Salesforce Identity and Access Management
In this post we will talk about different OAuth flows available in Salesforce and consideration while deciding which one to use. You’ve likely heard of OAuth but what exactly is it? How is it used in Salesforce and where does…
A Salesforce Certified Identity and Access Management Designer assesses the architecture environment and requirements and designs sound and scalable technical solutions on the Force.com platform that meet Single Sign On (SSO) requirements. The architect has experience communicating solutions and design…
We’ll look at several core OAuth flows relevant to Salesforce. User interaction No user interaction Authorisation Code + Secret (Web Server) Implicit Grant (User-Agent) Authorization Code + PKCE JWT Bearer SAML BearerUsername-Password Intended audience: Architects, developers, security professionals and identity…
In this post we will talk about How to Setup Okta Single Sign-On (SSO) with Salesforce. Okta connects any person with any application on any device. Okta enables you to provide Single Sign On (SSO) access to cloud, on-premises, and mobile applications. You…
Allows client to authenticate using user’s username and password together with a protected secret. Use the username-password authentication flow to authenticate when the consumer already has the user’s credentials. Avoid using this flow because you have to send username and…
Secure server-to-server integration without real time user involvement. Client specifies user in a JSON web token (JWT) or SAML format XML assertion and proves its own identity by appending a signature. JWT Bearer token flow is Ideal for application which…
In this post we will talk about Authorisation Code with PKCE Flow(for browser, mobile & desktop apps). A variation of auth. code flow for clients which can’t protect a global secret. Better security than implicit grant / user-agent for similar…
A simpler flow for clients which should not hold a global secret (e.g. distributed apps), but can be trusted with per-user access token. This flow is recommended when you build mobile or desktop application and your application can be distributed to…
Allows apps with a secure client server (one which can protect a secret or private key) to access protected resources. This flow is mainly used by applications hosted on web server. If external application is trusted one and hosted on secure…
Join us to learn about what is canvas app and how to configure Single Sign-On for Canvas App. Lets users easily access a new or existing application as a part of their Salesforce experience. What is Canvas App? Canvas allows…
