Salesforce Single Signon with WSO2

Transcript

1. Salesforce Single Sign-on with WSO2. Benoy Jose Salesforce Practice Head

   Marlabs Inc.

2. Agenda Courtesy: wso2.com • Introduction • Business Challenge • Technical

   Challenge • Design • Solution options • Summary

3. Introduction • Why do we need SSO? – Improve productivity

   and reduce support costs – Enhance security and compliance – Improve customer experience • SSO Intro – IDP initiated SSO – SP initiated SSO

4. Identity Provider Service Provider Identity Store Service Provider

5. Business Challenge • Enable Single Sign-on into Salesforce for employees

   using ADFS • Enable Single Sign-on into Salesforce customer Portal through existing authentication process. • Employees need the ability to log into the portal with their ADFS Id.

6. Salesforce Portal Custom Identity Store Salesforce Windows ADFS Partner Employee

7. Technical Challenge • To use a single SSO system to

   solve the business use cases • Retain the existing authentication system for business portal for the Salesforce Customer portal • Design a SSO solution that is scalable to support mobile apps through OAuth.

8. Design • Design for a consolidated SSO framework for both

   the requirements • Custom routing to delegate the authentication to ADFS and Custom data store. • Just in time provisioning

9. Salesforce Portal Custom Identity Store Salesforce Windows ADFS Partner Employee

10. Process Flow • SSO request received from Service provider is

    sent to the Authentication Framework. • Based on the Service provider config, the authenticator determines the Local Authenticator that will handle the request. • Access request for Salesforce are handled by the AD handler • Access request for the Salesforce Customer service portal are handled by the CustomUserStoreManager.

11. Authentication Courtesy: wso2.com

12. Solution Options Courtesy: wso2.com • Separate SSO solutions for Employee

    SSO and Salesforce portal SSO. – SSO with OpenSSO, Shibboleth for portal. – Delegated Authentication through AD connector. • Difficulty to customize the Shibboleth SSO solution. • Ability to handle Just in time provisioning.

13. Summary • According to Gartner, by 2016 80% of enterprises

    will need SSO. • Planning for a comprehensive SSO strategy as early as possible will save Development and support costs. • Plan for scalability by using proven standards like SAML, Oauth.

14. Additional Reading • SAML Introduction: – http://wso2.com/library/articles/2014/02/introduction-to- security-assertion-markup-language-2.0/

15. Thank You