Anybody know the difference between Federated authentication and Delegated authentication in salesforce? Can you explain the flow of request in these two methods?
Delegated authentication allows users to sign in to Okta by entering credentials for their organization's Active Directory (AD) , Windows networked single sign-on (SSO), or user stores that employ the Lightweight Directory Access Protocol (LDAP) .
Although you may hear SSO and FIM frequently used together, they are not synonymous. Single sign-on enables access to applications and resources within a single domain. Federated identity management enables single-sign on to applications across multiple domains or organizations.
One example of federated identity is when a user logs into a third-party website by using their Gmail login credentials. With FIM, they don't have to create new credentials to access multiple websites that have a federated agreement with Google, such as: YouTube.
The main difference is the use of Security Assertion Markup Language (SAML) on Federated Authentication.
Delegated Authentication Use delegated authentication if you have mobile users in your organization, or if you want to enable single-sign on for partner portals or Customer Portals. You must request that this feature be enabled by salesforce.com. This recipe explains delegated authentication in more detail.
Federated Authentication using SAML Federated authentication uses SAML, an industry standard for secure integrations. Investing in SAML with Salesforce.com can be leveraged with other products or services. If you use SAML, you don't have to expose an internal server to the Internet: the secure integration is done using the browser. In addition, Salesforce.com never handles any passwords used by your organization. For more information, see “Configuring SAML Settings for Single Sign-On” in the Salesforce.com online help.
Difference
Delegated authentication has a few drawbacks with respect to federated authentication. First, delegated authentication is inherently **less secure than federated authentication**. Even if encrypted, delegated authentication still sends the username and password (possibly even your network password) over the internet to Force.com. Some companies have policies that preclude a third party for handling their network passwords. Second, delegated authentication **requires much more work for the company implementing it**. The Web services endpoint configured for the org must be developed, hosted, exposed on the Internet, and integrated with the company's identity store.
More detailed flow and code example on delegated
More detailed flow on SSO width SAML
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With