Play by Play: Understanding Salesforce.com Single Sign-on Solution

Course Overview
Welcome to this Salesforce Play by Play with Pluralsight. Salesforce Play by Play is an interactive series where we sit down with Salesforce experts, such as MVPs, consultants, developers, and architects to discuss common challenges faced everyday by Salesforce customers. We'll be learning while discussing concepts and debating trade-offs on various approaches to solving real-world problems. We learn by reviewing system configurations or writing code, and then exploring the benefits of any particular solution. In this course, we challenged Certified Technical Architect and instructor, Greg Cook, to help us understand the many approaches and options available for single sign-on with Salesforce. Greg introduces us to the core concepts of identity management, authentication, and authorization, and then provides a high-level perspective of each primary use case for single sign-on. He walks us through setting up SAML identity providers and service providers in order to demonstrate SP-initiated SAML using the My Domain feature. He explains OAuth and authorization providers, including configuration of a Salesforce instance that allows user login via Facebook, and he shows an example of just-in-time provisioning and registration handlers. Along the way, we learn about sessions, tokens, and authentication codes, as he demonstrates how to obtain sessions using each different protocol, and demystifies the many network flows and mechanisms used during these security interactions. By the time we're done, you'll have a clear understanding of when and why you would choose any particular single sign-on approach, as well as which would best be suited for your specific integration. Whether you're a Salesforce developer, architect, project lead, or manager, come learn about the core concepts and options available. Please join us for Understanding Salesforce Single Sign-on. We hope you enjoy it.

Setting the Stage
Hi, I'm Don Robins, a Salesforce MVP, a Certified Platform 2 Developer, and a Certified Salesforce Instructor. I'm here with Greg Cook for the Salesforce Play by Play with Pluralsight. Greg, why don't you introduce yourself? Okay. Hello, my name is Greg Cook, and I'm a Certified Technical Architect. I've been doing Salesforce since about 2009, and I have a couple apps on the AppExchange. I teach, I consult, I kind of do it all. Great. So you know for a Play by Play, we usually like to sort of spin a scenario, and then hit you with a challenge that you can speak to. So, here's our scenario, Greg. So, you're a CTA. You're often engaged in enterprise projects, typically bigger than a single Salesforce org. They usually include what's called a system landscape, maybe a collection of disparate systems that could include application servers, they could include databases, they can include legacy on-premises systems, and of course, they also include a Salesforce org and they need to communicate with that Salesforce org and each other. And there's always users, they need to access all these disparate systems as well. Some users are internal, some users are partners, and you would think there would also be many customers. So you've got lots of users. And we have many available mechanisms and approaches to leverage single sign-on as the core concept to solution for these challenges. And that's your challenge. At the end of the day, how does an architect learn about the differences and the trade-offs of all these different tools? How do you know what approach, which mechanisms, which technologies are foundational to what you need as an architect to understand as they relate to security and networking? Basically, how can you know why you would choose any one over any other for a particular scenario or task at hand?