In this video, ProofID consultant Ben Andrews demonstrates how quickly single sign-on (SSO) to Salesforce can be implemented using PingFederate. SSO provides a distinct advantage as users can access multiple resources using a single username and password.
The demo shows a federated trust established between the PingFederate identity provider (IdP) and Salesforce, the service provider (SP). Metadata is exchanged between the two parties, creating the trust. Federated SSO can then occur as Salesforce delegates authentication to PingFederate. SSO is accomplished using SAML (Security Assertion Markup Language), an XML-based standard that facilitates the transfer of information between PingFederate and Salesforce.
To break down the steps involved during SSO:
- The user browses to Salesforce
- Salesforce uses the custom domain that was accessed to identify the organization the user originates from
- Salesforce redirects the user to PingFederate, sending a SAML request
- The user authenticates, and PingFederate validates the credentials against the local user store
- If authentication is successful, the user is redirected back to Salesforce, along with a SAML response
- The user is logged into Salesforce using the claims provided in the SAML assertion from PingFederate
In addition to the user only requiring a single set of credentials, SSO provides several other advantages.
As the IdP is responsible for authentication, it automatically revokes access to the application when a user leaves the organization.
With fewer passwords in use, the IT helpdesk would expect a lower number of password reset requests.
Administrators can set one password policy for all applications that adheres to the requirements of the organization.
Users are more productive as they spend less time attempting to remember or locate multiple sets of credentials.
ProofID is a specialist Identity as a Managed Service provider headquartered in the UK. We help customers every day in securing enterprise data, manage hybrid cloud environments, secure mobile apps, and provide access to services by partners and customers. All successfully delivered through our methodology driven managed service. Daily we manage 750,000 identities and deliver services to 73 countries. For more information, call +44 (0)161 906 1002 email info@proofID.co.uk or visit www.proofID.co.uk.
Simplify access for users
Learn about our efficient and secure single sign-on (SSO) solution
Ping Identity frees the digital enterprise by providing secure access that enables the right people to access the right things, seamlessly and securely.