Single Sign On for Salesforce.com

With 9% of all worldwide SaaS revenue coming from Salesforce.com, it's no wonder the number of users is growing at a lightning fast pace.  And those users are demanding direct access and ease-of-use of this mission-critical software-as-a-service (SaaS) application.  While many organizations turn to traditional enterprise access management and single sign-on (SSO) products, these systems fail to meet the security and operational needs of SaaS applications that are hosted outside of the organization.  Without SSO, users must perform multiple logins with multiple passwords, and administrators have to manage separate processes to provision Salesforce users. 

Secure Internet SSO Increases Security for Salesforce

The fear of dismissed employees callously destroying or copying sensitive and valuable data is foremost in management's mind.  When users access mission critical information from outside the organization, unmanaged accounts still give them access to sensitive customer data in Salesforce. 

PingFederate, Ping Identity's standalone identity federation software, provides secure Internet SSO for Salesforce. By integrating with your existing identity infrastructure, including Windows, Active Directory, commercial and homegrown identity management systems, PingFederate automatically provisions your users to Salesforce by using Salesforce's proprietary SSO and provisioning APIs.  Your users get direct access to Salesforce without requiring them to re-login and your administrators no longer have to provision duplicate accounts. 

SSO for Salesforce

Once you've installed PingFederate, along with the appropriate PingFederate Integration Kits, you simply create a group or filter in your user directory that contains all of your Salesforce users.  PingFederate utilizes Salesforce's account provisioning API to automatically create accounts for each user in the group. And as you add or remove users from your directory group in the future, those changes are automatically synchronized with Salesforce.

Automated support for Salesforce account provisioning and de-provisioning is essential for secure Internet SSO, particularly for large organizations. 

SSO Access Methods for Salesforce

Depending on whether the user has already authenticated in your system or not, there are two different ways PingFederate can provide access to Salesforce. When a user is already authenticated on your system, they click on a link from the corporate portal that takes them directly to Salesforce.  The user gets transparently redirected, without being asked to re-login, just as if Salesforce were a local application on your network.

Alternatively, a user who has not already logged into the local network, types in their Salesforce URL.  Then the user is presented with the login screen of their home organization as PingFederate supports Salesforce's delegated authentication mechanism.  Once they enter their credentials, they go directly to Salesforce.

PingFederate's Salesforce Solution Benefits

There are several benefits to implementing secure Internet SSO to Salesforce with PingFederate, including:

• Your users will absolutely love having direct access.  They no longer need to login again to get access to an application that is critical to their work. 
• Administrators appreciate the amount of work it eliminates.  Fewer passwords means fewer password resets. Automated provisioning means no additional work at all.
• PingFederate eliminates the security risks, development burden and maintenance overhead of proprietary SSO implementations
• PingFederate isn't just for Salesforce. It will work with any other service provider that is also industry standard SAML-enabled, a list that is growing rapidly.

Try PingFederate Free

Download PingFederate and request a free evaluation license key.  You'll be up and running with PingFederate in just a few hours, and you can see for yourself how PingFederate puts an end to logging in again!