Uploaded bypixeldemo
DOC, PDF190 views

test

The TriCipher Armored Credential System (TACS) provides strong multi-factor authentication for Salesforce.com by seamlessly integrating with its existing username and password system. TACS uses flexible authentication factors like browser cookies, client software, portable storage devices, or smart cards to verify users' identities. It works by having the TriCipher Authentication Gateway validate the user's credentials with the ID Vault, then pass a security token to Salesforce.com to complete the login process single sign-on. This provides organizations secure access to Salesforce.com while allowing users to transition transparently from passwords to stronger authentication.

Embed presentation

Download to read offline
TriCipher Armored Credential System™ (TACS) Strong Authentication for SalesForce.com Integration Benefits TriCipher enhances SalesForce.com by seamlessly adding multi-factor functionality to the Username / Password method currently used today. Organizations will continue to derive the benefits from SalesForce.com and will now have the additional capability to transition their organizations from weaker password protection to something much stronger. Benefits Strong authentication for SalesForce.com that prevents identity theft and fraud Prevents man-in-the middle (MITM) and complex phishing attacks Seamless integration with a transition path from weak password systems to strong authentication Choose from an array of strong multi factor authentication methods from the TriCipher Authentication Ladder. Compliance with stringent audit and regulations such as FFIEC, HIPAA, GLB, etc. Multi Factor Authentication Multi factor authentication by definition is the use of a combination of more than one factor for the purpose of user authentication. A “factor” can be something you know (such as a password or PIN), something you have (such as an authentication token), or something you are (biometrics, such as a retina scan, or fingerprint). Consumers are used to a multi factor authentication model with ATM cards - the PIN being something you know, the ATM card is what you physically have. Employing Multi Factor authentication for use online, however, is much more challenging because it typically requires the user to carry or present something physical. Historically, traditional Multi-Factor authentication methods have been too hard to deploy and manage for large consumer bases, due not only to the high costs associated with initial purchase, but also the overhead of initial deployment, lost/replacement, management and customer support. Add to this the fact that many users are not yet ready or prepared to deal with hardware tokens, scratch cards, client software downloads and extra authentication steps, even if it protects their bank account and identity information. TACS Solution The TriCipher Armored Credential System™ (TACS) provides a comprehensive infrastructure that can be used to address many of these risks. Its unique Multi-part credential and Flexible Factor technologies enable a single infrastructure to issue credentials of different strengths. This
allows the enterprise to tailor the type of credential to the specific level of risk without having to deploy multiple costly infrastructures. The system architecture is designed to allow TACS to be easily deployed for external Software as a Service (SaaS) applications like SalesForce.com and also to protect internal web applications. Servicing some of the highest volume financial services applications for demanding customers, TACS provides high reliability, availability and scalability. TACS provides a variety of Multi Factor authentication options (see TriCipher Authentication Ladder below), allowing you to balance security, cost and ease of use based on the results of your risk assessment. Browser 2 Factor (B2F) strong authentication The Browser 2 Factor rung of the TriCipher Authentication Ladder offers a zero download strong authentication solution. In B2F, the 2nd factor in the form of an encrypted cookie or a browser certificate is transparently given to the users’ browser. Also, as a part of the activation process, the user selects an image or a secret text phrase they will recognize when they come back to the web site. TriCipher is unique in this clientless offering by going up the ladder with the B2F Certificate option (as cookies are susceptible to certain attacks and can be deleted or copied). In addition B2F has advantages as: • Requires no change in user behavior. The user is completely unaware of the change and migration to his type of credential from a password-only system is transparent (even their password remains the same). • No client software. Browser 2 factor requires no client side software. • Phishing protection. Browser 2 factor protects against phishing attacks whose aim is credential theft. • Authenticate your web site. Showing a welcome message reassures the user that they have reached your site, not a phisher's replica. Device 2 Factor (B2F) strong authentication Perhaps the easiest to use, deploy and manage is using the login device as second factor. With this type of credential, the second factor is stored securely on the PC. The user has nothing new to carry, but does need a small piece of client side software, the TACS ID Tool. The device 2nd factor
