18 October, 2006 - 9:12am

At last week's Dreamforce conference we demonstrated how easy and safe it is to use delegated authentication for Salesforce login. ITPro covered this in their article today on Sxip the passwords, get an identity, noting that with delegated authentication Salesforce users can login with their standard account system thus not requiring yet another set of accounts and passwords to manage and store in case users forget them. Thus the option to use your existing tools will be welcome to larger companies.

Salesforce.com also wrote about why delegated authentication makes sense for their customers this past summer in which, Benji Jasik states,

There's been some recent discussion on Sxip's decision to build hardware to support Salesforce.com's delegated authentication protocol. Delegated authentication is a process where Salesforce makes a secure web services call to an endpoint that a customer defines. Salesforce can delegate authentication to the customer, which can allow for building web single sign on, integration with two-factor, integration with an LDAP directory, and many other possibilities...

We suggest customers can use web single sign on, and a shared password for the clients. So when I login through the web, a SAML token can be passed through. When I use the web services-based clients, I use my Active Directory password. This is a simple solution. For our customers, a hardware based solution is a no-brainer. It's simpler to deploy, and less to maintain on their end.

We agree that this approach with Sxip Access makes infinitely more sense then a heavier federated solution, since it is significantly faster and easier to get up and running and allows logins anywhere, such as accessing Salesforce from a Blackberry. Which is simply not possible with a SAML-based federated method. Read more about why Salesforce prefers delegated authentication in Benji's article, Sforce Single Sign On".