SlideShare a Scribd company logo

Secure Salesforce: External App Integrations

Salesforce Developers
Salesforce Developers

Salesforce is an open and easily extensible platform. However, sometimes it's hard to figure out the best, most secure way to build these integrations. Join us as we help you build secure integrations with Salesforce by understanding the platform authentication and authorization constructs like profile permissions and OAuth scopes. We will demonstrate the importance of leveraging Salesforce security features like mutual SSL, IP range restrictions, and Connected Apps.

Technology
1 of 31
Download to read offline
Secure Salesforce - External App Integrations ​ Astha Singhal ​ Senior Product Security Engineer ​ salesforce.com ​ @astha_singhal ​ @SecureCloudDev ​ Chris Vinecombe ​ Application Security Engineer ​ salesforce.com
​Safe harbor statement under the Private Securities Litigation Reform Act of 1995: ​This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties materialize or if any of the assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results expressed or implied by the forward- looking statements we make. All statements other than statements of historical fact could be deemed forward-looking, including any projections of product or service availability, subscriber growth, earnings, revenues, or other financial items and any statements regarding strategies or plans of management for future operations, statements of belief, any statements concerning new, planned, or upgraded services or technology developments and customer contracts or use of our services. ​The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new functionality for our service, new products and services, our new business model, our past operating losses, possible fluctuations in our operating results and rate of growth, interruptions or delays in our Web hosting, breach of our security measures, the outcome of any litigation, risks associated with completed and any possible mergers and acquisitions, the immature market in which we operate, our relatively limited operating history, our ability to expand, retain, and motivate our employees and manage our growth, new releases of our service and successful customer deployment, our limited history reselling non-salesforce.com products, and utilization and selling to larger enterprise customers. Further information on potential factors that could affect the financial results of salesforce.com, inc. is included in our annual report on Form 10-K for the most recent fiscal year and in our quarterly report on Form 10-Q for the most recent fiscal quarter. These documents and others containing important disclosures are available on the SEC Filings section of the Investor Information section of our Web site. ​Any unreleased services or features referenced in this or other presentations, press releases or public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make the purchase decisions based upon features that are currently available. Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements. ​ Safe Harbor
Astha Singhal Senior Product Security Engineer salesforce.com
Astha Singhal -  Working with product teams from design to implementation to help them build secure applications for our customers. -  Conduct penetration tests and code reviews on Salesforce applications. -  Facilitating the security process via better security training and enabling self- service for product teams. -  Helping them understand security bugs and guiding through remediation of security issues.
Chris Vinecombe Application Security Engineer salesforce.com
Chris Vinecombe -  Work with vendors to ensure third party applications used by Salesforce are secure. -  Conduct penetration tests on Salesforce’s vendor applications. -  Assist Salesforce business units in selecting secure vendors and products. -  Help vendors understand security vulnerabilities and assisting with remediation of security issues.
Building Salesforce Integrations -  Extend Salesforce functionality with external app integrations -  Building data flows and interactions between your external app and Salesforce -  Need a way to map Salesforce user identity to your external system -  Need a way to authenticate and secure data flows between the two systems -  Need a way to grant access to Salesforce data without breaking the Salesforce security model or trust in the Salesforce platform
Integration methods API / OAuth -  External services authenticate with Salesforce via OAuth and receive access tokens -  Tokens must be treated with same sensitivity as a password -  Utilize public-facing API’s to share data with Salesforce instances -  Developers can expose custom Apex REST endpoints
Integration methods Apex Callouts -  Use Apex code to access external REST API’s -  Can be used to send data out or pull data in to/from an external service -  Actions must be initiated by a user action from within Salesforce
Integration methods Connected App -  Runs on the Salesforce app canvas -  Does not have access to the Salesforce app DOM at any time -  Authenticate via OAuth or SAML using Salesforce credentials -  Easy way to integrate an external application into the Salesforce “skin” -  The OAuth scope for the connected app determines the amount of access this app would have to your Salesforce data -  Make sure to provide least privilege to the OAuth token being created.
Integration user vs End User Integration User -  Creating an integration user to make callouts from the external app into Salesforce. -  Lets you create a least privilege integration user to perform certain operations required by the app. -  You don’t have to provide API access to all users. -  Only one credential to manage on the external system. -  You have to make sure that the Salesforce security model is not broken when the external system accesses Salesforce data.
Integration user vs End User End User -  Lets your external app make requests as current logged in user with the specified OAuth scope. -  Lets the user select if they want to allow access or not. -  Preserves the Salesforce security model in your external requests without any additional measures. -  The external app needs to make sure all end user OAuth credentials are stored securely on the external system.
Setting up a Connected App -  Go to Setup -> Create -> Apps -> New Connected App.
Setting up a Connected App
Advantages of Connected apps ​  No need for custom authentication logic. ​  Least privilege access control based on the external app use case. ​  Easy to revoke access for misbehaving apps. ​  Out of box functionality for standard Auth protocols. ​  Can provide access without sharing Salesforce username password with the external app.
Credential handling -  External app credentials (consumer key/secret) should be stored securely off the Salesforce platform. -  Salesforce OAuth tokens should be stored securely off the platform using the industry best practice for your development platform -  API tokens for the external app should be stored via Protected custom settings inside Salesforce. -  All credentials should be secure in transit by using HTTPS (TLS) for all communication
Transport Security Security Expectations of HTTP -  None -  Anyone on the network can eavesdrop traffic -  Anyone on the network can modify content -  Anyone on the network can divert traffic
Transport Security - What is TLS? ​  A user visiting a site over HTTP has no assurance that the user is interacting with the legitimate site ​  The Transport Layer Security protocol allows for secure communication between applications and users. ​  Uses PKI (Public Key Infrastructure) to have a Trusted Certificate Authority (CA) vouch for the server’s identity. ​  Prevents tampering, eavesdropping, and man-in-the-middle attacks against secure communications. Provides authentication and confidentiality.
Mutual TLS -  Salesforce supports Mutual TLS for communications between Salesforce and your external server. -  This allows you to do a two-way verification, where the client and server can confirm one another’s identity. -  Good for server to server authentication, where the client is not prompting a user to log in manually.
Mutual TLS Acme.com
Salesforce Mutual TLS -  Client certificates are uploaded and stored in the Salesforce database, where they are used for verification. -  You can also download the Salesforce client certificate to authenticate on your web server, when making Apex callouts, etc. -  Salesforce provides a mechanism to prevent falling back to the standard TLS port.
Setting Up Mutual TLS ​  Have mutual TLS enabled for your organization. ​  Generate Certificate Signing Request (CSR) and acquire a certificate from a Trusted CA.
Setting Up Mutual TLS ​  Upload the certificate to Security Controls | Certificate and Key Management ​  Enable “Enforce SSL/TLS Mutual Authentication” permission for the API client user. This will force mutual TLS on port 8443 for this user. ​  This user permission can be added via a PermSet or by adding the permission to the user profile. ​  Configure the API client to connect on port 8443 and present the client certificate.
Setting Up Mutual TLS
Why use mutual TLS ? -  This seems like a lot of work! Why should I do this? -  Provides you a good way to authenticate both parties (Salesforce and external app) when building external integrations -  You don’t just have to rely on IP range restrictions and static API keys for client authentication. -  Out of the box mutual TLS implementation provides authentication and confidentiality.
Thank you
Secure Salesforce at Dreamforce 2015 ​  10 DevZone Talks and 2 Lighting Zone Talks covering all aspects of Security on the Salesforce Platform ​  Visit our booth in the DevZone with any security questions ​  Check out the schedule and details at http://bit.ly/DF15Sec ​  Admin-related security questions? ​  Join us for coffee in the Admin Zone Security Cafe
Secure Salesforce at Dreamforce 2015 ​  Hardened Apps with the Mobile SDK ​  Martin Vigo and Maxwell Feldman ​  Thursday 2:30pm in Moscone West 2008 ​  Code Scanning with Checkmarx ​  Robert Sussland and Gideon Kreiner ​  Thursday 3:30pm in Moscone West 2011 ​  Lightning Components Best Practices ​  Robert Sussland and Sergey Gorbaty ​  Thursday 4:45pm in Moscone West 2007 ​  Common Secure Coding Mistakes ​  Rachel Black and Alejandro Raigon Munoz ​  Thursday 5:00pm in Moscone West 2006 ​  Chimera: External Integration Security ​  Tim Bach and Travis Safford ​  Friday 10:00am in Moscone West 2009
Additional Resources Salesforce mutual TLS set up Salesforce Connected Apps documentation Digging deeper into OAuth 2.0 on Force.com Salesforce Trust academy How to generate a CSR
Share Your Feedback, and Win a GoPro! 3 Earn a GoPro prize entry for each completed survey Tap the bell to take a survey2Enroll in a session1
Questions?

