March 6, 2017
Salesforce primarily has two types of Security Features
- System Level Security – Before Login
- Application Level Security – After Login
1. System Level Security
a. Authentication (Single Sign-On : Federated Authentication):
- SAML – Standard for Federated Single Signon
- Security Assertion Markup Language
- Identity Store is the Master of “User Identity” : Example : LDAP (Lightweight Directory Access Protocal)
- Identity Provider (IDP) is the Identity Assertion Provider
- Service Provider (SP) is the provider of Enterprise Service
- Identity Provider – AXIOM
- Service Provider – Salesforce
b. Authorization
- An open Protocol to authorize secure API access for desktop/mobile client application.
- OAuth client makes an Authorization Request
- The Authorization server authenticates the user
- The user authorizes the application
- The application is issued an OAuth token
c. Social Signon
- SSO & OAuth based API access from public Source . Ex: Facebook, Twitter
- Automatically create & update user and contacts.
- Single Signon makes it easy and keeps them coming back.
When to Use What?
- Just the Basics – Username/Password
- Single signon for the web application with commercial Support – SAML
- Building an API client or mobile application.