Integration Security
Security is the main concern of any customer or client and it becomes more serious when there is any integration involved in different applications with Salesforce. However, no need to worry, salesforce is not let you down in terms of security. Salesforce provides a different kind of ways to ensure security. Either salesforce is being called from an external application or salesforce call to an external application, we can also ensure the security as below:
Force.com Security: Inbound-
For all external services which are consuming salesforce API,
we can provide security as per the below process:
- User Authentication-determines who can log in. If any external service is calling to salesforce, a user must have user name and password to use Salesforce API. (Salesforce has passport expiration. Consider setting the “Password Never Expires” option for API user.
- Integration user should have API Enabled permission to access the salesforce through api. You can also set this user as “API Only” so that he can not login to salesforce via browser.
- Limits on the number of attempts
- Network Security-determines when and where user can log in
- Login hours and IP ranges by Profile
- Organization-wide trusted IP Address
- Session Security-
- Session Timeout can be enabled in salesforce.
- Data Security-
- API user profiles can ensure data security.
- Always consider to have API user profile a custom profile and should have access to relevant fields and objects.
- Transport layer Security
SSL (Secure sockets layer) provide secure transport for HTTP/HTTP
Force.com security: Outbound-
Salesforce also ensures security when salesforce calling external services as below:
- Two-way SSL
- Both client and server present a certificate to provide their identity to the other party
- The site must be whitelisted by authenticating the external URL in a remote site setting.
- Outbound Ports restrictions
- Port 80: HTTP Only
- Port 443: HTTPS Only
- Port 1024-6652 inclusive- HTTP or HTPPs
No comments:
Post a Comment