Recommended

Integrating with salesforce
Integrating with salesforceIntegrating with salesforce
Integrating with salesforceMark Adcock
 
Salesforce CI/CD - A strategy for success
Salesforce CI/CD - A strategy for successSalesforce CI/CD - A strategy for success
Salesforce CI/CD - A strategy for successYassine ELQANDILI ☁
 
Salesforce Release Management - Best Practices and Tools for Deployment
Salesforce Release Management - Best Practices and Tools for DeploymentSalesforce Release Management - Best Practices and Tools for Deployment
Salesforce Release Management - Best Practices and Tools for DeploymentSalesforce Developers
 
OAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedOAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedCalvin Noronha
 
DevOps in Salesforce AppCloud
DevOps in Salesforce AppCloudDevOps in Salesforce AppCloud
DevOps in Salesforce AppCloudrsg00usa
 
Best practices for implementing CI/CD on Salesforce
Best practices for implementing CI/CD on SalesforceBest practices for implementing CI/CD on Salesforce
Best practices for implementing CI/CD on SalesforceAIMDek Technologies
 
Integrating with salesforce using platform events
Integrating with salesforce using platform eventsIntegrating with salesforce using platform events
Integrating with salesforce using platform eventsAmit Chaudhary
 
Rtf v2 ingress muleSoft meetup self managed kubernetes
Rtf v2 ingress muleSoft meetup self managed kubernetesRtf v2 ingress muleSoft meetup self managed kubernetes
Rtf v2 ingress muleSoft meetup self managed kubernetesSandeep Deshmukh
 

Recommended

Integrating with salesforce
Integrating with salesforceIntegrating with salesforce
Integrating with salesforceMark Adcock
 
Salesforce CI/CD - A strategy for success
Salesforce CI/CD - A strategy for successSalesforce CI/CD - A strategy for success
Salesforce CI/CD - A strategy for successYassine ELQANDILI ☁
 
Salesforce Release Management - Best Practices and Tools for Deployment
Salesforce Release Management - Best Practices and Tools for DeploymentSalesforce Release Management - Best Practices and Tools for Deployment
Salesforce Release Management - Best Practices and Tools for DeploymentSalesforce Developers
 
OAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedOAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedCalvin Noronha
 
DevOps in Salesforce AppCloud
DevOps in Salesforce AppCloudDevOps in Salesforce AppCloud
DevOps in Salesforce AppCloudrsg00usa
 
Best practices for implementing CI/CD on Salesforce
Best practices for implementing CI/CD on SalesforceBest practices for implementing CI/CD on Salesforce
Best practices for implementing CI/CD on SalesforceAIMDek Technologies
 
Integrating with salesforce using platform events
Integrating with salesforce using platform eventsIntegrating with salesforce using platform events
Integrating with salesforce using platform eventsAmit Chaudhary
 
Rtf v2 ingress muleSoft meetup self managed kubernetes
Rtf v2 ingress muleSoft meetup self managed kubernetesRtf v2 ingress muleSoft meetup self managed kubernetes
Rtf v2 ingress muleSoft meetup self managed kubernetesSandeep Deshmukh
 
Two-Way Integration with Writable External Objects
Two-Way Integration with Writable External ObjectsTwo-Way Integration with Writable External Objects
Two-Way Integration with Writable External ObjectsSalesforce Developers
 
Intro to Force.com Canvas: Running External Apps within the Salesforce UI Web...
Intro to Force.com Canvas: Running External Apps within the Salesforce UI Web...Intro to Force.com Canvas: Running External Apps within the Salesforce UI Web...
Intro to Force.com Canvas: Running External Apps within the Salesforce UI Web...Salesforce Developers
 
From Sandbox To Production: An Introduction to Salesforce Release Management
From Sandbox To Production: An Introduction to Salesforce Release ManagementFrom Sandbox To Production: An Introduction to Salesforce Release Management
From Sandbox To Production: An Introduction to Salesforce Release ManagementSalesforce Developers
 
Salesforce Integration
Salesforce IntegrationSalesforce Integration
Salesforce IntegrationJoshua Hoskins
 
Discover salesforce, dev ops and Copado CI/CD automations
Discover salesforce, dev ops and Copado CI/CD automationsDiscover salesforce, dev ops and Copado CI/CD automations
Discover salesforce, dev ops and Copado CI/CD automationsJackGuo20
 
Salesforce DevOps: Where Do You Start?
Salesforce DevOps: Where Do You Start?Salesforce DevOps: Where Do You Start?
Salesforce DevOps: Where Do You Start?Chandler Anderson
 
Episode 14 - Basics of HTML for Salesforce
Episode 14 - Basics of HTML for SalesforceEpisode 14 - Basics of HTML for Salesforce
Episode 14 - Basics of HTML for SalesforceJitendra Zaa
 
Accelerate Quality with Postman - Basics
Accelerate Quality with Postman - BasicsAccelerate Quality with Postman - Basics
Accelerate Quality with Postman - BasicsKnoldus Inc.
 
