Securing your Salesforce application with IBM Cloud Identity

Software applications play an important role in our lives. Whether it is in the home or workplace, we use them for communicating with people, staying up-to-date with the things happening in the world, keeping entertained, doing work and much more.

Salesforce is a cloud computing service as a software (SaaS) company that specializes in customer relationship management (CRM) solution that brings companies and customers together. It’s one integrated CRM platform that gives all your departments — including marketing, sales, commerce, and service — a single, shared view of every customer.

You’ve probably heard of Salesforce.com   (CRM – Get Report)  before, or your company may even use their services. From Fortune 500 companies to startups, everyone seems to be hopping on the Salesforce train.

But along with the convenience of cloud comes the risk of intrusion every time those apps or updates are downloaded.  

The most common example of securing authentication is username and password authentication. While effective in most situations, the username-and-password combination is a frequent target of hackers. And, because so many of us use the same password for multiple accounts, one breach can threaten a range of systems. Plus, we all have trouble remembering passwords (your golden retriever’s birthday?) and resetting passwords repeatedly to meet ever-stricter requirements for complexity and length.

That’s where multi-factor authentication (MFA) comes in. Multi-factor authentication is any process that requires an end user to submit two or more pieces of identification to gain access to a system. Multifactor authentication combines two or more independent credentials: what the user knows (password), what the user has (security token) and what the user is (biometric verification). The goal of MFA is to create a layered defense and make it more difficult for an unauthorized person to access secured application.

Securing Salesforce Application with MFA

You don’t need to be so much worried thinking how to secure your Salesforce access. IBM Cloud Identity solutions provide multi-factor authentication that is both secure and easy to use for end users. These solutions offer a variety of multi-factor authentication mechanisms such as email or text, one-time-passwords, and mobile push with biometric requirements to confirm the identity of users.  Once identity is established for a specific device and user, IBM Cloud Identity helps simplify user access with single sign-on (SSO) capability. It comes with thousands of pre-built connectors to provide quick access to Salesforce and hundreds of other cloud applications as well as provide pre-built templates to help integrate in-house apps. It is very easy to configure single sign-on for your salesforce application. Check <link for How to setup sso …. article>

Configure MFA with IBM Cloud Identity

Login to your IBM Cloud Identity tenant as administrator and switch to Admin Console.

Select Security tab.

You can select from various out of the box access policies provided to control how administrator access the Cloud Identity administration console as well as end user can access their Cloud Identity home page.

IBM Cloud Identity provides multiple authentication factors such as –

  • Email One-Time Password
  • SMS One-Time Password
  • Time-Based-One-Time Password

Select the authentication factor that you want to enable and click Save.

IBM Cloud Identity also provides a policy editor that helps you to add new policy by setting custom policy rules. For more details you can go to Policy Editor tab.

IBM Cloud Identity allows you to configure Multi Factor Authentication for a specific application, in this case Salesforce. Administrator can configure it while setting up single sign-on (SSO) for Salesforce application.

End user experience

IBM Cloud Identity provides excellent end user experience. Let’s try accessing IBM Cloud Identity console.

Let’s try accessing your home page for IBM Cloud Identity –

Access policy that is setup above demands “2FA for each session for all devices”. Hence you will be prompted to choose a method for step up authentication. If email id and mobile number are provided for the user then you will be prompted to choose “How would you like to verify it’s you?

Let’s select email to send one time code.

You will receive an email on the specified email id with one time password (OTP).  If required you can choose to resend the OTP.

Enter the OTP that was emailed and click Submit. You will be logged in to your homepage.

Administrator has already configured single sign-on for your Salesforce application. So you can see Salesforce application available for SSO on your home page. If 2FA is configured for Salesforce then you will be again prompted to choose a method for step up authentication. OTP will be sent based on your choice as above. After authenticating with valid OTP, you will be automatically logged in to your Salesforce account using IBM Cloud Identity federated single sign-on.

Visit the IBM Cloud Identity website to learn more about how IBM Cloud Identity.