Enhancing Identity Management in Salesforce: A Banking Case Study

In today’s digital landscape, secure and seamless identity management is crucial, especially in the banking sector. We recently implemented an advanced identity management solution for a leading bank, addressing their need for seamless authentication while leveraging their existing infrastructure.

The Challenge: Leveraging Core MFA & Branded Authentication

Our banking customer needed an identity management solution that could:

• Utilize their core banking Multi-Factor Authentication (MFA) for a seamless and secure login experience.
• Maintain brand consistency with a tailored UI and seamless authentication experience.
• Enhance security while improving user experience within their Salesforce ecosystem.
• Authenticate customers via core banking credentials without requiring actual Salesforce credentials.
• Integrate despite the core system’s lack of SAML support.

To meet these requirements, we integrated a third-party Identity Management solution with Salesforce, enabling centralized authentication and robust security.

Our Approach: Integrating Third-Party Identity Management with Salesforce

By linking Salesforce with an external Identity Provider (IdP), we enabled secure authentication without requiring users to create separate credentials. Here’s how we achieved it:

• OAuth 2.0 for Secure API Access: Allowed third-party banking applications to securely access Salesforce data on behalf of users.
• Delegated Authentication(Single Sign-On) for Online Banking Users: Configured Salesforce as a Service Provider (SP) and integrated it with the bank’s IdP and Enabled authentication via the bank’s existing online banking system, ensuring a secure and familiar login experience.
• Custom Multi-Factor Authentication (MFA): Integrated the bank’s Core MFA system to provide a seamless transition for users ensuring compliance and consent with stringent security policies while maintaining a branded and trusted authentication experience.

Login Flow Overview

Technical Implementation: A Closer Look

To seamlessly integrate the bank’s authentication system with Salesforce, we executed the following steps:

Configuring Salesforce as a Service Provider:

• Set up SSO settings and established a trusted connection with the IdP.
• Defined attribute mappings for user roles and permissions.

Enabling Delegated Authentication via Middleware:

• Utilized MuleSoft to wrap authentication within a SOAP web service.
• Salesforce sent authentication requests to the middleware, which validated credentials leveraging existing relationship via customer id associated.

Sample Web Service for Authentication:

@WebService
public class LDAPAuthService {
    @WebMethod
    public boolean authenticate(String username, String password) {
        // Authentication logic against the banking system
        return username.equals("validUser") && password.equals("validPassword");
    }
}        

Mapping User Attributes for Role-Based Access Control:

• Synced user attributes (First Name, Last Name, Email, Profile) with Salesforce using the Customer ID field in the Salesforce User Object( A custom field for user identification).
• Enforced role-based access based on IdP attributes for both internal users and community users.

Key Benefits for the Bank

? Seamless User Experience: Users log in with their familiar banking credentials and MFA, reducing friction.

? Enhanced Security: Centralized authentication minimizes risks from weak passwords and phishing attacks.

? Brand Consistency: Branded MFA ensures a uniform and trusted authentication experience.

? Regulatory Compliance: Aligns with industry security standards (e.g., GDPR, PCI-DSS).

? Scalability: Supports future expansions and additional authentication mechanisms.

The result? A smooth and intuitive login experience that feels native to the bank’s ecosystem—without appearing like a traditional Salesforce login process.

Conclusion

By integrating third-party identity management with Salesforce, we successfully addressed our banking customer’s unique authentication requirements. Leveraging Core MFA and branded authentication provided enhanced security, seamless access, and an exceptional user experience.

If your organization is looking to optimize identity management in Salesforce while leveraging existing authentication systems, let’s connect!