In the next three weeks, Salesforce will add a second major piece within the past year to its identity and access management capabilities. At its annual Dreamforce conference, Salesforce will unveil the Winter 15 edition, including a new feature called Login Flows that allows Salesforce admins to customize the login experience for their users.
On Day One of Dreamforce, I’ll take the stage with Salesforce engineers to show off YubiKey for Salesforce. This is an application that integrates with Login Flows, and the small YubiKey device that provides a one touch, two-factor authentication experience for logging into a Salesforce account.
The hardware-based YubiKey defines ease-of-use and helps prevent replay and brute force attacks that have defined recent password hacks. Because the YubiKey identifies itself to your computer as an external keyboard, there are no drivers to install and it ‘s compatible with any platform. In addition, there isn’t a battery to replace and malware cannot infect the firmware, a needed improvement over software-based authentication tokens.
Last year, Salesforce modernized its authentication platform with the introduction of Salesforce Identity, a set of Open APIs to support identity protocols such as SAML, OAuth, OpenID Connect and SCIM for single sign-on and federation.
This year, Salesforce is adding Login Flows to its platform in order to answer customer requests for the ability to add extra security and features like 2fa to end-user authentication. Yubico is adding YubiKey for Salesforce into that environment.
The solution is comprised of the YubiKey USB key and an application to validate Yubico one-time passwords against the YubiCloud service. The app also includes a console for IT to manage YubiKeys, including the ability to deal with lost YubiKeys, and an option for users to self-provision YubiKeys.
The end-user experience begins after the user enters their regular Salesforce username and password. Next, the user simply touches the lighted gold contact on the Yubikey inserted in their computer’s USB port – that’s it. The touch produces a unique, one-time 44-character code that is passed to the computer as a second factor of authentication.
In addition, users with existing YubiKeys running under their default configuration will be able to use those keys with the YubiKey for Salesforce app.
We believe this stealth hardware device is the wave of the future — easy-to-use, simple, and secure.
For more information, see our Works with YubiKey page for Salesforce.com