Salesforce Identity connects one Salesforce user with other Salesforce organizations or third party applications. Using Salesforce Identity, it is possible to single sign-on (SSO) for employees to sign in to multiple applications. By implementing SI user can login to Salesforce and can jump in to their different applications without wasting time to sign in each. Also the organization can enhance the security of their data by creating its own domain name. Instead of the Salesforce login page it is possible to customize the login page of the organization.
My domain; Customize the login page
Unless login from the sales force login page (www.salesforce.com), users can login to the Salesforce application from customized login page using customized URL. Implementing own URL can done using the following steps:
From Domain management we can also edit the login page UI. User can upload organization logo that to be appear on the login page instead of the Salesforce logo. The back ground color can change from blue to any other color.
The App Launcher presents users already logined in Salesforce with logos that link to all of the Apps from a unified user interface. An approximate Launcher Tab look likes below
To see the App Launcher, users need to have “Use Identity Features” should enabled, and the App Launcher set to Visible. The apps shown in a user’s App Launcher Enable the App Launcher with a permission set are authorized based on profiles or permission sets. Users see only the apps they can access and have single sign-on authorization into those apps.
Securing the connection
There are two Authorization standards for implementing SSO in Salesforce; SAML and OAuth.
Salesforce Identity Provider Certificate
Set Google Administrator Single Sign-On Options
In your Google Administrator account, set the values for single sign-on. You need to sign in as an Administrator to the Google Apps account at https://admin.google.com.
For example We can look how we can connect Gmail with our Salesforce App .
Follow these steps in your Salesforce organization.
Now you can add this connected app to a profile or permission set. When that profile or permission set is applied to a user, the user will be able to use the GMail connected app. You can follow the same basic process to install any other Google Apps.
Administrator can assure more secured login by selecting “Two-Factor Authentication for User Interface Logins” permission in the user profile or permission set. If this is done the users need to enter a time-based token generated from an authenticator app on their mobile device when they log into Salesforce. Along with the user name and password the time-based tokens ensure the secured login and each time it will help to authenticate the user.
Adding a Time-Based Token
You can add a time-based token to your account to use a mobile authenticator app to activate your computer. Once you add a time-based token to your account, you’ll be prompted to enter the changing token stored in the mobile app whenever Salesforce needs to confirm your identity, such as when you log in from an unknown IP address.
An identity provider enables user to use single sign-on to access other websites. A service provider is a website that hosts applications. Using Salesforce Identity it’s possible to enable Salesforce as an identity provider, and can define one or more service providers, so your users can access other applications directly from Salesforce using single sign-on. This can be a great help to the users: instead of having to remember many credentials, they will only have to remember one. Also the applications can be added as tabs to the Salesforce organization, which means users won’t have to switch between programs. The authentication can be indicated as in the figure.
Identity Connect facilitates the Active Directory integration with Salesforce via a service which runs on either Linux or Windows platforms. This integration includes syncing Active Directory users with either Salesforce or Identity Connect acting as the Identity Service Provider (IDP) for Single Sign on (SSO) Active Directory integration when logging into Salesforce. The organization must have at least one Identity Connect license. From salesforce.com we need to obtain Identity Connect. The Identity Connect software will typically be installed on a server instead user to install Identity Connect individually.
Identity Connect includes a browser-based user interface, and is installed “on premises”, inside organization’s DMZ. A customizable UI wizard makes it possible to configure data synchronization from the Active Directory server to Salesforce. An Active Directory server can be connected to multiple Salesforce organizations. It will help to synchronize a sandbox organization and a production organization simultaneously. If the Identity Connect installed and configured, all the access to the subdomain of the organization on Salesforce can be configured to go through Identity Connect. Identity Connect manages user data across disparate data stores, users and passwords are not generally stored in IC itself. Administrative access to Identity Connect relies on the credentials of administration users in Active Directory
Identity Connect enables to specify how attributes and other data are mapped from the Active Directory data to the Salesforce data store.
Identity Connect help to maintain the data consistency between the Active Directory and the Salesforce data store. This consistency is achieved by synchronization, which modifies user data on Salesforce to match the data in Active Directory. Before synchronization can occur, a reconciliation report is run. In Reconciliation two data sources are assess and analyze the consistency of the data across the two systems. The reconciliation process involves identification of the user accounts that exist in the two data stores, and assessment of their potential for matching.
Data synchronization specify when and how often Active Directory data changes are pushed to the Salesforce data store. Data can be synchronized according to a defined schedule, or automatically, as soon as changes are made in Active Directory.
This is one of the biggest advantages of Salesforce Identity that the Connected app usage is stored in Salesforce can use for monitoring the usage of them. We can create and run reports on these app usages.
In the app usage records the following things includes:
Using this we can create a report which analyzing the app usage trends.