Laserfiche WebLink
SOLICITATION # CH16012 <br />Security features are developed by Salesforce and built into the application. Third -party packages <br />are not used for development or implementation of security internal to the application. <br />In addition, single sign -on and two -factor authentication may be used to authenticate users. Some <br />organizations prefer to use an existing single sign -on capability to simplify and standardize their <br />user authentication. You have two options to implement single sign -on —federated authentication <br />using Security Assertion Markup Language (SAML) or delegated authentication. <br />Federated authentication using Security Assertion Markup Language (SAML) allows you to send <br />authentication and authorization data between affiliated but unrelated Web services. This enables <br />you to sign -on to Salesforce from a client application. Federated authentication using SAML is <br />enabled by default for your organization. <br />Delegated authentication single sign -on enables you to integrate Salesforce with an authentication <br />method that you choose. This enables you to integrate authentication with your LDAP (Lightweight <br />Directory Access Protocol) server, or perform single sign -on by authenticating using a token <br />instead of a password. You manage delegated authentication at the profile level, allowing some <br />users to use delegated authentication, while other users continue to use their Salesforce-managed <br />password. Delegated authentication is set by profile, not organization wide. You must request that <br />this feature be enabled by Salesforce. <br />Salesforce can be configured to utilize Active Directory directly via Delegated Authentication, or <br />indirectly via Federated Identity using either SAML 1.1, or SAML 2.0. Additionally your users can <br />be loaded from information drawn from your Active Directory servers and modifications made in <br />Active Directory can be propagated into Salesforce. <br />Customers can use their own SAML Identity Provider, or license one directly from Salesforce with <br />our Identity Connect product.User ProvisioningUser provisioning and management is performed <br />through the Salesforce Administrative Setup environment and is performed by Salesforce <br />customers. Users, their profiles, permissions and passwords may be managed, edited, activated <br />and deactivated as needed by those with appropriate permissions. An administrator (appointed by <br />the customer and not by Salesforce) with appropriate privileges can manage session timeout, <br />password policies, IP range login restrictions, delegated authentication/SSO, and requirements as <br />part of this process. On first time login or password reset request, users are required to change <br />their passwords to gain access. Salesforce also offers delegated authentication, enabling <br />customers to provision and deactivate users from an external directory service.User Access <br />ProfilesSalesforce enables administrators to manage roles and relationships between roles from <br />within the application, in a single easy to read page depicting the role hierarchy. <br />All users and application -level security are defined and maintained by the organization <br />administrator and not by Salesforce. The organization administrator is appointed by CSBS. An <br />organization's sharing model sets the default access that users have to each other's data. <br />There are four sharing models: Private, Public Read Only, Public Read/Write, and Public <br />Read/Write/Transfer. There are also several sharing model elements: Profiles, Roles, Hierarchy, <br />Record Types, Page Layouts, and Field Level security. <br />Details about sharing models and sharing model elements are provided below: <br />Private <br />Only the record owner, and users above that role in the hierarchy, can view, edit, and report on <br />those records. <br />carahsoft 34 carahsoft <br />