Salesforce integration best practices columbus meetup
Salesforce integration best practices columbus meetupSalesforce integration best practices columbus meetup
Salesforce integration best practices columbus meetupMuleSoft Meetup
 
Champion Productivity with Service Cloud
Champion Productivity with Service CloudChampion Productivity with Service Cloud
Champion Productivity with Service CloudSalesforce Admins
 
What is SSL/TLS, 1-way and 2-way SSL?
What is SSL/TLS, 1-way and 2-way SSL?What is SSL/TLS, 1-way and 2-way SSL?
What is SSL/TLS, 1-way and 2-way SSL?pqrs1234
 
Automated Testing vs Manual Testing
Automated Testing vs Manual TestingAutomated Testing vs Manual Testing
Automated Testing vs Manual TestingDirecti Group
 
Managing APIs with MuleSoft
Managing APIs with MuleSoftManaging APIs with MuleSoft
Managing APIs with MuleSoftGuilherme Pereira Silva
 
Choosing the Right Demo Environment (Salesforce Partners)
Choosing the Right Demo Environment (Salesforce Partners)Choosing the Right Demo Environment (Salesforce Partners)
Choosing the Right Demo Environment (Salesforce Partners)Salesforce Partners
 
Integrating Active Directory with Salesforce
Integrating Active Directory with SalesforceIntegrating Active Directory with Salesforce
Integrating Active Directory with SalesforceSalesforce Developers
 
How to Use Salesforce Platform Events to Help With Salesforce Limits
How to Use Salesforce Platform Events to Help With Salesforce LimitsHow to Use Salesforce Platform Events to Help With Salesforce Limits
How to Use Salesforce Platform Events to Help With Salesforce LimitsRoy Gilad
 
Lightning Out: Components for the Rest of the World
Lightning Out: Components for the Rest of the WorldLightning Out: Components for the Rest of the World
Lightning Out: Components for the Rest of the WorldSalesforce Developers
 
Salesforce Trailhead - what is it?
Salesforce Trailhead - what is it?Salesforce Trailhead - what is it?
Salesforce Trailhead - what is it?Roy Gilad
 
CI CD Pipeline Using Jenkins | Continuous Integration and Deployment | DevOps...
CI CD Pipeline Using Jenkins | Continuous Integration and Deployment | DevOps...CI CD Pipeline Using Jenkins | Continuous Integration and Deployment | DevOps...
CI CD Pipeline Using Jenkins | Continuous Integration and Deployment | DevOps...Edureka!
 
Salesforce: CI,CD & CT
Salesforce: CI,CD & CTSalesforce: CI,CD & CT
Salesforce: CI,CD & CTAgile Testing Alliance
 
Easy REST Integrations with Lightning Components and Salesforce1
Easy REST Integrations with Lightning Components and Salesforce1Easy REST Integrations with Lightning Components and Salesforce1
Easy REST Integrations with Lightning Components and Salesforce1Salesforce Developers
 
SalesForce WebServices part 2
SalesForce WebServices part 2SalesForce WebServices part 2
SalesForce WebServices part 2Mindfire Solutions
 

More Related Content

What's hot

Two-Way Integration with Writable External Objects
Two-Way Integration with Writable External ObjectsTwo-Way Integration with Writable External Objects
Two-Way Integration with Writable External ObjectsSalesforce Developers
 
Intro to Force.com Canvas: Running External Apps within the Salesforce UI Web...
Intro to Force.com Canvas: Running External Apps within the Salesforce UI Web...Intro to Force.com Canvas: Running External Apps within the Salesforce UI Web...
Intro to Force.com Canvas: Running External Apps within the Salesforce UI Web...Salesforce Developers
 
From Sandbox To Production: An Introduction to Salesforce Release Management
From Sandbox To Production: An Introduction to Salesforce Release ManagementFrom Sandbox To Production: An Introduction to Salesforce Release Management
From Sandbox To Production: An Introduction to Salesforce Release ManagementSalesforce Developers
 
Salesforce Integration
Salesforce IntegrationSalesforce Integration
Salesforce IntegrationJoshua Hoskins
 
Discover salesforce, dev ops and Copado CI/CD automations
Discover salesforce, dev ops and Copado CI/CD automationsDiscover salesforce, dev ops and Copado CI/CD automations
Discover salesforce, dev ops and Copado CI/CD automationsJackGuo20
 
Salesforce DevOps: Where Do You Start?
Salesforce DevOps: Where Do You Start?Salesforce DevOps: Where Do You Start?
Salesforce DevOps: Where Do You Start?Chandler Anderson
 
Episode 14 - Basics of HTML for Salesforce
Episode 14 - Basics of HTML for SalesforceEpisode 14 - Basics of HTML for Salesforce
Episode 14 - Basics of HTML for SalesforceJitendra Zaa
 
Accelerate Quality with Postman - Basics
Accelerate Quality with Postman - BasicsAccelerate Quality with Postman - Basics
Accelerate Quality with Postman - BasicsKnoldus Inc.
 
Salesforce integration best practices columbus meetup
Salesforce integration best practices columbus meetupSalesforce integration best practices columbus meetup
Salesforce integration best practices columbus meetupMuleSoft Meetup
 
Champion Productivity with Service Cloud
Champion Productivity with Service CloudChampion Productivity with Service Cloud
Champion Productivity with Service CloudSalesforce Admins
 
What is SSL/TLS, 1-way and 2-way SSL?
What is SSL/TLS, 1-way and 2-way SSL?What is SSL/TLS, 1-way and 2-way SSL?
What is SSL/TLS, 1-way and 2-way SSL?pqrs1234
 
Automated Testing vs Manual Testing
Automated Testing vs Manual TestingAutomated Testing vs Manual Testing
Automated Testing vs Manual TestingDirecti Group
 
Choosing the Right Demo Environment (Salesforce Partners)
Choosing the Right Demo Environment (Salesforce Partners)Choosing the Right Demo Environment (Salesforce Partners)
Choosing the Right Demo Environment (Salesforce Partners)Salesforce Partners
 
Integrating Active Directory with Salesforce
Integrating Active Directory with SalesforceIntegrating Active Directory with Salesforce
Integrating Active Directory with SalesforceSalesforce Developers
 
How to Use Salesforce Platform Events to Help With Salesforce Limits
How to Use Salesforce Platform Events to Help With Salesforce LimitsHow to Use Salesforce Platform Events to Help With Salesforce Limits
How to Use Salesforce Platform Events to Help With Salesforce LimitsRoy Gilad
 
Lightning Out: Components for the Rest of the World
Lightning Out: Components for the Rest of the WorldLightning Out: Components for the Rest of the World
Lightning Out: Components for the Rest of the WorldSalesforce Developers
 
Salesforce Trailhead - what is it?
Salesforce Trailhead - what is it?Salesforce Trailhead - what is it?
Salesforce Trailhead - what is it?Roy Gilad
 
CI CD Pipeline Using Jenkins | Continuous Integration and Deployment | DevOps...
CI CD Pipeline Using Jenkins | Continuous Integration and Deployment | DevOps...CI CD Pipeline Using Jenkins | Continuous Integration and Deployment | DevOps...
CI CD Pipeline Using Jenkins | Continuous Integration and Deployment | DevOps...Edureka!
 

What's hot (20)

Two-Way Integration with Writable External Objects
Two-Way Integration with Writable External ObjectsTwo-Way Integration with Writable External Objects
Two-Way Integration with Writable External Objects
 
Intro to Force.com Canvas: Running External Apps within the Salesforce UI Web...
Intro to Force.com Canvas: Running External Apps within the Salesforce UI Web...Intro to Force.com Canvas: Running External Apps within the Salesforce UI Web...
Intro to Force.com Canvas: Running External Apps within the Salesforce UI Web...
 
From Sandbox To Production: An Introduction to Salesforce Release Management
From Sandbox To Production: An Introduction to Salesforce Release ManagementFrom Sandbox To Production: An Introduction to Salesforce Release Management
From Sandbox To Production: An Introduction to Salesforce Release Management
 
Salesforce Integration
Salesforce IntegrationSalesforce Integration
Salesforce Integration
 
Discover salesforce, dev ops and Copado CI/CD automations
Discover salesforce, dev ops and Copado CI/CD automationsDiscover salesforce, dev ops and Copado CI/CD automations
Discover salesforce, dev ops and Copado CI/CD automations
 
Salesforce DevOps: Where Do You Start?
Salesforce DevOps: Where Do You Start?Salesforce DevOps: Where Do You Start?
Salesforce DevOps: Where Do You Start?
 