provides strong protection against all types of phishing including man-in-the-middle. The client software also provides the additional benefit of performing an optional security presence check before authentication. Device 2 factor is often used for high net worth consumers, business banking customers, active traders, administrators at individual branches (or at client companies) and channels such as mortgage brokers. Portable 2 Factor Portable 2 factor takes advantage of the security of multi-part credentials to use commodity storage products or consumer electronics as a 2nd factor for authentication. Users can choose something they carry already such as an MP3 player or USB memory stick, or the financial institution can issue something branded. The 2nd factor in this case is protected by rolling key technology to defeat would-be thieves. Portable 2 Factor provides strong protection against all types of phishing including man-in-the-middle. The TACS ID Tool is required for this type of credential and provides the additional benefit of performing an optional security presence check before authentication. Armored Token 2 Factor Armored Token 2 factor protects one time password tokens from man-in-the-middle attacks. This type of credential also requires the TACS ID Tool and provides the option of a security presence check. Armored Token 2 factor is often used to protect existing one time password deployments. Additional credential types TACS provides for other credential types, including smart cards and using three or more authentication factors. TriCipher Authentication Gateway (TAG) strong authentication The TAG is an integral part of the TriCipher Armored Credential System (TACS), The TriCipher Authentication Gateway (TAG) acts as a services layer for web applications. The TAG reduces the time to deploy strong authentication, increases authentication performance, and ensures the security of the login process by providing a single standardized strong authentication service for use by every application within an organization. The TAG, based on patent pending technology, manages the authentication for every level of the TriCipher Authentication Ladder including passwords, browser cookies/certifications, PCs, portable devices, tokens, smart cards and biometrics to provide a unified authentication infrastructure. When users log into any web application, they are handed off to the TAG to manage the entire authentication process and verify the credentials of each user with the ID Vault. Once authenticated through the ID Vault, the TAG delivers a SAML token to the SaaS solution like SalesForce.com which either validates the SAML assertion or passes it via a back trusted channel to the TAG for re- validation and then provides the user the appropriate level of access. How does the integration work? The TACS solution consists of the TAG and the ID Vault. The solution can either be hosted internal to the organization or as a
hosted service. Users are initially given a strong credential before the single sign-on feature for SalesForce.com is turned on. This involves batch loading the users into the TriCipher system and generating a one-time-use activation code that can be sent to the users via email, SMS or even a phone call. Based on the type of licensed SalesForce.com Edition you may need to request SalesForce.com to turn on single sign-on (SSO) AFTER your users have registered for strong authentication. The Enterprise and Unlimited Editions are more flexible and allow you to turn on single sign- on on a per user basis by creating a new profile for SSO. You can turn on SSO before the users register and enable SSO individually for each user by clicking on a checkbox in SalesForce.com Users go through a registration period where they login to the TAG and are given their second factor for strong authentication. On the cut-over day, single sign-on is turned on for the users and they are provided the HTTP link to login to SalesForce.com – this can be on an internal customer portal where users click on a URL to login to SalesForce.com securely. The process flow for the user to login to salesforce.com is as below: 1) User clicks on the URL for Strong Authentication to SalesForce.com. User lands on TAG and inputs their username. 2) User then strongly authenticates to TAG. TAG validates the users’ strong authentication credentials with the ID Vault. 3) Once the TAG authenticates the users’ strong credential, it submits the user id and a SAML token (as password) to SalesForce.com. 4) SalesForce.com then validates the user id and then sends a SOAP/XML message with user id and SAML token (the one we passed them in step 3) to a web service on the TAG. 5) TAG then validates the SAML token and if valid it returns a SOAP/XML message confirming the user authentication to SalesForce.com 6) SalesForce.com then allows the user to access (single sign-on) to their SalesForce.com application. Users are now required to login to
SalesForce.com using TriCipher strong authentication. Users that try to go directly to SalesForce.com will not succeed as they are required to login securely via TriCipher. Summary The TriCipher solution gives organizations powerful, seamless and flexible strong authentication capabilities to secure access to SalesForce.com. Customers can further leverage this central authentication infrastructure to secure access to internal and external web applications. Contact TriCipher Headquarters: 750 University Avenue, Suite 260 Los Gatos, CA 95032 Phone: +1.650.372.1300 Fax: +1.650.376.8301 TriCipher US sales: Email: sales@tricipher.com Phone: +1.650.376.8326 Fax: +1.650.376.8301 TriCipher EMEA sales: Email: emea@tricipher.com Phone: +44 (0) 1223 451 075 Fax: +44 (0)1223 451 1
test
test

