No Results
Search Tips:
- Please consider misspellings
- Try different search keywords
Newer Version Available
User Authentication
Salesforce has its own system of user authentication, but some companies prefer to use an existing single sign-on capability to simplify and standardize their user authentication. You have two options to implement single sign-on—federated authentication using Security Assertion Markup Language (SAML) or delegated authentication.
- Federated authentication using Security Assertion Markup Language (SAML) allows you to send authentication and authorization data between affiliated but unrelated Web services. This enables you to sign-on to Salesforce from a client application. Federated authentication using SAML is enabled by default for your organization.
- Delegated authentication single sign-on enables you to integrate Salesforce with an authentication
method that you choose. This enables you to integrate authentication
with your LDAP (Lightweight Directory Access Protocol) server, or
perform single sign-on by authenticating using a token instead of
a password. You manage delegated authentication at the permission
level, allowing some users to use delegated authentication, while
other users continue to use their Salesforce-managed password.
Delegated authentication is set by permissions, not by organization. You must request that
this feature be enabled by salesforce.com. Contact salesforce.com to enable
delegated authentication single sign-on for your organization.The primary reasons for using delegated authentication include:
- Using a stronger type of user authentication, such as integration with a secure identity provider
- Making your login page private and not part of the general Internet, but rather, part of your corporate network, behind your corporate firewall
- Differentiating your organization from all other companies that use Salesforce in order to reduce phishing attacks