Month: February 2014

Salesforce Security control , Security Model Tutorial

Salesforce Security Model Tutorial

In Salesforce Security control is done by system level  and Application Level Security. In this article we should able to get knowledge on security control in Salesforce. Salesforce Security is of two types they are

  • System Level Security.
  • Application Level Security.

    salesforce security

    salesforce security

System Level Security.


  • Single Sign-On.
    • Federated Authentication.
    • Delegate Authentication.


  • OAuth.

  Social Sign –On.

  • Twitter.
  • Facebook.
  • Sales force.
  • Google.
  • Janrain: provides 25+ different authentication users.

Application Level Security.

  1. Object Level Security.
  2. Field Level Security.
  3. Record Level Security.

Salesforce Security : Object Level 

This object level Salesforce Security is also called as Object Level Permission”. In this section we can control the data. Object  Level security is one of the level of the security in salesforce in which we provide or access controlled permission to the prescribed user.  Object level security can have the following features.

  1. We can prevent the user from editing, seeing, creating, deleting and managing a particular type of object.
  2. We can hide the entire TAB from a user.

Object Level security can be done in the following Sections.

  • Permission Sets.
  • Profiles

Permission Sets : In this Permission sets we define the access level of the user. Generally we determine what a user can do in the applications. These are used to grant additional permission to a user. Profiles : In Object level Security, Profiles are assigned to the user by system administrator. A profile can be assigned to many users where as a user can have only one Profile.

Salesforce Security :-  Field Level

Here  we control the user to see, edit, delete of a particular field in the object. In some situation like if we want to grant access control over Object to a user but the user should not be able to access some particular fields in that objects then we go for Field Level Security.

Field Level Security can be controlled by Profiles and Permission sets.

= > Profiles.

  • Page Layouts.
  • IP Ranges.
  • Login Hours.
  • Desktop.
  • Client Access.

= > Permission sets.

  • App Permissions.
  • Record Types.
  • Tab Settings.
  • Assigned Apps.
  • Object Permissions.
  • Field Level Security.
  • Apex Classes
  • Visual Force Pages

Salesforce Security :- Record Level .

After setting Object and Field Level Security the situation may arise like if a user is eligible to access a particular Record in a Object there we use this sharing method . This can be done by the following settings.

  • Org Wide Defaults.
  • Role Hierarchy.
  • Sharing Rules.
    • Manual Sharing.
    • Criteria Based sharing.

Organization-wide-Level Security

Determining Organization wide Defaults is the first step in record level security. This is the most restrictive level of locking the data to a user. Here if we give Read-Only accessibility to a user then the user is only made to Read to a particular Record.

Role Hierarchy.

After setting Organization wide default setting next step is to make settings in Role Hierarchy. Here we can give wider access to a record s with role Hierarchy. In Role Hierarchy we create Role Hierarchies for a organization.

Sharing Rules.

Sharing Rules makes automatic exceptions to organization wide defaults settings for particular users in an organization. Sharing rules can be done by manual sharing, criteria based sharing and Apex managed sharing.

Declarative Features of Record level security.

  • What objects can I access?
  • What page layouts can I See?
  • What fields can I Access?
  • Which tabs can I view?
  • Which records types can I see?
  • Which Apex classes are accessible for me?
  • Which Visualforce pages can I access?

Single sign on Using SAML, SSO SAML impementation

How to set Single sign On Using SAML.

  1. User must establish Saml Identity Provider : Here we send Single Sign On request to Salesforce.
  2. Provide information to identity provider : Here we have to give Login, Log out URl’s
  3. Configuring Salesforce.

 How does Salesforce Trust Identity Provider ?

To establish Single Sign on Salesforce must be connected to Identity Provider.In order to establish relation between Salesforce and Identity Providers salesforce must trust the identity provider. Following is the process is done.Single sign on Using SAML

  • During Configuration, Identity provider gives a digital certificate to salesforce  and in run time Salesforce uses the certificate to validate the digital signature  given by identity provider.

Enabling Salesforce to be Service Provider.

To enable Salesforce as a Service Provider we must do 2 important things.

  1. Download digital signature certificate from identity provider(IdP).
  2. Upload digital signature certificate to salesforce.
  3. Configure salesforce.

 Identity Provider-Initiated SAML Flow during run time.

