1 / 8

Seamless SSO Integration for Mobile, Outlook, and Browser: Key Considerations and Technologies

This case study explores the implementation of Single Sign-On (SSO) mechanisms at Salesforce.com, primarily focusing on usability, security, and scalability. Key considerations include seamless integration without impacting functionality, compliance with security standards, and the non-storage of user credentials in applications. The use of Delegated Authentication (DA) and SAML technologies is emphasized, providing an overview of their roles in enabling SSO for disparate systems. We discuss browser-based authentication, the OAuth standard, and real-world application supporting over 20,000 users for two years.

chloe
Télécharger la présentation

Seamless SSO Integration for Mobile, Outlook, and Browser: Key Considerations and Technologies

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SSO Case Study Suchin Rengan Principal Technical Architect Salesforce.com

  2. The Scenario Mobile Outlook Browser

  3. Key Considerations • Must be Seamless • No Impacts to the intended Functionality • Focus on Usability • Comply with Security Standards • User credentials cannot be stored in any applications • Reusability wherever possible • Allow for Scalability

  4. SSO Mechanisms • DA • SF Legacy way to accomplish SSO • Customers have to build a Web Service that will authenticate requests that are delegated by SF • User Profiles need to be enabled for SSO • Delegated Authentication configuration to point to the Delegated Authentication Web Service hosted by the customer • SAML • SAML is a technology that enables SSO between two disparate systems (Web and Desktop) • SF supports SAML 1.1 and SAML 2.0 • Support since Summer ’08 • Supports browser post profiles • Cannot be used to accomplish SSO for desktop/ outlook/ mobile clients (DA/ OAuth2 is a better alternative) • OAuth • Open standard for authorization (OAuth!) • Stop the password anti-pattern • Explicit grant of permission by user • The Valet key concept • Credential is per-service-provider • Revokable without changing password • Browser based authentication for rich clients • Make it possible to participate in SSO

  5. The Browser Scenario 1. User Request 2. Validate and Generate SAML Token Browser Identity Provider (Corporate Portal) 4. User Session 3. Post SAML

  6. The Outlook Scenario Outlook User Credentials (context based) Identity Provider Intermediary Service SAML Token SAML Token (Login API) User Session DA Service DA Redirect True/ False

  7. The Mobile Scenario Mobile NT Authentication Services NT Login Credentials User Session DA Redirect DA Service True/ False

  8. Summary • Been in production for 2 years • Supports 20 K users

More Related