Episode 14 - Basics of HTML for Salesforce
Episode 14 - Basics of HTML for SalesforceEpisode 14 - Basics of HTML for Salesforce
Episode 14 - Basics of HTML for Salesforce
 
Accelerate Quality with Postman - Basics
Accelerate Quality with Postman - BasicsAccelerate Quality with Postman - Basics
Accelerate Quality with Postman - Basics
 
Salesforce integration best practices columbus meetup
Salesforce integration best practices columbus meetupSalesforce integration best practices columbus meetup
Salesforce integration best practices columbus meetup
 
Champion Productivity with Service Cloud
Champion Productivity with Service CloudChampion Productivity with Service Cloud
Champion Productivity with Service Cloud
 
What is SSL/TLS, 1-way and 2-way SSL?
What is SSL/TLS, 1-way and 2-way SSL?What is SSL/TLS, 1-way and 2-way SSL?
What is SSL/TLS, 1-way and 2-way SSL?
 
Automated Testing vs Manual Testing
Automated Testing vs Manual TestingAutomated Testing vs Manual Testing
Automated Testing vs Manual Testing
 
Managing APIs with MuleSoft
Managing APIs with MuleSoftManaging APIs with MuleSoft
Managing APIs with MuleSoft
 
Choosing the Right Demo Environment (Salesforce Partners)
Choosing the Right Demo Environment (Salesforce Partners)Choosing the Right Demo Environment (Salesforce Partners)
Choosing the Right Demo Environment (Salesforce Partners)
 
Integrating Active Directory with Salesforce
Integrating Active Directory with SalesforceIntegrating Active Directory with Salesforce
Integrating Active Directory with Salesforce
 
How to Use Salesforce Platform Events to Help With Salesforce Limits
How to Use Salesforce Platform Events to Help With Salesforce LimitsHow to Use Salesforce Platform Events to Help With Salesforce Limits
How to Use Salesforce Platform Events to Help With Salesforce Limits
 
Lightning Out: Components for the Rest of the World
Lightning Out: Components for the Rest of the WorldLightning Out: Components for the Rest of the World
Lightning Out: Components for the Rest of the World
 
Salesforce Trailhead - what is it?
Salesforce Trailhead - what is it?Salesforce Trailhead - what is it?
Salesforce Trailhead - what is it?
 
CI CD Pipeline Using Jenkins | Continuous Integration and Deployment | DevOps...
CI CD Pipeline Using Jenkins | Continuous Integration and Deployment | DevOps...CI CD Pipeline Using Jenkins | Continuous Integration and Deployment | DevOps...
CI CD Pipeline Using Jenkins | Continuous Integration and Deployment | DevOps...
 
Salesforce: CI,CD & CT
Salesforce: CI,CD & CTSalesforce: CI,CD & CT
Salesforce: CI,CD & CT
 

Viewers also liked

Easy REST Integrations with Lightning Components and Salesforce1
Easy REST Integrations with Lightning Components and Salesforce1Easy REST Integrations with Lightning Components and Salesforce1
Easy REST Integrations with Lightning Components and Salesforce1Salesforce Developers
 
Integrating The Cloud - How to integrate Salesforce
Integrating The Cloud - How to integrate SalesforceIntegrating The Cloud - How to integrate Salesforce
Integrating The Cloud - How to integrate SalesforceRoy Gilad
 
Webservices in SalesForce (part 1)
Webservices in SalesForce (part 1)Webservices in SalesForce (part 1)
Webservices in SalesForce (part 1)Mindfire Solutions
 
Integrate with External Systems using Apex Callouts
Integrate with External Systems using Apex CalloutsIntegrate with External Systems using Apex Callouts
Integrate with External Systems using Apex CalloutsSalesforce Developers
 
Navi Mumbai Salesforce DUG meetup on integration
Navi Mumbai Salesforce DUG meetup on integrationNavi Mumbai Salesforce DUG meetup on integration
Navi Mumbai Salesforce DUG meetup on integrationRakesh Gupta
 
Authentication with OAuth and Connected Apps
Authentication with OAuth and Connected AppsAuthentication with OAuth and Connected Apps
Authentication with OAuth and Connected AppsSalesforce Developers
 
Secure Salesforce: Lightning Components Best Practices
Secure Salesforce: Lightning Components Best PracticesSecure Salesforce: Lightning Components Best Practices
Secure Salesforce: Lightning Components Best PracticesSalesforce Developers
 
Secure Salesforce: Secret Storage in Your Salesforce Instance
Secure Salesforce: Secret Storage in Your Salesforce InstanceSecure Salesforce: Secret Storage in Your Salesforce Instance
Secure Salesforce: Secret Storage in Your Salesforce InstanceSalesforce Developers
 
Integrating Salesforce With Business Intelligence and Data Warehouses
Integrating Salesforce With Business Intelligence and Data WarehousesIntegrating Salesforce With Business Intelligence and Data Warehouses
Integrating Salesforce With Business Intelligence and Data WarehousesSalesforce Developers
 
Secure Coding: Field-level Security, CRUD, and Sharing
Secure Coding: Field-level Security, CRUD, and SharingSecure Coding: Field-level Security, CRUD, and Sharing
Secure Coding: Field-level Security, CRUD, and SharingSalesforce Developers
 
Integrations with the Force.com Platform Using Custom Apex REST Services
Integrations with the Force.com Platform Using Custom Apex REST ServicesIntegrations with the Force.com Platform Using Custom Apex REST Services
Integrations with the Force.com Platform Using Custom Apex REST ServicesSalesforce Developers
 
Force.com Integration Using Web Services With .NET & PHP Apps
Force.com Integration Using Web Services With .NET & PHP AppsForce.com Integration Using Web Services With .NET & PHP Apps
Force.com Integration Using Web Services With .NET & PHP AppsSalesforce Developers
 
How to Sell More with Callpage
How to Sell More with CallpageHow to Sell More with Callpage
How to Sell More with CallpageCallPage
 
Using the Tooling API to Generate Apex SOAP Web Service Clients
Using the Tooling API to Generate Apex SOAP Web Service ClientsUsing the Tooling API to Generate Apex SOAP Web Service Clients
Using the Tooling API to Generate Apex SOAP Web Service ClientsDaniel Ballinger
 

Viewers also liked (20)

Easy REST Integrations with Lightning Components and Salesforce1
Easy REST Integrations with Lightning Components and Salesforce1Easy REST Integrations with Lightning Components and Salesforce1
Easy REST Integrations with Lightning Components and Salesforce1
 
SalesForce WebServices part 2
SalesForce WebServices part 2SalesForce WebServices part 2
SalesForce WebServices part 2
 
Integrating The Cloud - How to integrate Salesforce
Integrating The Cloud - How to integrate SalesforceIntegrating The Cloud - How to integrate Salesforce
Integrating The Cloud - How to integrate Salesforce
 
Using Apex for REST Integration
Using Apex for REST IntegrationUsing Apex for REST Integration
Using Apex for REST Integration
 
