Communities Flashcards
How do you configure SAML for Communities?
Use site URL and org id for multiple SAML implementations.
e.g. Recipient=”https://acme.my.site.com/customers/login?so=00DD0000000JsCM”
What OAuth flows are supported for Communities?
All flows except Username-Password & SAML assertion
How is the token passed for OAuth flow in Communities?
As a bearer token in Authorization Header
e.g.
https://site.force.com/customers/services/data/v32.0/ -H
“Authorization: Bearer
00D50000000IehZ!AQcAQH0dMHZfz972Szmpkb58urFRkgeBGsxL_QJWwYMfAbUeeG7c1E6
LYUfiDUkWe6H34r1AAwOR8B8fLEz6n04NPGRrq0FM”
What is the authorize url for Communities in an OAuth flow?
https://acme.my.site.com/customers/services/oauth2/authorize?
What is the URL after the app is authorized in an OAUth flow?
https://acme.my.site.com/customers/services/oauth2/token
What are components of guest user access in Communities?
Guest users get a guest user record and profile
What is external org access set to for Guest Users?
Private
What are limitations of guest users?
- Can’t have more than Read Access
- Can’t be members of Public Groups or Queues
- Can’t get access to records via Manual or Apex Sharing
- Can’t have View All or Modify All access to objects
- Can’t be owner for new records (goes to default owner) or existing records
What kind of Community user can a Non-partner or Person Account create?
Only Customer Community users
What permission do Salesforce license holders need to create external users?
Manage External Users
What permission do Partner & Customer community users need to create external users?
Delegated External User Administration
What does Salesforce do when a user self registers on a community?
Creates a Contact & User record
What is the name of the controller for self registration?
CommunitiesSelfRegController
What are page options for self registration
- Default page
- Configurable self reg page - can use any identifier (e.g. phone number)
- Experience Builder page - can customise look & feel but requires username & password
- VF page - full control - can use CommunitiesSelfReg
What are the methods you need to use in Apex to create Community users?
- CreatePortalUser
- CreateExternalUser
- CreatePersonAccountPortalUser
What records can be created with JIT provisioning over SAML?
User, Contact & Account
In which part of the SAML assertion is information for JIT provisioning sent?
saml:Attribute
Where do you enable JIT provisioning in Salesforce
Single Sign On settings - ‘User Provisioning Enabled’
What are the mandatory values you need to set for JIT provisioning?
SAML UserID Type = ‘Federation ID’
SAML Subject NameID = FederationID
What are the fields you can send on Account for JIT provisioning?
- Name (must be unique)
- AccountNumber (must be unique)
- Owner
What are the fields you can send on Contact for JIT provisioning?
- LastName
2. Email
What are the field you can send on User for JIT provisioning?
- LastName
- Username
- ProfileID
- PortalRole
What is the process sequence for JIT provisioning?
- Find user with matching FederationID
- Search all contacts for match on email
- Search all accounts for match on account name or account number
- if no match at any of the steps above, SF creates account, contact & user
What are the ways of authenticating into a Community?
- Salesforce Identity
- Social Sign On using OpenID Connect
- Federated authentication using SAML
- Delegated authentication using Identity Connect
What can be branded in Community login pages?
- Logos
- Background color
- Right frame URL content
- Footer
How do dynamic URL’s work?
By replacing the {expid} experience ID parameter
What is login discovery?
Allows use of other identifiers (such as phone) instead of username in login process. Salesforce requires vertification code sent in the next screen to match
Can you use login discovery with allow users to log in directly to the site?
No
How do you enable self registration for Person Accounts in a customer community
- Give access to self registration page to both person and business account record types
- Under Administration - Login & Registration, make sure Account field is empty
What pages can be customised in a Community authentication flow?
- Login
- Forgot Password
- Self Registration
- Logout
What can you customise in the Login process for Communities
- Controller i.e. logic
2. VF Page - UI
How do you make custom pages and classes available for login configuration in Communities?
- Go to Workspaces - Administration - Pages
- Select ‘Go to Force.com’
- Select ‘Public Access Settings’
- Select ‘Enabled VisualForce Page Access’
- Select ‘Enabled Apex Classes’
For passwordless login, what method do you call to login users without a password?
site.passwordlesslogin
For passwordless login, How do you register & de-register users in Apex if Salesforce is handling the verification?
UserManagement.registerVerificationMethod
UserManagement.deregisterVerificationMethod
For passwordless login, what are the methods available if you are handling the full verification process?
- initSelfRegistrationandverifySelfRegistration
- initPasswordlessLoginandverifyPasswordlessLogin
- initRegisterVerificationMethodandverifyRegisterVerificationMethod
What are the steps required to enable Embedded Login?
- Enable cross-domain resource sharing.
- Create Embedded Login Connected App
- Enable Embedded Login on Web page
- Write Login & Logout functions
- Handle the callback
How do you set up CORS in SF?
Setup -> CORS -> New
What does CORS do?
Enable cross-origin request by populating the Access-Control-Allow-Origin header
What are the 2 types of callback supported for embedded login?
- Client side - web page that receives the token
2. Server side - uses web server OAuth flow
How can you monitor access into the SF org?
- Identity → Login History
- Identity → Identity Verification History
- Identity → Identity Provider Event Log (where SF is IDP)
- Mobile Device tracking (UserDevice and UserDeviceApplication objects)