More Related Content

PPTX
Access management
byVenkatesh Jambulingam
 
PDF
Pg 2 fa_tech_brief
byHai Nguyen
 
PDF
Arx brochure - Intellect Design
byRajat Jain
 
PDF
securing-consumer-portals-consumer-access-management-as-business-driver-and-p...
byMilos Pesic
 
PDF
Securing corporate assets_with_2_fa
byHai Nguyen
 
PDF
Sp 29 two_factor_auth_guide
byHai Nguyen
 
PDF
2012 1 wp securit trustbuilder two-factor authentication
byHai Nguyen
 
PDF
Session 7 e_raja_kailar
byHai Nguyen
 
Access management
byVenkatesh Jambulingam
 
Pg 2 fa_tech_brief
byHai Nguyen
 
Arx brochure - Intellect Design
byRajat Jain
 
securing-consumer-portals-consumer-access-management-as-business-driver-and-p...
byMilos Pesic
 
Securing corporate assets_with_2_fa
byHai Nguyen
 
Sp 29 two_factor_auth_guide
byHai Nguyen
 
2012 1 wp securit trustbuilder two-factor authentication
byHai Nguyen
 
Session 7 e_raja_kailar
byHai Nguyen
 

What's hot

PDF
Contextual Authentication
byPortalGuard dba PistolStar, Inc.
 
PPTX
Identity Management
byVenkatesh Jambulingam
 
DOC
Authentication Models
byRaj Chanchal
 
PDF
International Journal of Engineering Inventions (IJEI)
byInternational Journal of Engineering Inventions www.ijeijournal.com
 
PDF
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
byEntrust Datacard
 
PDF
Identity and Access Management (IAM)
byJack Forbes
 
PDF
Sms based otp
byHai Nguyen
 
PDF
Contextual Authentication: A Multi-factor Approach
byPortalGuard
 
PDF
76 s201923
byIJRAT
 
PDF
A BASTION MOBILEID-BASED AUTHENTICATION TECHNIQUE (BMBAT)
byIJNSA Journal
 
PPTX
User Authentication for Government
byCarahsoft
 
PDF
Msk security non linear authenticaiton
bymsksecurity
 
PDF
STRONG AUTHENTICATION ... NO PASSWORDS
byRapidSSLOnline.com
 
PDF
Strong authentication implementation guide
byNis
 
PDF
eMAS Multifactor Authentication
byKalyana Sundaram
 
PPT
ISS SA le presenta IdentityGuard de Entrust
byInformation Security Services SA
 
Contextual Authentication
byPortalGuard dba PistolStar, Inc.
 
Identity Management
byVenkatesh Jambulingam
 
Authentication Models
byRaj Chanchal
 
International Journal of Engineering Inventions (IJEI)
byInternational Journal of Engineering Inventions www.ijeijournal.com
 