Webservices in SalesForce (part 1)
Webservices in SalesForce (part 1)Webservices in SalesForce (part 1)
Webservices in SalesForce (part 1)
 
Salesforce REST API
Salesforce REST API Salesforce REST API
Salesforce REST API
 
Exploring the Salesforce REST API
Exploring the Salesforce REST APIExploring the Salesforce REST API
Exploring the Salesforce REST API
 
Integrate with External Systems using Apex Callouts
Integrate with External Systems using Apex CalloutsIntegrate with External Systems using Apex Callouts
Integrate with External Systems using Apex Callouts
 
Navi Mumbai Salesforce DUG meetup on integration
Navi Mumbai Salesforce DUG meetup on integrationNavi Mumbai Salesforce DUG meetup on integration
Navi Mumbai Salesforce DUG meetup on integration
 
Authentication with OAuth and Connected Apps
Authentication with OAuth and Connected AppsAuthentication with OAuth and Connected Apps
Authentication with OAuth and Connected Apps
 
Secure Salesforce: Lightning Components Best Practices
Secure Salesforce: Lightning Components Best PracticesSecure Salesforce: Lightning Components Best Practices
Secure Salesforce: Lightning Components Best Practices
 
Secure Salesforce: Secret Storage in Your Salesforce Instance
Secure Salesforce: Secret Storage in Your Salesforce InstanceSecure Salesforce: Secret Storage in Your Salesforce Instance
Secure Salesforce: Secret Storage in Your Salesforce Instance
 
Integrating Salesforce With Business Intelligence and Data Warehouses
Integrating Salesforce With Business Intelligence and Data WarehousesIntegrating Salesforce With Business Intelligence and Data Warehouses
Integrating Salesforce With Business Intelligence and Data Warehouses
 
SFDC REST API
SFDC REST APISFDC REST API
SFDC REST API
 
Secure Coding: Field-level Security, CRUD, and Sharing
Secure Coding: Field-level Security, CRUD, and SharingSecure Coding: Field-level Security, CRUD, and Sharing
Secure Coding: Field-level Security, CRUD, and Sharing
 
Secure Coding: SSL, SOAP, and REST
Secure Coding: SSL, SOAP, and RESTSecure Coding: SSL, SOAP, and REST
Secure Coding: SSL, SOAP, and REST
 
Integrations with the Force.com Platform Using Custom Apex REST Services
Integrations with the Force.com Platform Using Custom Apex REST ServicesIntegrations with the Force.com Platform Using Custom Apex REST Services
Integrations with the Force.com Platform Using Custom Apex REST Services
 
Force.com Integration Using Web Services With .NET & PHP Apps
Force.com Integration Using Web Services With .NET & PHP AppsForce.com Integration Using Web Services With .NET & PHP Apps
Force.com Integration Using Web Services With .NET & PHP Apps
 
How to Sell More with Callpage
How to Sell More with CallpageHow to Sell More with Callpage
How to Sell More with Callpage
 
Using the Tooling API to Generate Apex SOAP Web Service Clients
Using the Tooling API to Generate Apex SOAP Web Service ClientsUsing the Tooling API to Generate Apex SOAP Web Service Clients
Using the Tooling API to Generate Apex SOAP Web Service Clients
 

Similar to Secure Salesforce: External App Integrations

Secure Development on the Salesforce Platform - Part 3
Secure Development on the Salesforce Platform - Part 3Secure Development on the Salesforce Platform - Part 3
Secure Development on the Salesforce Platform - Part 3Mark Adcock
 
What’s new in summer’15 release - Security & Compliance
What’s new in summer’15 release - Security & ComplianceWhat’s new in summer’15 release - Security & Compliance
What’s new in summer’15 release - Security & ComplianceShesh Kondi
 
What’s new in summer’15 release - Security & Compliance
What’s new in summer’15 release - Security & ComplianceWhat’s new in summer’15 release - Security & Compliance
What’s new in summer’15 release - Security & ComplianceShesh Kondi
 
Introduction to lightning out df16
Introduction to lightning out df16Introduction to lightning out df16
Introduction to lightning out df16Mohith Shrivastava
 
Real Time Integration with Salesforce Platform Events
Real Time Integration with Salesforce Platform EventsReal Time Integration with Salesforce Platform Events
Real Time Integration with Salesforce Platform EventsSalesforce Developers
 
Salesforce Identity Management
Salesforce Identity ManagementSalesforce Identity Management
Salesforce Identity ManagementJayant Jindal
 
Secure Salesforce: Hardened Apps with the Mobile SDK
Secure Salesforce: Hardened Apps with the Mobile SDKSecure Salesforce: Hardened Apps with the Mobile SDK
Secure Salesforce: Hardened Apps with the Mobile SDKMartin Vigo
 
Build Cloud & Mobile App on Salesforce Force.com Platform in 15 mins
Build Cloud & Mobile App on Salesforce Force.com Platform in 15 minsBuild Cloud & Mobile App on Salesforce Force.com Platform in 15 mins
Build Cloud & Mobile App on Salesforce Force.com Platform in 15 minsKashi Ahmed
 
Secure Salesforce: Hardened Apps with the Mobile SDK
Secure Salesforce: Hardened Apps with the Mobile SDKSecure Salesforce: Hardened Apps with the Mobile SDK
Secure Salesforce: Hardened Apps with the Mobile SDKSalesforce Developers
 
Introducing salesforce shield - Paris Salesforce Developer Group - Oct 15
Introducing salesforce shield - Paris Salesforce Developer Group - Oct 15Introducing salesforce shield - Paris Salesforce Developer Group - Oct 15
Introducing salesforce shield - Paris Salesforce Developer Group - Oct 15Paris Salesforce Developer Group
 
AWS re:Invent 2016: Deliver Engaging Experiences with Custom Apps Built on Sa...
AWS re:Invent 2016: Deliver Engaging Experiences with Custom Apps Built on Sa...AWS re:Invent 2016: Deliver Engaging Experiences with Custom Apps Built on Sa...
AWS re:Invent 2016: Deliver Engaging Experiences with Custom Apps Built on Sa...Amazon Web Services
 
Mobile Developer Week
Mobile Developer WeekMobile Developer Week
Mobile Developer WeekPat Patterson
 
Enterprise and Social Integration Using Force.com
Enterprise and Social Integration Using Force.comEnterprise and Social Integration Using Force.com
Enterprise and Social Integration Using Force.comSalesforce Developers
 
[MBF2] Plate-forme Salesforce par Peter Chittum
[MBF2] Plate-forme Salesforce par Peter Chittum[MBF2] Plate-forme Salesforce par Peter Chittum
[MBF2] Plate-forme Salesforce par Peter ChittumBeMyApp
 
#DF17Recap series: Integrate apps easier with the Salesforce platform
#DF17Recap series: Integrate apps easier with the Salesforce platform#DF17Recap series: Integrate apps easier with the Salesforce platform
#DF17Recap series: Integrate apps easier with the Salesforce platformSalesforce Developers
 
Secure Salesforce: Org Access Controls
Secure Salesforce: Org Access ControlsSecure Salesforce: Org Access Controls
Secure Salesforce: Org Access ControlsSalesforce Developers
 
APP Academy: Build Your First App (October 13, 2014)
APP Academy: Build Your First App (October 13, 2014)APP Academy: Build Your First App (October 13, 2014)
APP Academy: Build Your First App (October 13, 2014)Salesforce Partners
 
Mobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing PasswordsMobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing PasswordsCA API Management
 
2. 8 things that will make your business love your developers again
2. 8 things that will make your business love your developers again2. 8 things that will make your business love your developers again
2. 8 things that will make your business love your developers againEuroCloud
 

Similar to Secure Salesforce: External App Integrations (20)

Secure Development on the Salesforce Platform - Part 3
Secure Development on the Salesforce Platform - Part 3Secure Development on the Salesforce Platform - Part 3
Secure Development on the Salesforce Platform - Part 3
 
What’s new in summer’15 release - Security & Compliance
What’s new in summer’15 release - Security & ComplianceWhat’s new in summer’15 release - Security & Compliance
What’s new in summer’15 release - Security & Compliance
 
What’s new in summer’15 release - Security & Compliance
What’s new in summer’15 release - Security & ComplianceWhat’s new in summer’15 release - Security & Compliance
What’s new in summer’15 release - Security & Compliance
 
Introduction to lightning out df16
Introduction to lightning out df16Introduction to lightning out df16
Introduction to lightning out df16
 
Real Time Integration with Salesforce Platform Events
Real Time Integration with Salesforce Platform EventsReal Time Integration with Salesforce Platform Events
Real Time Integration with Salesforce Platform Events
 
Salesforce Identity Management
Salesforce Identity ManagementSalesforce Identity Management
Salesforce Identity Management
 
Secure Salesforce: Hardened Apps with the Mobile SDK
Secure Salesforce: Hardened Apps with the Mobile SDKSecure Salesforce: Hardened Apps with the Mobile SDK
Secure Salesforce: Hardened Apps with the Mobile SDK
 
Build Cloud & Mobile App on Salesforce Force.com Platform in 15 mins
Build Cloud & Mobile App on Salesforce Force.com Platform in 15 minsBuild Cloud & Mobile App on Salesforce Force.com Platform in 15 mins
Build Cloud & Mobile App on Salesforce Force.com Platform in 15 mins
 
Secure Salesforce: Hardened Apps with the Mobile SDK
Secure Salesforce: Hardened Apps with the Mobile SDKSecure Salesforce: Hardened Apps with the Mobile SDK
Secure Salesforce: Hardened Apps with the Mobile SDK
 
Introducing salesforce shield - Paris Salesforce Developer Group - Oct 15
Introducing salesforce shield - Paris Salesforce Developer Group - Oct 15Introducing salesforce shield - Paris Salesforce Developer Group - Oct 15
Introducing salesforce shield - Paris Salesforce Developer Group - Oct 15
 
AWS re:Invent 2016: Deliver Engaging Experiences with Custom Apps Built on Sa...
AWS re:Invent 2016: Deliver Engaging Experiences with Custom Apps Built on Sa...AWS re:Invent 2016: Deliver Engaging Experiences with Custom Apps Built on Sa...
AWS re:Invent 2016: Deliver Engaging Experiences with Custom Apps Built on Sa...
 
Mobile Developer Week
Mobile Developer WeekMobile Developer Week
Mobile Developer Week
 
Enterprise and Social Integration Using Force.com
Enterprise and Social Integration Using Force.comEnterprise and Social Integration Using Force.com
Enterprise and Social Integration Using Force.com
 
[MBF2] Plate-forme Salesforce par Peter Chittum
[MBF2] Plate-forme Salesforce par Peter Chittum[MBF2] Plate-forme Salesforce par Peter Chittum
[MBF2] Plate-forme Salesforce par Peter Chittum
 
#DF17Recap series: Integrate apps easier with the Salesforce platform
#DF17Recap series: Integrate apps easier with the Salesforce platform#DF17Recap series: Integrate apps easier with the Salesforce platform
#DF17Recap series: Integrate apps easier with the Salesforce platform
 
Secure Salesforce: Org Access Controls
Secure Salesforce: Org Access ControlsSecure Salesforce: Org Access Controls
Secure Salesforce: Org Access Controls
 
APP Academy: Build Your First App (October 13, 2014)
APP Academy: Build Your First App (October 13, 2014)APP Academy: Build Your First App (October 13, 2014)
APP Academy: Build Your First App (October 13, 2014)
 
Mobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing PasswordsMobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing Passwords
 
2. 8 things that will make your business love your developers again
2. 8 things that will make your business love your developers again2. 8 things that will make your business love your developers again
2. 8 things that will make your business love your developers again
 
Salesforce platform session 2
Salesforce platform session 2 Salesforce platform session 2
Salesforce platform session 2
 

More from Salesforce Developers

Sample Gallery: Reference Code and Best Practices for Salesforce Developers
Sample Gallery: Reference Code and Best Practices for Salesforce DevelopersSample Gallery: Reference Code and Best Practices for Salesforce Developers
Sample Gallery: Reference Code and Best Practices for Salesforce DevelopersSalesforce Developers
 
Maximizing Salesforce Lightning Experience and Lightning Component Performance
Maximizing Salesforce Lightning Experience and Lightning Component PerformanceMaximizing Salesforce Lightning Experience and Lightning Component Performance
Maximizing Salesforce Lightning Experience and Lightning Component PerformanceSalesforce Developers
 
Local development with Open Source Base Components
Local development with Open Source Base ComponentsLocal development with Open Source Base Components
Local development with Open Source Base ComponentsSalesforce Developers
 
TrailheaDX India : Developer Highlights
TrailheaDX India : Developer HighlightsTrailheaDX India : Developer Highlights
TrailheaDX India : Developer HighlightsSalesforce Developers
 
Why developers shouldn’t miss TrailheaDX India
Why developers shouldn’t miss TrailheaDX IndiaWhy developers shouldn’t miss TrailheaDX India
Why developers shouldn’t miss TrailheaDX IndiaSalesforce Developers
 
CodeLive: Build Lightning Web Components faster with Local Development
CodeLive: Build Lightning Web Components faster with Local DevelopmentCodeLive: Build Lightning Web Components faster with Local Development
CodeLive: Build Lightning Web Components faster with Local DevelopmentSalesforce Developers
 
CodeLive: Converting Aura Components to Lightning Web Components
CodeLive: Converting Aura Components to Lightning Web ComponentsCodeLive: Converting Aura Components to Lightning Web Components
CodeLive: Converting Aura Components to Lightning Web ComponentsSalesforce Developers
 
Enterprise-grade UI with open source Lightning Web Components
Enterprise-grade UI with open source Lightning Web ComponentsEnterprise-grade UI with open source Lightning Web Components
Enterprise-grade UI with open source Lightning Web ComponentsSalesforce Developers
 
TrailheaDX and Summer '19: Developer Highlights
TrailheaDX and Summer '19: Developer HighlightsTrailheaDX and Summer '19: Developer Highlights
TrailheaDX and Summer '19: Developer HighlightsSalesforce Developers
 
Lightning web components - Episode 4 : Security and Testing
Lightning web components - Episode 4 : Security and TestingLightning web components - Episode 4 : Security and Testing
Lightning web components - Episode 4 : Security and TestingSalesforce Developers
 
LWC Episode 3- Component Communication and Aura Interoperability
LWC Episode 3- Component Communication and Aura InteroperabilityLWC Episode 3- Component Communication and Aura Interoperability
LWC Episode 3- Component Communication and Aura InteroperabilitySalesforce Developers
 
