This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Community Blog

Subscribe to the official SecurID Community blog for information about new product features, industry insights, best practices and more.

SalesforceA and SecurID Access

IngoSchubert
Respected Contributor Respected Contributor
Respected Contributor
1 0 839
‎2016-08-01 11:03 AM

We looked at SFDC apps before here (Salesforce Rich Client setup by Karim Elatov​) and here​ (Salesforce1 app login video by Joseph Macaluso).

Today, I just wanted to give a quick update on this, specifically about SalesforceA.

SalesforceA is the app that SFDC administrators can use to perform various administrative tasks such as unlock user accounts.

 

In terms of authentication and setup it doesn't really differ that much from the standard Salesforce1 app.

 

Look at the guide by Karim for the details about setting up SFDC as a SAML SP.

 

Once you did that you can then log into SalesforceA - but keep in mind that this only succeeds if the account you use is a SFDC admin.

Here are some screenshots:

When you start the app the first time you are asked (unsurprisingly I might add) to log in:

 

Screenshot_20160801_154015.png

 

Click on the "Sign In" button.

You'll be presented with something that looks a lot like the SFDC login screen in your web browser. That's because what you see is a web page rendered in a browser object inside the SalesforceA app.

 

Screenshot_20160801_154029.png

 

Now you have to click on the "Use Custom Domain" link on the lower right corner.

You'll be asked for your custom domain.

 

Screenshot_20160801_164554_2.png

 

Next you'll be presented with the login screen of the target domain OR you might be automatically redirected to the IDP (SecurID Access). This really depends on the setup at SFDC. In my case the SFDC instance I use actually has multiple IDPs it trusts. So I have to select the one I want:

 

Screenshot_20160801_154223.png

 

After I did that I'm redirected to my SecurID Access login page and fill out the username and password fields.

Again: this has to be for a user that has administrative rights inside SFDC - otherwise SalesforceA won't like it.

Screenshot_20160801_154258_2.png

 

After the login completes (and maybe after a step-up if the policy requires it) the SalesforceA app will present this screen to approve access by the user to the SFDC instance.

Some technical background: SFDC consumed the SAML assertion from SecurID Access and now exchanges that session information for a OAuth token - as soon as "Allow" is selected.

 

Screenshot_20160801_154313.png

 

....and we are in!

 

Screenshot_20160801_154331.png

© 2023 RSA Security LLC or its affiliates. All rights reserved.