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
byEntrust Datacard
 
Identity and Access Management (IAM)
byJack Forbes
 
Sms based otp
byHai Nguyen
 
Contextual Authentication: A Multi-factor Approach
byPortalGuard
 
76 s201923
byIJRAT
 
A BASTION MOBILEID-BASED AUTHENTICATION TECHNIQUE (BMBAT)
byIJNSA Journal
 
User Authentication for Government
byCarahsoft
 
Msk security non linear authenticaiton
bymsksecurity
 
STRONG AUTHENTICATION ... NO PASSWORDS
byRapidSSLOnline.com
 
Strong authentication implementation guide
byNis
 
eMAS Multifactor Authentication
byKalyana Sundaram
 
ISS SA le presenta IdentityGuard de Entrust
byInformation Security Services SA
 

Viewers also liked

PPT
Johnson Dj
bywoisdjohnson5
 
PPT
Johnson Hayleah
bywoisdjohnson5
 
DOC
ffv
bypixeldemo
 
DOC
status
bypixeldemo
 
PPT
Test New Status :-)
bypixeldemo
 
DOC
status
bypixeldemo
 
PDF
Single Sign-On Best Practices
bySalesforce Developers
 
Johnson Dj
bywoisdjohnson5
 
Johnson Hayleah
bywoisdjohnson5
 
ffv
bypixeldemo
 
status
bypixeldemo
 
Test New Status :-)
bypixeldemo
 
status
bypixeldemo
 
Single Sign-On Best Practices
bySalesforce Developers
 

Similar to test

PPTX
Two-Factor Authentication: Easy Setup, Major Impact by Marco Erzingher
bySalesforce Admins
 
PPTX
TrustBuilder IBM TAMeb sales presentation v2.3
byPieter Noorlander
 
PPT
Fluig - Identity
byFluig
 
PDF
Sms passcode
byTechMeetups
 
PDF
Easy Solutions Product Brochure
byBen Massey
 
PDF
Securing Your Salesforce Deployment with Two Factor Authentication
bySalesforce Developers
 
PDF
Secure Your Salesforce Org with Two-Factor Authentication
bySalesforce Admins
 
PDF
Two-factor Authentication
byPortalGuard dba PistolStar, Inc.
 
PDF
Two Factor Authentication for Salesforce
byArrayShield Technologies Private Limited
 
PDF
Enhancing Authentication to Secure the Open Enterprise
bySymantec
 
PPTX
Safenet Authentication Service, SAS
byrobbuddingh
 
PDF
Scc soft token datasheet
byHai Nguyen
 
PDF
SAP Cloud Identity Services - Solution Overview.pdf
bysxpc7nk5gm
 
PPTX
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
byKnowledge Group
 
PPTX
Presentation- SecurID presentation for the Channel (1).pptx
byssuserba2d14
 
PDF
Secure Identity: The Future is Now
byLane Billings
 
PDF
A Single Strong Authentication Platform for Cloud and On-Premise Applications
bySafeNet
 
PDF
Two-factor Authentication: A Tokenless Approach
byPortalGuard
 
PDF
Auth-Shield
byChetan Kapila
 
PPTX
How Cloud-Based Service Providers Can Integrate Strong Identity and Security
byGlobalSign
 
Two-Factor Authentication: Easy Setup, Major Impact by Marco Erzingher
bySalesforce Admins
 
TrustBuilder IBM TAMeb sales presentation v2.3
byPieter Noorlander
 
Fluig - Identity
byFluig
 
Sms passcode
byTechMeetups
 
Easy Solutions Product Brochure
byBen Massey
 
Securing Your Salesforce Deployment with Two Factor Authentication
bySalesforce Developers
 
Secure Your Salesforce Org with Two-Factor Authentication
bySalesforce Admins
 
Two-factor Authentication
byPortalGuard dba PistolStar, Inc.
 
Two Factor Authentication for Salesforce
byArrayShield Technologies Private Limited
 
Enhancing Authentication to Secure the Open Enterprise
bySymantec
 
Safenet Authentication Service, SAS
byrobbuddingh
 
Scc soft token datasheet
byHai Nguyen
 
SAP Cloud Identity Services - Solution Overview.pdf
bysxpc7nk5gm
 
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
byKnowledge Group
 
Presentation- SecurID presentation for the Channel (1).pptx
byssuserba2d14
 
Secure Identity: The Future is Now
byLane Billings
 
A Single Strong Authentication Platform for Cloud and On-Premise Applications
bySafeNet
 
Two-factor Authentication: A Tokenless Approach
byPortalGuard
 
Auth-Shield
byChetan Kapila
 
How Cloud-Based Service Providers Can Integrate Strong Identity and Security
byGlobalSign
 

Recently uploaded

PDF
Top 10 Dedicated Server Providers in Stockholm (Updated Edition).pdf
byAtal Networks
 
PPTX
Robot Vacuums are Cleaning Up. The global robot vacuum segment has high marke...
byRobert March
 