Lightning web components episode 2- work with salesforce data
Lightning web components episode 2- work with salesforce dataLightning web components episode 2- work with salesforce data
Lightning web components episode 2- work with salesforce dataSalesforce Developers
 
Lightning web components - Episode 1 - An Introduction
Lightning web components - Episode 1 - An IntroductionLightning web components - Episode 1 - An Introduction
Lightning web components - Episode 1 - An IntroductionSalesforce Developers
 
Migrating CPQ to Advanced Calculator and JSQCP
Migrating CPQ to Advanced Calculator and JSQCPMigrating CPQ to Advanced Calculator and JSQCP
Migrating CPQ to Advanced Calculator and JSQCPSalesforce Developers
 
Scale with Large Data Volumes and Big Objects in Salesforce
Scale with Large Data Volumes and Big Objects in SalesforceScale with Large Data Volumes and Big Objects in Salesforce
Scale with Large Data Volumes and Big Objects in SalesforceSalesforce Developers
 
Replicate Salesforce Data in Real Time with Change Data Capture
Replicate Salesforce Data in Real Time with Change Data CaptureReplicate Salesforce Data in Real Time with Change Data Capture
Replicate Salesforce Data in Real Time with Change Data CaptureSalesforce Developers
 
Modern Development with Salesforce DX
Modern Development with Salesforce DXModern Development with Salesforce DX
Modern Development with Salesforce DXSalesforce Developers
 
Integrate CMS Content Into Lightning Communities with CMS Connect
Integrate CMS Content Into Lightning Communities with CMS ConnectIntegrate CMS Content Into Lightning Communities with CMS Connect
Integrate CMS Content Into Lightning Communities with CMS ConnectSalesforce Developers
 

More from Salesforce Developers (20)

Sample Gallery: Reference Code and Best Practices for Salesforce Developers
Sample Gallery: Reference Code and Best Practices for Salesforce DevelopersSample Gallery: Reference Code and Best Practices for Salesforce Developers
Sample Gallery: Reference Code and Best Practices for Salesforce Developers
 
Maximizing Salesforce Lightning Experience and Lightning Component Performance
Maximizing Salesforce Lightning Experience and Lightning Component PerformanceMaximizing Salesforce Lightning Experience and Lightning Component Performance
Maximizing Salesforce Lightning Experience and Lightning Component Performance
 
Local development with Open Source Base Components
Local development with Open Source Base ComponentsLocal development with Open Source Base Components
Local development with Open Source Base Components
 
TrailheaDX India : Developer Highlights
TrailheaDX India : Developer HighlightsTrailheaDX India : Developer Highlights
TrailheaDX India : Developer Highlights
 
Why developers shouldn’t miss TrailheaDX India
Why developers shouldn’t miss TrailheaDX IndiaWhy developers shouldn’t miss TrailheaDX India
Why developers shouldn’t miss TrailheaDX India
 
CodeLive: Build Lightning Web Components faster with Local Development
CodeLive: Build Lightning Web Components faster with Local DevelopmentCodeLive: Build Lightning Web Components faster with Local Development
CodeLive: Build Lightning Web Components faster with Local Development
 
CodeLive: Converting Aura Components to Lightning Web Components
CodeLive: Converting Aura Components to Lightning Web ComponentsCodeLive: Converting Aura Components to Lightning Web Components
CodeLive: Converting Aura Components to Lightning Web Components
 
Enterprise-grade UI with open source Lightning Web Components
Enterprise-grade UI with open source Lightning Web ComponentsEnterprise-grade UI with open source Lightning Web Components
Enterprise-grade UI with open source Lightning Web Components
 
TrailheaDX and Summer '19: Developer Highlights
TrailheaDX and Summer '19: Developer HighlightsTrailheaDX and Summer '19: Developer Highlights
TrailheaDX and Summer '19: Developer Highlights
 
Live coding with LWC
Live coding with LWCLive coding with LWC
Live coding with LWC
 
Lightning web components - Episode 4 : Security and Testing
Lightning web components - Episode 4 : Security and TestingLightning web components - Episode 4 : Security and Testing
Lightning web components - Episode 4 : Security and Testing
 
LWC Episode 3- Component Communication and Aura Interoperability
LWC Episode 3- Component Communication and Aura InteroperabilityLWC Episode 3- Component Communication and Aura Interoperability
LWC Episode 3- Component Communication and Aura Interoperability
 
Lightning web components episode 2- work with salesforce data
Lightning web components episode 2- work with salesforce dataLightning web components episode 2- work with salesforce data
Lightning web components episode 2- work with salesforce data
 
Lightning web components - Episode 1 - An Introduction
Lightning web components - Episode 1 - An IntroductionLightning web components - Episode 1 - An Introduction
Lightning web components - Episode 1 - An Introduction
 
Migrating CPQ to Advanced Calculator and JSQCP
Migrating CPQ to Advanced Calculator and JSQCPMigrating CPQ to Advanced Calculator and JSQCP
Migrating CPQ to Advanced Calculator and JSQCP
 
Scale with Large Data Volumes and Big Objects in Salesforce
Scale with Large Data Volumes and Big Objects in SalesforceScale with Large Data Volumes and Big Objects in Salesforce
Scale with Large Data Volumes and Big Objects in Salesforce
 
Replicate Salesforce Data in Real Time with Change Data Capture
Replicate Salesforce Data in Real Time with Change Data CaptureReplicate Salesforce Data in Real Time with Change Data Capture
Replicate Salesforce Data in Real Time with Change Data Capture
 
Modern Development with Salesforce DX
Modern Development with Salesforce DXModern Development with Salesforce DX
Modern Development with Salesforce DX
 
Get Into Lightning Flow Development
Get Into Lightning Flow DevelopmentGet Into Lightning Flow Development
Get Into Lightning Flow Development
 
Integrate CMS Content Into Lightning Communities with CMS Connect
Integrate CMS Content Into Lightning Communities with CMS ConnectIntegrate CMS Content Into Lightning Communities with CMS Connect
Integrate CMS Content Into Lightning Communities with CMS Connect
 

Recently uploaded

How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 

Recently uploaded (20)

