their username and password. The second factor can be a verification code that the user gets from a mobile authenticator app like Salesforce Authenticator. Or users can have a code sent to them by text message or email.
With the newest version of the Salesforce Authenticator app, the second factor can be a response to a push notification on the user’s mobile device.
Two-factor authentication helps ensure that even if an attacker acquires a user’s password, the attacker can’t log in and do harm. So while you’re expanding your authentication options with other Salesforce Identity features, be sure to secure individual access to your org with two-factor authentication.
You learn how to set up two-factor authentication in a later module. It’s simple, we promise.
Would you like the URL to your Salesforce org to be something that makes sense to your users? Well, you can make that happen. With the My Domain Identity feature, you can customize your Salesforce URL to include your company or brand name. For example, if you work for Jedeye Technologies, you can include the name in your Salesforce login URL:
Notice that the URL still ends in salesforce.com. With My Domain, you’re actually creating a subdomain within the Salesforce domain. You learn how to set up a My Domain subdomain in a later module.
If you’ve created a My Domain subdomain, you can change your login page to reflect your company’s design scheme and messaging—your brand.
You can also let users choose how they want to log in. For example, let your users who are already logged in to one Salesforce org log in to your My Domain subdomain with the same username and password. Or, if a customer is coming from a social media site, like Facebook or LinkedIn, you can allow the customer to log in to your Salesforce community with a Google, LinkedIn, or other social media account.
Centralized User Account Management
Centralized user account management means that admins can manage all their user account tasks in one place. Administrators can easily grant users access to other apps and revoke or freeze access when they have to.
Admins can apply login policy and explicit security controls. For example, they can set a policy that prevents login attempts by anyone who doesn’t know your domain name.
Centralized user account management is good for users, too. They don’t have to remember so many usernames and passwords. No more sticky notes dangling from monitors. In short, centralized management provides greater control over security, helps reduce access-related risk, and makes life easier for end users.
User Provisioning for Connected Apps
Want to create, manage, and secure user accounts across all your orgs and connected apps? That’s what Salesforce Identity user provisioning does for you. You can manage user information quickly, cheaply, reliably, and securely across multiple systems and connected applications.
Many people with Salesforce accounts also have accounts in other clouds, such as Google Apps, Office365, Concur, or Box. Salesforce user provisioning provides a single location where admins can create, update, delete, and manage those user accounts.
Salesforce Identity Connect synchronizes users and their attributes from Active Directory (AD) to Salesforce. When a user is created in AD, that same user account can also be created automatically in Salesforce. When a user is deleted from AD, the user account in Salesforce is deactivated at the same time.
With Identity Connect, you can let users sign in to Salesforce using their AD username and password. In some circumstances, you can configure Identity Connect to automatically sign users in to Salesforce. Yup—users can click a bookmark or link to Salesforce and they’re authenticated and taken to Salesforce without even seeing a login page. Users love this!
A future module helps you decide whether Identity Connect is right for you.
The App Launcher is part of Salesforce Identity and it plays a prominent role in Lightning Experience. The App Launcher presents tiles for all the standard apps, custom apps, and connected apps in your Salesforce org. Your users can go to one location in Salesforce to access all apps—without having to log in again. You choose which third-party and other connected apps to add the App Launcher. And you control which apps are available to which users.
Here’s the App Launcher: So clickable, and so convenient.
In Lightning Experience, users can access the App Launcher on the left side of the navigation bar.
In Salesforce Classic, users can access the App Launcher from the dropdown app menu.
Remember that diagram of a Salesforce org at the beginning of this unit? Let’s take another look at it. But this time, we’ll add a few more details. This diagram shows where all your identity information is stored in the “back office” of your Salesforce org. With a centralized identity management system, you go to one place to configure identities.
Users can go from their desktop to mobile with the same login credentials. Their identity is safely shared across many places. Admins can keep user information secure, up to date, and in one place. You can see how powerful Salesforce Identity is when several features are combined.
So are you ready to turn on Salesforce Identity in your org? Good news, you already have licenses! Salesforce Identity is included in standard user licenses. Salesforce also offers special Identity Only licenses for users who want features like SSO but don’t need other parts of Salesforce, like Sales Cloud or Service Cloud.
As you explore Salesforce Identity through Trailhead, you can try out features in your Trailhead Playground. You have enough licenses to test out the Identity features covered in this trail.