Single Sign On to Salesforce.com® & Force.com®

Single Sign-On to Salesforce.com^* & Force.com^*

Today, Enterprise users have fully embraced Salesforce.com and Force.com as core operational platforms that are mission critical to the business. However, administrators have been slow to apply the same level of enterprise class security as they require for applications deployed within the firewall. This goes beyond delivering basic SaaS Single Sign-On (SSO) based on username or password or SAML tokens. Salesforce access done right is tightly integrated with existing on-premise identity and access management systems, account provisioning workflows, and audit repositories... all protected, as needed, with elevated strong authentication technologies.

Intel^® Expressway Cloud Access 360 Solution:

Leverage Multiple Authentication Sources & Federated SSO Protocols

• Authentication using Microsoft^* Active Directory, Oracle^* directories (ODSEE, OID, OVD), IBM^* Tivoli Directory Server, OpenLDAP, Central Authentication Service (CAS), x509 certificates, or any LDAP v3 compliant directory.
• Extend internal log-in sessions from Microsoft^* IWA , Oracle^* Access Manager(OAM), CA^* Siteminder, IBM^* Tivoli Access Manager and custom SSO solutions.
• Leverage Internet Identity Providers (IdP) to deliver temporary access for contract workers. Support for Facebook Login, Google Sign In, or any OpenID provider.
• Microsoft^® Outlook integration: Users of Salesforce^* Connect for Outlook can use credentials from on-premise enterprise directories.

Client-aware, Multi-factor Strong Authentication

• AddOne Time Password (OTP) based on convenient delivery of tokens over Nordic Edge Pledge mobile app, SMS, Email, Skype, IM, and YubiKey
• Sophisticated client aware authentication with Intel^® Identity Protection Technology (IPT) to restrict access from attested client devices only.
• Client-aware authorization & second factor authentication based network type. For example log in from a hotel room outside the VPN triggers a multi-factor authentication.

2-way Secure API Access

• Enterprise a Cloud access: Integrate Salesforce data into Enterprise Applications and Portals such as Sharepoint^* Portal over OAUTH
• Cloud a Enterprise access: Access Enterprise data such as Sharepoint resources from Force.com applications over secure APIs with user impersonation

Provisioning/De-Provisioning of Users

• Policy based automated provisioning and de-provisioning of users
• Directory synchronization of user attributes between Enterprise directories and Salesforce
• Works with split profile use cases by building a virtual identity profile on-the-fly combining user attributes from multiple identity sources such as Active Directory, and HR databases (Peoplesoft)
• Integrated with Active Directory change notification. Can accept events from existing provisioning systems such as Oracle^* Identity Manger, CA^* Identity Manager, and IBM^* Tivoli Identity Manager

Benefits:

• Control access to Salesforce and Force.com applications (such as FinancialForce.com, ZenKraft, custom and others) from a centralized control point
• Reduce risk through automated provisioning/de-provisioning of users
• Increase compliance through a centralized audit repository
• Unified threat intelligence, security policies, and reporting across cloud traffic channels. Part of the McAfee^* Cloud Security Platform.