How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 

Secure Salesforce: External App Integrations

  • 1. Secure Salesforce - External App Integrations ​ Astha Singhal ​ Senior Product Security Engineer ​ salesforce.com ​ @astha_singhal ​ @SecureCloudDev ​ Chris Vinecombe ​ Application Security Engineer ​ salesforce.com
  • 2. ​Safe harbor statement under the Private Securities Litigation Reform Act of 1995: ​This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties materialize or if any of the assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results expressed or implied by the forward- looking statements we make. All statements other than statements of historical fact could be deemed forward-looking, including any projections of product or service availability, subscriber growth, earnings, revenues, or other financial items and any statements regarding strategies or plans of management for future operations, statements of belief, any statements concerning new, planned, or upgraded services or technology developments and customer contracts or use of our services. ​The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new functionality for our service, new products and services, our new business model, our past operating losses, possible fluctuations in our operating results and rate of growth, interruptions or delays in our Web hosting, breach of our security measures, the outcome of any litigation, risks associated with completed and any possible mergers and acquisitions, the immature market in which we operate, our relatively limited operating history, our ability to expand, retain, and motivate our employees and manage our growth, new releases of our service and successful customer deployment, our limited history reselling non-salesforce.com products, and utilization and selling to larger enterprise customers. Further information on potential factors that could affect the financial results of salesforce.com, inc. is included in our annual report on Form 10-K for the most recent fiscal year and in our quarterly report on Form 10-Q for the most recent fiscal quarter. These documents and others containing important disclosures are available on the SEC Filings section of the Investor Information section of our Web site. ​Any unreleased services or features referenced in this or other presentations, press releases or public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make the purchase decisions based upon features that are currently available. Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements. ​ Safe Harbor
  • 3. Astha Singhal Senior Product Security Engineer salesforce.com
  • 4. Astha Singhal -  Working with product teams from design to implementation to help them build secure applications for our customers. -  Conduct penetration tests and code reviews on Salesforce applications. -  Facilitating the security process via better security training and enabling self- service for product teams. -  Helping them understand security bugs and guiding through remediation of security issues.
  • 5. Chris Vinecombe Application Security Engineer salesforce.com
  • 6. Chris Vinecombe -  Work with vendors to ensure third party applications used by Salesforce are secure. -  Conduct penetration tests on Salesforce’s vendor applications. -  Assist Salesforce business units in selecting secure vendors and products. -  Help vendors understand security vulnerabilities and assisting with remediation of security issues.
  • 7. Building Salesforce Integrations -  Extend Salesforce functionality with external app integrations -  Building data flows and interactions between your external app and Salesforce -  Need a way to map Salesforce user identity to your external system -  Need a way to authenticate and secure data flows between the two systems -  Need a way to grant access to Salesforce data without breaking the Salesforce security model or trust in the Salesforce platform
  • 8. Integration methods API / OAuth -  External services authenticate with Salesforce via OAuth and receive access tokens -  Tokens must be treated with same sensitivity as a password -  Utilize public-facing API’s to share data with Salesforce instances -  Developers can expose custom Apex REST endpoints
  • 9. Integration methods Apex Callouts -  Use Apex code to access external REST API’s -  Can be used to send data out or pull data in to/from an external service -  Actions must be initiated by a user action from within Salesforce
  • 10. Integration methods Connected App -  Runs on the Salesforce app canvas -  Does not have access to the Salesforce app DOM at any time -  Authenticate via OAuth or SAML using Salesforce credentials -  Easy way to integrate an external application into the Salesforce “skin” -  The OAuth scope for the connected app determines the amount of access this app would have to your Salesforce data -  Make sure to provide least privilege to the OAuth token being created.
  • 11. Integration user vs End User Integration User -  Creating an integration user to make callouts from the external app into Salesforce. -  Lets you create a least privilege integration user to perform certain operations required by the app. -  You don’t have to provide API access to all users. -  Only one credential to manage on the external system. -  You have to make sure that the Salesforce security model is not broken when the external system accesses Salesforce data.
  • 12. Integration user vs End User End User -  Lets your external app make requests as current logged in user with the specified OAuth scope. -  Lets the user select if they want to allow access or not. -  Preserves the Salesforce security model in your external requests without any additional measures. -  The external app needs to make sure all end user OAuth credentials are stored securely on the external system.
  • 13. Setting up a Connected App -  Go to Setup -> Create -> Apps -> New Connected App.
  • 14. Setting up a Connected App
  • 15. Advantages of Connected apps ​  No need for custom authentication logic. ​  Least privilege access control based on the external app use case. ​  Easy to revoke access for misbehaving apps. ​  Out of box functionality for standard Auth protocols. ​  Can provide access without sharing Salesforce username password with the external app.
  • 16. Credential handling -  External app credentials (consumer key/secret) should be stored securely off the Salesforce platform. -  Salesforce OAuth tokens should be stored securely off the platform using the industry best practice for your development platform -  API tokens for the external app should be stored via Protected custom settings inside Salesforce. -  All credentials should be secure in transit by using HTTPS (TLS) for all communication
  • 17. Transport Security Security Expectations of HTTP -  None -  Anyone on the network can eavesdrop traffic -  Anyone on the network can modify content -  Anyone on the network can divert traffic
  • 18. Transport Security - What is TLS? ​  A user visiting a site over HTTP has no assurance that the user is interacting with the legitimate site ​  The Transport Layer Security protocol allows for secure communication between applications and users. ​  Uses PKI (Public Key Infrastructure) to have a Trusted Certificate Authority (CA) vouch for the server’s identity. ​  Prevents tampering, eavesdropping, and man-in-the-middle attacks against secure communications. Provides authentication and confidentiality.
  • 19. Mutual TLS -  Salesforce supports Mutual TLS for communications between Salesforce and your external server. -  This allows you to do a two-way verification, where the client and server can confirm one another’s identity. -  Good for server to server authentication, where the client is not prompting a user to log in manually.
  • 21. Salesforce Mutual TLS -  Client certificates are uploaded and stored in the Salesforce database, where they are used for verification. -  You can also download the Salesforce client certificate to authenticate on your web server, when making Apex callouts, etc. -  Salesforce provides a mechanism to prevent falling back to the standard TLS port.
  • 22. Setting Up Mutual TLS ​  Have mutual TLS enabled for your organization. ​  Generate Certificate Signing Request (CSR) and acquire a certificate from a Trusted CA.
  • 23. Setting Up Mutual TLS ​  Upload the certificate to Security Controls | Certificate and Key Management ​  Enable “Enforce SSL/TLS Mutual Authentication” permission for the API client user. This will force mutual TLS on port 8443 for this user. ​  This user permission can be added via a PermSet or by adding the permission to the user profile. ​  Configure the API client to connect on port 8443 and present the client certificate.
  • 25. Why use mutual TLS ? -  This seems like a lot of work! Why should I do this? -  Provides you a good way to authenticate both parties (Salesforce and external app) when building external integrations -  You don’t just have to rely on IP range restrictions and static API keys for client authentication. -  Out of the box mutual TLS implementation provides authentication and confidentiality.
  • 27. Secure Salesforce at Dreamforce 2015 ​  10 DevZone Talks and 2 Lighting Zone Talks covering all aspects of Security on the Salesforce Platform ​  Visit our booth in the DevZone with any security questions ​  Check out the schedule and details at http://bit.ly/DF15Sec ​  Admin-related security questions? ​  Join us for coffee in the Admin Zone Security Cafe
  • 28. Secure Salesforce at Dreamforce 2015 ​  Hardened Apps with the Mobile SDK ​  Martin Vigo and Maxwell Feldman ​  Thursday 2:30pm in Moscone West 2008 ​  Code Scanning with Checkmarx ​  Robert Sussland and Gideon Kreiner ​  Thursday 3:30pm in Moscone West 2011 ​  Lightning Components Best Practices ​  Robert Sussland and Sergey Gorbaty ​  Thursday 4:45pm in Moscone West 2007 ​  Common Secure Coding Mistakes ​  Rachel Black and Alejandro Raigon Munoz ​  Thursday 5:00pm in Moscone West 2006 ​  Chimera: External Integration Security ​  Tim Bach and Travis Safford ​  Friday 10:00am in Moscone West 2009
  • 29. Additional Resources Salesforce mutual TLS set up Salesforce Connected Apps documentation Digging deeper into OAuth 2.0 on Force.com Salesforce Trust academy How to generate a CSR
  • 30. Share Your Feedback, and Win a GoPro! 3 Earn a GoPro prize entry for each completed survey Tap the bell to take a survey2Enroll in a session1