Salesforce Developer Security Authentication Delegated Authe


// Salesforce - Developer - Security - Delegated Authentication:

Delegated authentication is a form of authentication that forwards the username 
and password from Salesforce via web-service callout to an admin specified 
endpoint that can verify and authenticate the user.

1. To build the external webservice, a WSDL is available in the Salesforce setup 
   menu. Navigate to Setup -> Build -> Develop -> Api and click “Delegated 
   Authentication WSDL”

2. Users are enabled for delegated authentication via the “Single Sign-On 
  Enabled” profile permission.

Due to the fact that an external system is validating the credentials, it is 
possible to incorporate more advanced features to this form of authentication, 
like time based tokens.

The downside of this form of authentication is that credentials are sent over 
the internet.  This is not considered a security best practice since it opens 
up a vector for password disclosure if a malicious actor can insert themselves 
between Salesforce and your external webservice.
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License