Salesforce Identity Connect

Notes on the tool used for connecting to Active Directory

Overview

• single-sign-on software from Salesforce that is shipped to customers to run inside their firewall
  • Is entirely on-prem
  • Beneficial as you don’t need to then open up your AD-based ports in your firewalls for Salesforce to reach in; instead it pushes data out to Salesforce in a more secure way
• Used to connect a given Salesforce org to your company’s Active Directory instance in order to use those Active Directory credentials for authentication into Salesforce itself
• Can be connected to multiple Salesforce orgs at once

How it Works

1. Host the application and run it
2. Connect to your Org via Oauth flows in the application itself
3. Application retrieves the User fields from your SFDC org
4. You can then set up mappings and default values from AD <—> SFDC

• Allows for a scripting portion here as well
• Kind of seen as an ETL for authentication and user management from AD -> SFDC

1. Syncs your AD Users and SFDC users, which provisions the user in SFDC from AD based on the mappings
2. Also creates the SAML-based SSO configuration in your Org for you using the Metadata APIs
   1. Just need to log into the org and enable the SSO provider, and then add it to the Login page