The document outlines a presentation on Salesforce Identity Management, highlighting key concepts such as authentication, authorization, identity providers, and OAuth 2.0. It mentions potential risks related to forward-looking statements made during the presentation and provides an agenda for the discussion, which includes demos and a Q&A session. The document emphasizes the importance of centralized user account management and various protocols for secure data sharing between applications.

1. Jayant Jindal
Fremont, CA Salesforce User Group Lead
Lightning Champion, Certified Application & System Architect, 15x Certified
Pranav Shah - CEO, Valorx
Salesforce Identity Management

2. This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties materialize or if any of the
assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results expressed or implied by the forward-looking statements we
make. All statements other than statements of historical fact could be deemed forward-looking, including any projections of product or service availability, subscriber
growth, earnings, revenues, or other financial items and any statements regarding strategies or plans of management for future operations, statements of belief, any
statements concerning new, planned, or upgraded services or technology developments and customer contracts or use of our services.
The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new functionality for our service, new
products and services, our new business model, our past operating losses, possible fluctuations in our operating results and rate of growth, interruptions or delays
in our Web hosting, breach of our security measures, the outcome of any litigation, risks associated with completed and any possible mergers and acquisitions, the
immature market in which we operate, our relatively limited operating history, our ability to expand, retain, and motivate our employees and manage our growth,
new releases of our service and successful customer deployment, our limited history reselling non-salesforce.com products, and utilization and selling to larger
enterprise customers. Further information on potential factors that could affect the financial results of salesforce.com, inc. is included in our annual report on Form
10-K for the most recent fiscal year and in our quarterly report on Form 10-Q for the most recent fiscal quarter. These documents and others containing important
disclosures are available on the SEC Filings section of the Investor Information section of our Web site.
Any unreleased services or features referenced in this or other presentations, press releases or public statements are not currently available and may not be
delivered on time or at all. Customers who purchase our services should make the purchase decisions based upon features that are currently available.
Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements.
Forward-Looking Statement
Statement under the Private Securities Litigation Reform Act of 1995

3. • Check-In : 10 min.
• Identity: 15 min.
• Identity Demo: 15 min.
• Valorx ExcelUI(AppExchange Product) : 10 min.
• Next Trailblazer Session & Q&A: 10 min.
Agenda

4. Identity Management Agenda

5. • Core Concepts
• Authentication
• Authorization
• Identity Provider
• Service Provider
• SAML Single Sign On
• Oauth 2.0
• Oauth 2.0 Flows
• Advantages of Identity management
• Security
• Centralized Control
• Ease of Use
• Demo
• Salesforce as Identity Provider
Identity Agenda

6. Core Concepts - Authentication vs Authorization
Authentication
Authentication is the act of validating that users are who
they claim to be. Passwords are the most common
authentication factor—if a user enters the correct
password, the system assumes the identity is valid and
grants access.
Authorization
Authorization in system security is the process of giving
the user permission to access a specific resource or
function. This term is often used interchangeably with
access control or client privilege. Giving someone
permission to download a particular file on a server or
providing individual users with administrative access to
an application

7. Core Concepts - Identity Provider vs Service Provider
Identity Provider
Authenticated users can also flow from Salesforce to other clouds
and apps. In this case, Salesforce acts as an identity provider and
provides SSO for users to connect to different service providers.
Service Provider
Authenticated users can flow from an external identity provider
into Salesforce. In this case, Salesforce is a service provider—
users want to get access to this service, and their identity provider
allows them to do so. This Salesforce configuration is common
because often your company is already using an identity provider.
The identity provider could be one of several on the market, like
Microsoft’s Active Directory Federation Services (ADFS), Ping
Identity’s PingFederate, open-source Shibboleth, or ForgeRock’s
OpenAM.

8. Core Concepts - SAML SSO
SSO Steps
• The user tries to access Salesforce.
• Salesforce recognizes the SSO request and generates a
SAML request.
• Salesforce redirects the SAML request back to the
browser.
• The browser redirects the SAML request to the external
identity provider.
• The identity provider verifies the user’s identity and
packages the SAML assertion containing the user
authentication.
• The identity provider sends the SAML assertion to the
browser.
• The browser redirects the assertion to Salesforce.
• Salesforce verifies the assertion.
• The user is now signed in and can access Salesforce.

9. Core Concepts - Oauth 2.0
Oauth 2.0
OAuth 2.0 is an open protocol used to allow
secure data sharing between applications. The
user works in one app but sees the data from
another. For example, you’re logged in to your
Salesforce mobile app and see your data from
your Salesforce org. Behind the scenes, the
apps perform a kind of handshake and then ask
the user to authorize this data sharing. When
developers want to integrate their app with
Salesforce, they use OAuth APIs.

10. Core Concepts - OpenID Connect
OpenID Connect
OpenID Connect is a protocol based on OAuth
2.0 that sends identity information from one
service to another. OpenID Connect is built for
today’s world of social networks. The advantage
of the OpenID Connect protocol for users is that
they can reduce the number of separate
accounts, usernames, and passwords.

11. Core Concepts - Advantages
Centralized User Account Management
• Centralized user account management means that
admins can manage all their user account tasks in
one place. Administrators can easily grant users
access to other apps and revoke or freeze access
when they have to.
• Admins can apply login policy and explicit security
controls. For example, they can set a policy that
prevents login attempts by anyone who doesn’t
know your domain name.

12. Oauth 2.0-Flows
• Web-Server
• User-Agent
• Device Authentication
• User-Name & Password
• Refresh Token
• JWT Bearer Token
• SAML Bearer Assertion
• SAML Assertion

13. Enable the Identity Provider in your IDP Org
• Enable My Domain
• Enable the Identity Provider in your IDP Org
• Add Remote Site setting in SP Org
• Enable Single Sign On in SP Org
• Create Connected App in IDP Org
• Update Authentication Configuration for my
Domain in SP Org
• Test it!

14. DEM
O

15. Quiz

16. Quiz
• Oauth 2.0

17. Next Community
Session & Q/A

18. Integration Patterns
Join our next TRAILBLAZER SESSION 0n 04/18/202-10am to
12 noon

19. References

20. REFERENCES
• Oauth 2.0 and OpenId Connect -https://www.youtube.com/watch?v=996OiexHze0
• Trailhead: https://trailhead.salesforce.com/content/learn/modules/identity_basics/identity_basics_product