Misc Flashcards
What are the essential Salesforce-side settings required to integrate with Microsoft Active Directory using Identity Connect?
Identity Connect Integration User: Create a dedicated integration user in Salesforce to facilitate communication between Active Directory and Salesforce.
Permission Sets: Assign the Identity Connect Integration permission set to the integration user to grant necessary access.
Connected App Configuration: Set up a connected app in Salesforce with appropriate callback URLs and OAuth settings to establish communication with Identity Connect.
My Domain: Enable and deploy My Domain in Salesforce to support Single Sign-On (SSO) and ensure proper functionality of Identity
Embedded Login
Embedded Login can be set up to integrate Salesforce login capabilities into an external website. When customers access the external website, they see a login form that prompts them to enter their username and password. It can be used as a single sign-on alternative or to add a layer of authentication to purchases by requiring customers to log in first.
Certificate-Based Authentication
Certificate-based authentication can be configured to authenticate Salesforce users with unique certificates. Admins can use either Salesforce Setup or API to upload unique PEM-encoded X.509 digital certificates to authenticate individual users
What are the SAML Identity Types and Locations in Salesforce?
SAML Identity Type specifies how the Identity Provider identifies Salesforce users in SAML assertions. Options include User’s Salesforce username, Federation ID from the User object, and User ID from the User object.
SAML Identity Location specifies where the Identity Provider stores the user’s identifier in SAML assertions. The Subject means the identifier is in the <Subject> element of the assertion. The Attribute means the identifier is in a specific attribute in the assertion.</Subject>
What are common SAML configuration errors in Salesforce and their meanings?
The ‘Signature Invalid’ error indicates that the certificate uploaded during SSO configuration failed to validate the signature in the SAML assertion. The correct certificate should be obtained from the identity provider and uploaded in Salesforce.
The ‘Issuer Mismatched’ error occurs when the issuer specified in the SAML configuration does not match the issuer in the assertion.
Other common SAML assertion errors include:
- Assertion Expired
- Assertion Invalid
- Audience Invalid
Why might a connected app not be visible in the App Launcher in Salesforce?
A connected app may not be visible in the App Launcher for the following reasons:
The Start URL is not defined for the connected app.
The users are not authorized to see it.
The app is not marked as “Visible in App Launcher” on the “App Menu” page in Salesforce Setup.
How can user provisioning be configured for a connected app in Salesforce?
User provisioning can be configured under a connected app’s User Provisioning Settings by selecting ‘Enable User Provisioning’. The User Provisioning Wizard can be launched to configure the provisioning flow.
An approval process can be defined for the UserProvisioningRequest object to require approvals from someone like a manager.
