How do users benefit from Salesforce Identity Quizlet

Recommended textbook solutions

Service Management: Operations, Strategy, and Information Technology

7th EditionJames Fitzsimmons, Mona Fitzsimmons

103 solutions

Computer Organization and Design MIPS Edition: The Hardware/Software Interface

5th EditionDavid A. Patterson, John L. Hennessy

220 solutions

Introduction to Algorithms

3rd EditionCharles E. Leiserson, Clifford Stein, Ronald L. Rivest, Thomas H. Cormen

720 solutions

Fundamentals of Database Systems

7th EditionRamez Elmasri, Shamkant B. Navathe

687 solutions

1.) The client application sends the user to the appropriate Salesforce authorization endpoint, such as the following:

https://login.salesforce.com/services/oauth2/authorize

Note that the following parameters are required:

response_type - must be "code" for this flow
client_id - the consumer key
redirect_uri - the callback url

2.) The user logs into Salesforce with his/her credentials. The user is interacting with the authorization endpoint directly, so the application never sees the user's credentials.

Once the user logs in successfully, the user is asked to authorize the client application (allow or deny). Note that this step is skipped if the user has already authorized the application.

3.) The user is sent to the URL specified in the redirect_uri parameter of the authorization request (i.e. the callback url of the connected app), and Salesforce appends two parameters to the URL:

code - the authorization code the client application must use to obtain access tokens.
state - the state value that was passed in, if applicable.

4.) The client application receives the authorization code and uses it to place a POST request to Salesforce for the access tokens. The request is placed using the applicable token endpoint, such as the following:

https://login.salesforce.com/services/oauth2/token

Note the following parameters are required:

grant_type - must be "authorization_code"
client_id - the consumer key
client_secret - the consumer secret
redirect_uri - the callback url
code - the authorization code

5.) If the request is successful, the server returns a response body that contains the access token, refresh token, and other identifying information such as the user Id, instance url, and more.

6.) The client application can now use the access token to retrieve resources from the server.

1) The device requests authorization from Salesforce.

2) Salesforce verifies the request and returns the following: human-readable user code, verification URL, device code, and minimum polling interval (in seconds).

3) The device displays the user code and instructs the user to enter it at the specified verification URL.

4) On a separate device that has more developed input capabilities, such as a desktop computer or smartphone, the user opens a browser.

5) The user navigates to the verification URL and is prompted to enter the user code. If the code is valid, the user is prompted to log in if not already logged in.

6) After successful login, the user is prompted to allow the device to access Salesforce data.

7) After displaying the user code and verification URL, the device starts polling the token endpoint for authorization.

Polling frequency can't exceed the minimum polling interval. The device continues polling until the user has allowed (or denied) access, or the user code has expired.

8) If allowed, the authorization server returns to the device an access token, a refresh token if requested, and other information.

9) After the access token is granted, the device can use it in API requests to access data on the user's behalf and use a refresh token to get a new access token if it becomes invalid.

- deploy the web service on a server in your DMZ (de-militarised zone)

- If Salesforce and your system can't connect, or if the request takes longer than 10 seconds to process, the login attempt fails. Users get an error.

- Namespaces, element names and capitalisations must be exact for SOAP requests

- Wherever possible, generate your server stub from the WSDL file to ensure accuracy.

- Make your web service available through TLS. It's more secure as a certificate is required

- Implement trusted IP ranges to restrict access to Salesforce via the user's location

- You might need to map your org's internal usernames to your Salesforce usernames. If your org doesn't follow a standard mapping, try extending your user database schema (for example, Active Directory) to include the Salesforce username as an attribute of a user account.

- Don't enable SSO for Salesforce administrators - if your SSO server goes down, admins can't get back in - they need to, in order to disable SSO in the event of a problem

- Build in a developer edition or sandbox first, and test with Salesforce clients, such as Salesforce for Outlook, Connect for Office, and Connect Offline

- Enhance or customize the login experience (for example, add a logo or login message).

- Collect and update user data (for example, request an email address, phone number, or mailing address).

- Interact with users, and ask them to perform an action (for example, complete a survey or accept terms of service).

- Connect to an external identity service or geo-fencing service, and collect or verify user information.

- Enforce strong authentication (for example, implement a two-factor authentication method using hardware, SMS, biometric, or another authentication technique).

- Run a confirmation process (for example, have a user define a secret question, and validate the answer during login).

- Create more granular policies (for example, set up a policy that sends a notification every time a user logs in during non-standard working hours).

How does user benefit from Salesforce identity?

What does Salesforce customer identity mean quizlet?

How do admins and businesses benefit from Salesforce identity quizlet?

Which protocol allows secure data sharing between applications quizlet?