What is Saml and Oauth and Authentication flow in salesforce

Difference between SAML and OAuth

Overview of SAML

1. The user makes a request to Force.com for a specific resource.

2. Force.com detects the user needs to authenticate and redirects the user to their SAML Identity Provider.

3. The user accesses their IdP and authenticates.

4. Once authenticated, the IDP sends a SAML Response back to Salesforce.com.

5. Force.com processes the SAML assertion and logs the user in.


Overview of OAuth


1. The OAuth Client makes an authorization request.

2. The Authorization Server authenticates the user.

3. The user authorizes the application.

4. The application is issued an OAuth token.


Difference between Web server OAuth flow, User agent flow OAuth Authentication flow and Username-Password OAuth Authentication flow

Web server OAuth flow 


Typically used for web applications where server-side code needs to interact with Force.com APIs on the user’s behalf, for example DocuSign. Trust that the web server is secure to protect the consumer secret. Client application


1. Client directs user to authorisation end point.

2. User logs in to authorization end point and does not interact with client application at all.

3. Redirect is sent back to users browser appended with authorization code.

4. Client application extracts the access code and sends to authorisation end point.

5. If successful authorisation end point returns access and refresh tokens.

6. Client application uses token to access users data


User agent flow OAuth Authentication flow


Flow is used for authentication for client applications that reside on users device. Key difference with web server flow is that client cannot keep consumer secret confidential.


1. Client directs user to authorization end point.

2. User logs in to authorisation end point and does not interact with client application at all

3. Redirect is sent back to users browser appended with access token

4. Client application uses access token to access user data


Username-Password OAuth Authentication flow


This flow can be used where the client application already has the username password of the user. The flow is discouraged due to username and password being used back and forth in requests.


1. Client application requests access code with username/password

2. Authentication end point returns access token if successful

3. Client application uses access token for access

What is the purpose of Auth. Providers in Salesforce?

Auth. Providrs let users log in to your Salesforce org using their non-Salesforce credentials. Implement a custom external authentication provider if your OAuth app doesn’t support OpenID Connect. If your app supports OpenID Connect, you can use one of the authentication providers that Salesforce provides.


External users can log in using their credentials from Facebook©, Janrain©, or another Salesforce organization if you set up authentication providers on the Auth. Providers page in Setup and choose to display them on the community login page


Event Monitoring in Salesforce

Event monitoring is one of many tools that Salesforce provides to help keep your data secure. It lets you see the granular details of user activity in your organization. We refer to these user activities as events. You can view information about individual events or track trends in events to swiftly identify abnormal behavior and safeguard your company’s data.


So what are some of the events that you can track? Event monitoring provides tracking for lots of types of events, including:

Logins

Logouts

URI (web clicks in Salesforce Classic)

Lightning (web clicks, performance, and errors in Lightning Experience and the Salesforce mobile app)

Visualforce page loads

API calls

Apex executions

Report exports

All these events are stored in event log files. An event log file is generated when an event occurs in your organization and is available to view and download after 24 hours. The event types you can access and how long the files remain available depends on your edition.

Developer Edition (DE) organizations have free access to all log types with one-day data retention.

Enterprise, Unlimited, and Performance Edition organizations have free access to the login and logout log files with one-day data retention. For an extra cost, you can access all log file types with 30-day data retention.

Check the below link for API


https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/using_resources_event_log_files.htm


To use Workbench to listen to the events, check https://www.infallibletechie.com/2020/05/salesforce-event-monitoring.html


To download event log file from browser, follow the below steps


1. Go to https://salesforce-elf.herokuapp.com.


2. Click Sandbox or Production based on the environment where you want to download.

3. Click "Allow Access".


4. Enter Date Range.


5. Click Apply.


What is Single Sign-On (SSO) and what are the different options available with Salesforce?

Single Sign-On (SSO) is the capability to access multiple applications using a single username/password, thereby eliminating the need to remember multiple usernames/passwords.

Comments

Post a Comment

Popular posts from this blog

Salesforce Spring 16 Release Exam (Maintenance Exam Q&A) for Developer 201 Admin

Spring 16 Salesforce Admin 201 Maintenance Exam 1. Which areas are calculated for the Health Check score? Choose 2 answers A. Number of users B. Session Settings  C. Profiles and Permissions assigned D. Password Policy E. Login attempts 2. What key user access data is included in login forensics? A. Who logged in from a new browser more than once in a day. B. Who logged in more than the number set in the profile. C. Who logged in during business hours. D. Who logged in more than the average number of times. 3. What is true regarding the new Data Loader? A. It has a new column flagging duplicate files. B. It supports Web Server OAuth Authentication for Windows or Mac. C. It has downloadable add-ons published through the AppExchange. D. It works with all legacy security protocol. 4. What does the Customize Application permission setting allow? A. To create article types. B. To edit contract settings. C. To modify custom picklist values. D. To create a...
Read more

Show Hyper Link On Add Error in Salesforce Trigger

Requirement: Check Duplicate record in system and show the add error in form of hyperlink corresponding duplicate record ID Solution : Write a trigger and show add error objExistingRecord >>> OldRecord Id objNewRecord >> New Record  objNewRecord.addError('Same Combination of Record already Inserted in System: <a href=\'/'+ objExistingRecord.id +'\'>'+objExistingRecord.Name+'</a>', false);                                                                           Thanks                                                Sumit Shukla
Read more

Show the Success Message before Redirecting the Detail page on Visualforce Page

Requirement: To show the Success message before Redirecting the Detail page. On Click on Save button show the successful message after that redirect to detail page.  Solution: Create the Controller Class public class ClassName { // Create a boolean property     public boolean isChanged{get;set;}             public void SaveData(){         //Write Save/update Logic //insert/update list or object /set the boolean value as a true after list update/insert isChanged=true;         ClassName              } // This method will call after saving the record. and redirect to specify id     public pagereference redirectToRequiredPage(){         PageReference pageRef=new PageReference('/' +Recordid);         return pageRef;     } } Create the visualforce page <apex:page Contr...
Read more