Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
46 Cards in this Set
- Front
- Back
- 3rd side (hint)
What are the main features that support SF Identity? |
|
9 features, different ways to provide unique views |
|
What is Single Sign-on (SSO)? |
Allows users to access all authorized resources without logging in separately to each one—and without having to create (and remember) different user credentials for each app. Connect users to several accounts and applications running in other Salesforce orgs and even in other clouds. For example, a call center rep with Salesforce Identity can click a link and be logged in immediately to other apps, like Google Apps, Office365, or Box. |
one and done |
|
What are "connected apps"? |
The "authorized resources" for users. Connected apps bring Salesforce orgs, third-party apps, and services together. If a connected app is created without implementing SSO, it acts like a bookmark. Users can get to the app from the App Launcher or drop-down app menu, but they sometimes have to sign in again to use it. So to get the most out of connected apps, configure them for SSO. With SSO, admins can set security policies and have explicit control over who uses which apps. You can also use connected apps to manage authentication and policies for mobile applications. |
value of SSO set up |
|
What is "social sign-on"? |
users log in to a Salesforce org with their username and password from an external authentication provider, like Facebook, Twitter, LinkedIn, or Google. You can set up any of these providers with a few clicks. With a little bit of work, you can set up other providers, like PayPal and Amazon.Social sign-on is especially useful when you want customers to be able to log in to a community without having to create (and remember) a new username and password. Customers can log in to a Salesforce Community site using their Facebook or LinkedIn account. |
|
|
What is "two factor authentication (2FA)"? |
users have to provide a second “factor,” or proof of identity, in addition to their username and password. The second factor can be a verification code that the user gets from a mobile authenticator app like Salesforce Authenticator. Or users can have a code sent to them by text message or email.With the newest version of the Salesforce Authenticator app, the second factor can be a response to a push notification on the user’s mobile device. helps ensure that even if an attacker acquires a user’s password, the attacker can’t log in and do harm. |
2x as secure |
|
What is "centralized user account mgmt"? |
single place to manage all user mgmt tasks - access or lack to other apps, freeze access, login policies, etc for users single password to remember |
one stop shopping |
|
What is "user provisioning"? |
create, manage, and secure user accounts across all your orgs and connected apps |
for connected apps |
|
What is "identity connect"? |
synchronizes users and their attributes from Active Directory (AD) to Salesforce. When a user is created in AD, that same user account can also be created automatically in Salesforce. When a user is deleted from AD, the user account in Salesforce is deactivated at the same time. let users sign in to Salesforce using their AD username and password. In some circumstances, you can configure Identity Connect to automatically sign users in to Salesforce—users can click a bookmark or link to Salesforce and they’re authenticated and taken to Salesforce without even seeing a login page |
quick access |
|
Why is app launcher part of the feature list for SF Identity? |
if you are connecting other apps, they can be included in the app launcher no login necessary if already logged into SF |
one stop shopping |
|
Key benefits of SF Identity for partners and customers |
|
5 benefits, related to communities |
|
What does user registration have to do with SF Identity benefits? |
customizable process, collect relevant info, launch workflows right from registration |
customizable |
|
What are the 3 identity protocols related to SF identity? |
|
used by service and identity providers like FB or app exchange apps |
|
What is SAML protocol and when is it used? |
Allows SSO to happen between orgs and apps |
one and done |
|
What is OAuth 2.0 protocol and when is it used? |
allows secure data sharing between apps, such as SF1 app accessing SF data |
sharing is good |
|
What is the OpenID Connect protocol and when is it used? |
allows for social sign ons like FB and Google, doesn't create a new account and new password |
social is fast |
|
When Can Users Be Prompted for Two-Factor Authentication? |
|
3 times |
|
What features require a custom domain? |
|
5 features |
|
What are the 2 My Domain Policies that can be set? |
|
|
|
What are the 3 redirect policy options for My Domain? |
|
|
|
What is the Federation ID? |
|
ID |
|
What permissions are needed to query event log files? |
|
2 |
|
What is Event Monitoring? |
|
activities |
|
How many different types of events can be monitored? Provide 8 examples |
30 types of events
|
access,web & SF1,dev stuff, reporting |
|
What is an event log file and when is it generated? |
|
tracking real time |
|
Name 3 benefits of event monitoring |
|
data and users |
|
Where in Setup can the event log files be accessed? |
|
only advanced admins... |
|
How can you download event log files for easy viewing? |
|
3 approaches, script |
|
What is the advantage of using the Event Log File browser app to download files? |
more straightforward - converts to Excel or Sheets
|
|
|
What is the advantage of using cURL to download event log files? |
|
purple button, my way |
|
What is the advantage of using Python to download Event Log Files? |
|
|
|
What is encryption? |
scrambling of information so that only those with the right decoder can unscramble it |
decoder rings |
|
When does Shield Encryption do the encrypting? |
when the data is stored (saved) in SF, "at rest" |
peaceful |
|
Encryption vs other options for security |
|
3 overreaching options (there are more) |
|
when to use Shield Encryption |
|
circle of trust |
|
What is an (encryption) key? |
|
open doors |
|
what is an (encryption) secret? |
|
hiding place |
|
What are tentant and master secrets? |
keys for keys (like teller and vault guard when accessing safety deposit box) |
bank tellers |
|
How often does SF generate a new master secret? |
3 x a year, with each release |
new stuff in SF |
|
How does the tenant secret work? |
|
link to keys |
|
What level of encryption is included in the base SF license? |
|
custom and standard |
|
What level of encryption is included with Shield Platform Encryption (free only to developer orgs and sandboxes)? |
|
what, how, benefits |
|
What is "key rotation"? |
generating a new tenant secret and archiving the old one |
refresh |
|
Steps to target critical needs for encryption when implementing Shield |
|
not all borders can be defended with walls |
|
Tips for assigning Permissions and key access |
|
backup, admin, access |
|
True or False If a user is granted the "view encrypted data" permission, he can view all data that is encrypted |
False Depends on all other access points, such as roles and profiles, field level security, page layouts, validations, etc. |
many ways to secure |
|
True or False All apps in the App Exchange are compatible with Shield |
False Many but not all, and some would prevent enabling Shield |
"always" is a fantasy |