PDF
Why Enterprises Are Moving to Dedicated Servers in the Netherlands
byAtal Networks
 
PPTX
WIFI Enabled 8 by 32 Matrix.pptx for final year project
bymdsabbirhossain524856
 
PDF
Pervasive Encryption - Keeping Data Secure.pdf
byPrecisely
 
PDF
Presentation of Cybersecurity and data protection
bytarikaityahya2
 
PDF
Adding Copilot+ PCs with Snapdragon to your HP fleet won’t require IT deploym...
byPrincipled Technologies
 
PPTX
The Abomination of AI – keynote at ICoSCI 2026
byAlan Dix
 
PDF
UiPath Coded Agents - A Developer Driven Agentic Automation Era
byUiPathCommunity
 
PDF
How Automation Powers Data Quality and Governance at Scale
bySafe Software
 
PDF
Best 10 Dedicated Servers in Amsterdam, Netherlands (2026 Enterprise Edition)...
byAtal Networks
 
PDF
Mercury Computer Systems & The Cell Broadband Engine
bySlide_N
 
PDF
Salesforce Sales Cloud and Generative AI Present a Fresh Approach to Personal...
byMinuscule Technologies
 
PDF
2025-CB-NCAE-slide-deck.pptx-1-83.pdf Virtual Orientation on the Administrati...
byNelizabethEsplaguera1
 
PPTX
Spacewalk 2026 - Presented at the IMAX in Raleigh, NC
byAll Things Open
 
PDF
Special Reeling Cable Specification _ Anhui Feichun Special Cable Co., Ltd_.pdf
byAnhui Feichun Special Cable Co., Ltd.
 
PDF
Philippine Agricultural Engineering Standard_Hand Tractor .pdf
by6xfrnmdp4b
 
PPTX
Apache Kafka 101 for Techies in IT dep.pptx
byamulyareddyk97
 
PPTX
Design Flaws and Known Attacks in Agentic AI - ITI Business Session
byInformation Technology Institute
 
PPTX
Microsoft Azure News - January 2026 - BAUG
byDaniel Toomey
 
Top 10 Dedicated Server Providers in Stockholm (Updated Edition).pdf
byAtal Networks
 
Robot Vacuums are Cleaning Up. The global robot vacuum segment has high marke...
byRobert March
 
Why Enterprises Are Moving to Dedicated Servers in the Netherlands
byAtal Networks
 
WIFI Enabled 8 by 32 Matrix.pptx for final year project
bymdsabbirhossain524856
 
Pervasive Encryption - Keeping Data Secure.pdf
byPrecisely
 
Presentation of Cybersecurity and data protection
bytarikaityahya2
 
Adding Copilot+ PCs with Snapdragon to your HP fleet won’t require IT deploym...
byPrincipled Technologies
 
The Abomination of AI – keynote at ICoSCI 2026
byAlan Dix
 
UiPath Coded Agents - A Developer Driven Agentic Automation Era
byUiPathCommunity
 
How Automation Powers Data Quality and Governance at Scale
bySafe Software
 
Best 10 Dedicated Servers in Amsterdam, Netherlands (2026 Enterprise Edition)...
byAtal Networks
 
Mercury Computer Systems & The Cell Broadband Engine
bySlide_N
 
Salesforce Sales Cloud and Generative AI Present a Fresh Approach to Personal...
byMinuscule Technologies
 
2025-CB-NCAE-slide-deck.pptx-1-83.pdf Virtual Orientation on the Administrati...
byNelizabethEsplaguera1
 
Spacewalk 2026 - Presented at the IMAX in Raleigh, NC
byAll Things Open
 
Special Reeling Cable Specification _ Anhui Feichun Special Cable Co., Ltd_.pdf
byAnhui Feichun Special Cable Co., Ltd.
 
