Salesforce and Force.com applications share the same identity management infrastructure. This allows a user logged into Salesforce to access other applications deployed on Force.com platform without entering credentials again (aka Single sign-on). This works very well except it doesn’t solve the following 3 problems
- How can I ensure that authentication into Salesforce for my users is secure using techniques such as 2-factor authentication? And, for any way they access Salesforce – through web browser, mobile app, or Outlook add-in.
- How can I ensure that my users leverage the credentials from Enterprise user stores such as Active Directory instead of creating another set of credentials in Salesforce?
- How can I ensure that my users get Single sign-on (SSO) experience not just between Salesforce and Force.com applications, but also when they access other SaaS applications outside the Force.com platform?
Intel Expressway Cloud Access 360 provides a solution addressing all the above problems (and more). It bundles 3-in-1 solution providing Federated SSO, 2-factor strong authentication, and user account provisioning linking Enterprise credentials to Salesforce/Force.com.
- Federated SSO is provided into Salesforce and Force.com implementing the Security Assertion Markup Language (SAML) standard that Salesforce supports
- 2-factor strong authentication is implemented before the user is federated into Salesforce/Force.com using One Time Password (OTP) delivered as soft tokens over mobile devices such as iOS (iPhone, iPad), Android, Blackberry, and Windows devices.
- User provisioning and de-provisioning is implemented using REST APIs exposed by Salesforce