Skip to main content
Build the future with Agentforce at TDX in San Francisco or on Salesforce+ on March 5–6. Register now.

Understand the Headless Approach to Identity

Learning Objectives

After completing this unit, you’ll be able to:

  • Describe the differences between traditional and headless identity.
  • Explain the relationship between headless identity and Experience Cloud.
  • Describe the benefits of a headless identity implementation.

Step into the World of Headless Identity

Let’s set the scene: You work at Northern Trail Outfitters (NTO), a retail company that sells outdoor and recreational gear and apparel. As the technical owner of NTO’s ecommerce website, part of your job is managing identity for NTO’s customers. You and your team of developers manage digital information about customers, defining who they are, what they can do, and what data they can access.

Work has been extra busy lately and NTO has grown a lot in the past year. NTO’s expanding customer base means more employees and departments. With this growth, NTO found it challenging to work within data silos and connect data to customers. So that NTO’s employees better understand customers and provide excellent experiences, the company has decided to replatform its whole business on top of Salesforce. With Salesforce, NTO can create a more unified view of customers and deliver coherent, customized experiences.

You look forward to the improvements Salesforce will bring to NTO’s customers. But the migration comes with its own challenges. In your time as a technical owner, you’ve worked with developers to build an ecommerce app that also serves as NTO’s website. Of course, the app is fully customized for NTO’s complex digital marketing strategy.

However, the app isn’t hosted on Salesforce—it’s hosted on Heroku. Your developers built it from the ground up using ReactJS and NodeJS. Now that NTO is replatforming to Salesforce, you have a few big questions. How do you bring the power of Salesforce to your full-featured, off-platform app? How can you provide identity services to your app? How can you minimize the amount of time your developers spend onboarding onto a new platform?

You consider a standard, redirect-based OAuth identity solution, but quickly realize that it’s not a great fit. While this solution can provide identity services to your app, the redirect experience isn’t the best for your users. Plus, this solution requires your developers to get proficient with Experience Cloud, which requires more onboarding.

Enter headless identity. With headless identity, you can embed identity features and extend Salesforce APIs and data into any app built on any platform. Bring Salesforce data—including identity data—into your off-platform app, instead of the other way around. With full control over the user experiences in your app, stay aligned with NTO’s digital branding and keep stakeholders happy. And you can do this all while keeping your developers in their native stack, so that they don’t have to become experts in all things Salesforce.

By all metrics, headless identity is a solution worth investigating. You start learning about it right away. The first thing you want to figure out—why on earth is it called “headless identity”?

To understand what headless identity is, let’s start with what it’s not.

Traditional or “Headful” Identity

Think of an identity implementation as having two big components.

  • A front end where information is presented to users. The front end is the head, the face of the implementation that end users see and interact with.
  • A back end where information is stored and processed. The back end is the body, the core of the implementation that handles heavy-duty tasks.

In a more traditional identity implementation—a headful system—the front-end head and back-end body run on the same platform and are tightly linked together. For example, in a headful Salesforce Customer Identity implementation, both the head and the body run on Salesforce. On the front end, a Salesforce Experience Cloud site hosts identity experiences like login and registration. On the back end, Salesforce powers these identity processes.

Headless Identity

Now that you know a headful identity implementation means that both the front end and back end are hosted on the same platform and tightly coupled, it follows that for headless identity, the head and body run on different platforms.

In a headless identity implementation, the head can run on any platform, but the body is all Salesforce. Salesforce handles the heavy lifting of identity and access management. You can use Salesforce for more than just identity, too—you have access to the power of Salesforce as a customer data platform, a system for managing outreach and promotions, and more.

So in a headless identity implementation, the front end and back end are separate—got it. But they still need to communicate. To enable communication, Salesforce exposes Headless Identity APIs and makes them usable from any type of front end. How are these APIs exposed? That’s where Experience Cloud comes in.

Headless Identity and Experience Cloud

Experience Cloud is the Salesforce Platform for interacting with external users like your customers or partners. On top of exposing a web platform, it also exposes APIs and data to external users. Traditionally, Experience Cloud exposes this information through an Experience Cloud site, like a service portal or business-to-business (B2B) commerce storefront. External users interact with the Experience Cloud site instead of logging in to a Salesforce org, which is more suited to internal users, or employees.

But creating a customer-facing site isn’t the only way to use Experience Cloud. You can also use it to expose data for off-platform apps that integrate via APIs. With this usage, external users don’t interact with the Experience Cloud site. It’s possible to build an Experience Cloud–powered application that has no user interface. 

In a headless identity implementation, Experience Cloud exposes both Headless Identity APIs, which you use to build your identity processes, and REST APIs, which you use to access protected Salesforce data. It also stores customer accounts and contacts and allows you to manage customer access.

Because Headless Identity APIs are exposed through Experience Cloud, you must set up an Experience Cloud site for all headless identity implementations. The setup for a headless identity implementation is more lightweight than building out a full Experience Cloud site, so it’s not necessary for developers to be Experience Cloud experts.

Why Use Headless Identity?

The more you read about headless identity, you see that it’s the perfect fit for NTO. To clearly articulate its power to stakeholders, you put together a list of the benefits.

  • Full control over the user experience (UX). Since you host your app on any platform, you control the full identity UX and deliver pixel-perfect experiences while still relying on Salesforce for authentication. From branding to flow, you drive the look, behavior, and performance of every experience in your app. It’s a dream come true for digital marketing.
  • Developer productivity. Keep your developers in the stacks they know. It takes time to onboard onto a new development stack. With headless identity, developers skip onboarding to deliver top-tier experiences faster.
  • Embed anywhere. Make use of your existing apps. Embed identity into any app, any way you want. Headless identity gives you a path forward for apps that can’t integrate with headful, redirect-based identity.

Now that you and your stakeholders understand what headless identity is and when to use it, let’s talk about what you can do with it.

Resources

在 Salesforce 帮助中分享 Trailhead 反馈

我们很想听听您使用 Trailhead 的经验——您现在可以随时从 Salesforce 帮助网站访问新的反馈表单。

了解更多 继续分享反馈