Philippine Agricultural Engineering Standard_Hand Tractor .pdf
by6xfrnmdp4b
 
Apache Kafka 101 for Techies in IT dep.pptx
byamulyareddyk97
 
Design Flaws and Known Attacks in Agentic AI - ITI Business Session
byInformation Technology Institute
 
Microsoft Azure News - January 2026 - BAUG
byDaniel Toomey
 

test

  • 1.
    TriCipher Armored CredentialSystem™ (TACS) Strong Authentication for SalesForce.com Integration Benefits TriCipher enhances SalesForce.com by seamlessly adding multi-factor functionality to the Username / Password method currently used today. Organizations will continue to derive the benefits from SalesForce.com and will now have the additional capability to transition their organizations from weaker password protection to something much stronger. Benefits Strong authentication for SalesForce.com that prevents identity theft and fraud Prevents man-in-the middle (MITM) and complex phishing attacks Seamless integration with a transition path from weak password systems to strong authentication Choose from an array of strong multi factor authentication methods from the TriCipher Authentication Ladder. Compliance with stringent audit and regulations such as FFIEC, HIPAA, GLB, etc. Multi Factor Authentication Multi factor authentication by definition is the use of a combination of more than one factor for the purpose of user authentication. A “factor” can be something you know (such as a password or PIN), something you have (such as an authentication token), or something you are (biometrics, such as a retina scan, or fingerprint). Consumers are used to a multi factor authentication model with ATM cards - the PIN being something you know, the ATM card is what you physically have. Employing Multi Factor authentication for use online, however, is much more challenging because it typically requires the user to carry or present something physical. Historically, traditional Multi-Factor authentication methods have been too hard to deploy and manage for large consumer bases, due not only to the high costs associated with initial purchase, but also the overhead of initial deployment, lost/replacement, management and customer support. Add to this the fact that many users are not yet ready or prepared to deal with hardware tokens, scratch cards, client software downloads and extra authentication steps, even if it protects their bank account and identity information. TACS Solution The TriCipher Armored Credential System™ (TACS) provides a comprehensive infrastructure that can be used to address many of these risks. Its unique Multi-part credential and Flexible Factor technologies enable a single infrastructure to issue credentials of different strengths. This
  • 2.
    allows the enterpriseto tailor the type of credential to the specific level of risk without having to deploy multiple costly infrastructures. The system architecture is designed to allow TACS to be easily deployed for external Software as a Service (SaaS) applications like SalesForce.com and also to protect internal web applications. Servicing some of the highest volume financial services applications for demanding customers, TACS provides high reliability, availability and scalability. TACS provides a variety of Multi Factor authentication options (see TriCipher Authentication Ladder below), allowing you to balance security, cost and ease of use based on the results of your risk assessment. Browser 2 Factor (B2F) strong authentication The Browser 2 Factor rung of the TriCipher Authentication Ladder offers a zero download strong authentication solution. In B2F, the 2nd factor in the form of an encrypted cookie or a browser certificate is transparently given to the users’ browser. Also, as a part of the activation process, the user selects an image or a secret text phrase they will recognize when they come back to the web site. TriCipher is unique in this clientless offering by going up the ladder with the B2F Certificate option (as cookies are susceptible to certain attacks and can be deleted or copied). In addition B2F has advantages as: • Requires no change in user behavior. The user is completely unaware of the change and migration to his type of credential from a password-only system is transparent (even their password remains the same). • No client software. Browser 2 factor requires no client side software. • Phishing protection. Browser 2 factor protects against phishing attacks whose aim is credential theft. • Authenticate your web site. Showing a welcome message reassures the user that they have reached your site, not a phisher's replica. Device 2 Factor (B2F) strong authentication Perhaps the easiest to use, deploy and manage is using the login device as second factor. With this type of credential, the second factor is stored securely on the PC. The user has nothing new to carry, but does need a small piece of client side software, the TACS ID Tool. The device 2nd factor
  • 3.
