Salesforce Identity provides a comprehensive array of features designed to address various aspects of authentication and authorization. An effective implementation of Salesforce Identity begins with the identification of the most suitable features for your organization and the subsequent prioritization of these components. Below is an overview of the solutions available through Salesforce Identity services.
Salesforce supports Single Sign-On (SSO), user authorization, and user, server, or device authentication via several established protocols, including OAuth 2.0, OpenID Connect, SAML, and delegated authentication. The following articles outline key considerations related to the supported technologies and their corresponding implementation methodologies:
- Salesforce Single Sign-On Flows: This section elucidates the SAML, OpenID Connect, and delegated authentication options that facilitate user SSO into Salesforce or other applications utilizing Salesforce Identity.
- OAuth 2.0 Flows: This portion covers the OAuth 2.0 authorization flows supported by Salesforce, categorized as follows:
- Browser Access: Flows typically employed to enable user authentication and authorization in real-time.
- Server Access: Flows designed to permit a server application to obtain an OAuth access token without direct user engagement.
- Device Access: Flows tailored for scenarios requiring integration with IoT devices that may not support a comprehensive browser-based OAuth flow.
- OAuth 2.0 Login and Consent: This section provides a detailed account of the authentication and authorization procedures involved in interactive OAuth 2.0 flows.
- Salesforce Layered Flows: This illustrates how various flows can be combined to create a seamless user authentication experience.
- Transport Layer Security (TLS) and Salesforce: An overview of how TLS contributes to the security of authentication processes, along with the potential for additional safeguards through mutual TLS.
The level of detail and presentation style in official documentation may vary significantly; thus, diagrams are employed to provide a consistent representation, facilitating the identification of key differences.
For certain flows, such as OpenID Connect, the official Salesforce documentation may lack comprehensiveness. In such instances, the flows have been constructed based on protocol specifications, third-party documentation, and analyses of browser traffic.
These materials were initially compiled in preparation for the Salesforce Technical Architect certification. The content scope and detail are intentionally high-level and encompass significant topics relevant for the Certified Technical Architect (CTA) board. For more intricate details regarding the implementation of these flows within Salesforce, the official documentation is generally the most reliable resource.