WDCi Blogs

You can.

Ping Identity allows you to universally login to your SaaS applications, using Salesforce as your user identity store.

No need to install, configure, manage, maintain and backup a local Active Directory or LDAP user store if you don’t want to, just have Salesforce manage the user identities.

What does this mean?

• You can use Salesforce as your source of user information and login credentials for your other SaaS and Internet applications.
• Users login to the Salesforce portal, then directly access their other Internet-based applications by simply clicking a link.
• No further authentication is required, minimizing login failures and password resets.

Our CTO (Walter Dewildt) captures the benefits well - “”With Ping Identity’s Universal Login, Salesforce becomes the hosted identity provider, reducing license, infrastructure and ongoing maintenance costs of traditional identity stores, while leveraging the Salesforce platform’s reliability and security.”

Check out the full press release here.

Single Sign on (SSO) for salesforce.com can take various forms.

The Winter 10 version supports SAML2 for salesforce.com and the Salesforce partner & customer portals. It does not support SAML2 for Salesforce Sites yet. (Sheduled for a coming release).

When setting up SSO here are some issues you should consider:

• What is your User or Identity store? Is it an internal store such as Active Directory, Oracle access Manager or a Custom LDAP? or do you want to use a cloud based store like Salesforce, or Google to manage your user identify information?
• Do you have more than one user identity store?
• Do you want to auto provision (activate/create) the Salesforce users (Just in time) or do you have an existing provisioning process?
• Do you want to allow deep linking to URLs? or always force people to login via a “home page” or “dashboard” ?
• Is SSO for your internal users or your customers/partners.  Do you have separate data stores for each?
• Do you want users to keep existing usernames & passwords or get a new “single” username/password?
• Should I use salesforce.com’s Delegated Authentication model or the SAML2 SSO?

Sounds like a lot to think about.

The reality is that there are many variants and solutions to meet your specific requirements.

At WDCi we have been looking at these issues for a while and using our partnership with Ping Identity to provide solutions to  Single Sign On requirements for Salesforce.com and other systems.

Take a look at the Identity pages on our website or contact us for more information on the right solution for SSO for your company.