    provides strong protectionagainst all types of phishing including man-in-the-middle. The client software also provides the additional benefit of performing an optional security presence check before authentication. Device 2 factor is often used for high net worth consumers, business banking customers, active traders, administrators at individual branches (or at client companies) and channels such as mortgage brokers. Portable 2 Factor Portable 2 factor takes advantage of the security of multi-part credentials to use commodity storage products or consumer electronics as a 2nd factor for authentication. Users can choose something they carry already such as an MP3 player or USB memory stick, or the financial institution can issue something branded. The 2nd factor in this case is protected by rolling key technology to defeat would-be thieves. Portable 2 Factor provides strong protection against all types of phishing including man-in-the-middle. The TACS ID Tool is required for this type of credential and provides the additional benefit of performing an optional security presence check before authentication. Armored Token 2 Factor Armored Token 2 factor protects one time password tokens from man-in-the-middle attacks. This type of credential also requires the TACS ID Tool and provides the option of a security presence check. Armored Token 2 factor is often used to protect existing one time password deployments. Additional credential types TACS provides for other credential types, including smart cards and using three or more authentication factors. TriCipher Authentication Gateway (TAG) strong authentication The TAG is an integral part of the TriCipher Armored Credential System (TACS), The TriCipher Authentication Gateway (TAG) acts as a services layer for web applications. The TAG reduces the time to deploy strong authentication, increases authentication performance, and ensures the security of the login process by providing a single standardized strong authentication service for use by every application within an organization. The TAG, based on patent pending technology, manages the authentication for every level of the TriCipher Authentication Ladder including passwords, browser cookies/certifications, PCs, portable devices, tokens, smart cards and biometrics to provide a unified authentication infrastructure. When users log into any web application, they are handed off to the TAG to manage the entire authentication process and verify the credentials of each user with the ID Vault. Once authenticated through the ID Vault, the TAG delivers a SAML token to the SaaS solution like SalesForce.com which either validates the SAML assertion or passes it via a back trusted channel to the TAG for re- validation and then provides the user the appropriate level of access. How does the integration work? The TACS solution consists of the TAG and the ID Vault. The solution can either be hosted internal to the organization or as a
  • 4.
    hosted service. Users areinitially given a strong credential before the single sign-on feature for SalesForce.com is turned on. This involves batch loading the users into the TriCipher system and generating a one-time-use activation code that can be sent to the users via email, SMS or even a phone call. Based on the type of licensed SalesForce.com Edition you may need to request SalesForce.com to turn on single sign-on (SSO) AFTER your users have registered for strong authentication. The Enterprise and Unlimited Editions are more flexible and allow you to turn on single sign- on on a per user basis by creating a new profile for SSO. You can turn on SSO before the users register and enable SSO individually for each user by clicking on a checkbox in SalesForce.com Users go through a registration period where they login to the TAG and are given their second factor for strong authentication. On the cut-over day, single sign-on is turned on for the users and they are provided the HTTP link to login to SalesForce.com – this can be on an internal customer portal where users click on a URL to login to SalesForce.com securely. The process flow for the user to login to salesforce.com is as below: 1) User clicks on the URL for Strong Authentication to SalesForce.com. User lands on TAG and inputs their username. 2) User then strongly authenticates to TAG. TAG validates the users’ strong authentication credentials with the ID Vault. 3) Once the TAG authenticates the users’ strong credential, it submits the user id and a SAML token (as password) to SalesForce.com. 4) SalesForce.com then validates the user id and then sends a SOAP/XML message with user id and SAML token (the one we passed them in step 3) to a web service on the TAG. 5) TAG then validates the SAML token and if valid it returns a SOAP/XML message confirming the user authentication to SalesForce.com 6) SalesForce.com then allows the user to access (single sign-on) to their SalesForce.com application. Users are now required to login to
  • 5.
    SalesForce.com using TriCipherstrong authentication. Users that try to go directly to SalesForce.com will not succeed as they are required to login securely via TriCipher. Summary The TriCipher solution gives organizations powerful, seamless and flexible strong authentication capabilities to secure access to SalesForce.com. Customers can further leverage this central authentication infrastructure to secure access to internal and external web applications. Contact TriCipher Headquarters: 750 University Avenue, Suite 260 Los Gatos, CA 95032 Phone: +1.650.372.1300 Fax: +1.650.376.8301 TriCipher US sales: Email: sales@tricipher.com Phone: +1.650.376.8326 Fax: +1.650.376.8301 TriCipher EMEA sales: Email: emea@tricipher.com Phone: +44 (0) 1223 451 075 Fax: +44 (0)1223 451 1