Cloud // Platform as a Service
News
10/15/2013
09:51 AM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Salesforce.com Creates Single-Sign-On Cloud

Salesforce Identity service connects users to Web and mobile apps through the vendor's cloud platform. But does it fit with Active Directory?

Plenty of businesses rely on Active Directory and other LDAP-based directory services to manage employee access to applications and servers behind the corporate firewall. But how are they managing the chaos brought on by the cloud and BYOD movements, with Web-based and mobile-enabled apps ranging from Gmail and Box to Concur, Workday and Office 365?

Salesforce.com on Tuesday announced the general availability of Salesforce Identity, the identity management service it announced more than a year ago at Dreamforce 2012. The extended beta period was used to consult with customers and test the services at scale, with at least 70% of Salesforce.com customers already using aspects of the service such as Mobile Identity, according to Chuck Mortimer, a Salesforce VP of product management.

"It's not as straightforward as a beta because we've opened up a series of platform services that we already use for all of our customers," Mortimer explained in a phone interview with InformationWeek. "With Mobile Identity, for example, we've used that to deliver our own mobile applications, and we're extending that now to any application that wants to plug into our app ecosystem."

Salesforce Identity extends to third-party Web and mobile apps the consistent, platform-based identity services Salesforce customers are used to as the gateway to more than 1,900 AppExchange apps. Customers wanted the ease and convenience of Salesforce's single-sign-on access controls extended to a wider universe of unsupported apps and resources brought on by the cloud, shadow IT and mobility trends, Mortimer said.

[ Want to learn more about Salesforce cloud partnerships? Read Salesforce.com Announces Second 'Best' Friend: Workday. ]

Salesforce Identity is not designed for client-server apps and is not intended to be a replacement for Microsoft Active Directory and similar products. Rather, Salesforce says a connector lets you take advantage of the identities, roles and access privileges set up in LDAP directories and extend them to cloud and mobile apps through Salesforce Identity.

Salesforce did not release a formal list of supported apps, but it said Identity relies on open standards including SAML (Security Assertion Markup Language), OAuth, OpenID Connect and SCIM (System for Cross-domain Identity Management) that will enable the service to be extended and customized via open APIs.

The Identity service presents a single management console (familiar to Salesforce administrators) through which admins can provision cloud-based services, custom or packed mobile apps and even Web-based apps deployed on-premises. Employees then log in once and gain access to otherwise disparate collections of apps such as ADP, Dropbox, SugarCRM and Zendesk as well as everything on the Salesforce platform.

The Identity console can be used to set higher-level access controls for certain apps, such as two-factor authentication. And when employees leave a company, a Freeze button lets administrators lock users out of all apps immediately.

Basic Salesforce Identity services are free for Enterprise and Unlimited Edition licensed users of Salesforce Sales, Service and Marketing cloud services. The catch is that that does not include the connector to existing identity directories, which adds are charge of $1 per user, per month. Lower-level subscribers and employees who do not use Salesforce applications can use the service at $5 per user, per month.

The service includes a brandable log-in page and App Launcher portal from which companies can present managed, single-sign-on apps.

Comment  | 
Print  | 
More Insights
Google in the Enterprise Survey
Google in the Enterprise Survey
There's no doubt Google has made headway into businesses: Just 28 percent discourage or ban use of its productivity ­products, and 69 percent cite Google Apps' good or excellent ­mobility. But progress could still stall: 59 percent of nonusers ­distrust the security of Google's cloud. Its data privacy is an open question, and 37 percent worry about integration.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.