The user will sign by using Single sign on in to the Idp. The Idp will return a page containing form with saml assertion. Then the user submits SAML assertion to sales force to login. Then the Service Provider (Salesforce) checks the digital signature and grants sessions id.

Single sign on Using SAML

Service Provider-Initiated SAML Flow.

This is the situation where user clicks on the link where to access something in the salesforce and redirect the user back to Idp Successfully.

Single sign on Using SAML

 The end user requests a page at a custom domain for salesforce. Salesforce says you are not logged in. Then the user is logged in to Idp credentials. Then the Idp redirects the user to salesforce with SAML Assertion. Now Salesforce redirects the requested page with session Id to the end user.

Now we are going to create a new Single Sign On in salesforce.

Go to Setup => Administer = > Security Control = > Single Sign On Settings.

Single sign on Using SAML

Enable SAMl. By enabling SAML we can create new Single Sign ON. Edit it and check SAMl Enabled.

Single sign on Using SAML

Save it

Single sign on Using SAML

Now select New button.

Single sign on Using SAML

Before going to fill SAML Single Sign-On Setting details we should have some data . Go to the following URL and Download the Digital certificate which is to be uploaded .

GO to

Single sign on Using SAML

Issuer : mockidp.

Entity id :

Single sign on Using SAML

Now go to Configure Section shown below.

Single sign on Using SAML

Complete all the details as shown below.

Single sign on Using SAMLSingle sign on Using SAML

Before login Logout From

Saml, Saml 2.0, Security Assertion Markup Language

Saml, Saml 2.0, saml Tutorials

Saml, Saml 2.0: In this Training tutorial we are going to know clearly about   what is Security Assertion Markup Language , How does saml work,  identity providers, Security Assertion Markup Language Service Providers, assertion, Security Assertion Markup Language Authentication,Security Assertion Markup Language Authorization.

What is SAML ?

SAML means Security Assertion Mark Up Language and it is based on XML (Extensible Markup Language). Security Assertion Markup Language allows users to communicate about the authentication decision between one service provider and another service providers. Salesforce supports Security Assertion Markup Language for Single Sign On from  external or portal identity provider.

How SAML Works ?

Security Assertion Markup Language  is mainly based on trust. Here we are enabling Security Assertion Markup Language in salesforce for single sign on . Enabling Security Assertion Markup Language means we are creating connection between Service Provider and Identity Provider. We  can set Service Provider to connect with Identity Provider and the identity provider is connected to User. Then the Service Provider will trust the end user.

What is SAML Assertion?

 SAML assertion makes the request essential to provide access to the end user. It is directive from the Idp.  Attesting that the user is legitimate.

They are four key pieces of information in Assertion.

  1. Digital signature provide by Idp.
  2. Issuer: The name of the service Provider.
  3. Entity ID : The name of the service Provider.
  4. The Subject: user id.

What is SAML Identity Provider(IdP) ?

Identity Providers are those  which provide online resources by providing authentication to users over the network . Sometimes Identity Provider is also called as identity Service Provider or Identity Assertion Provider. Salesforce can be the Security Assertion Markup Language Identity provider.

What is SAML Service Providers (SP) ?

Service providers (SP)are those who provide resources like web services to a user over the internet by Single sign On. Salesforce can be a SAML Service Provider which can be accessed from another authentication server.

Salesforce Identity.

Salesforce is a center which provides us many managed, standards-based, authentication and authorization services.  Salesforce has many features below are the  some of the services they provide.

  • Salesforce as SAML IdP.
  • Salesforce as SAML SP.
  • OAuth Connected Apps.
  • Canvas Connected Apps.
  • Single sign on For communities , portals.

Single Sign On, SSO Login, Single Sign On Login

Single Sign On, SSO Login, Single Sign On Login

Single Sign On, SSO Login, Single Sign On Login:  In this tutorial we are going to study clearly about Single Sign On,how  to implement SSO in salesforce, what is single sign on, how does single sign works,  single sign on definition, Different types of Single sign on, benefits on single sign on, Federated single sign on, Delegate single sign on , Managed service providers, What is saml, saml 2.0 specifications, saml authentication, saml identity providers, saml assertion.

what is single sign on ?

SSO or Single Sign on is the process that allows all networks users to access all authorized network resources through single username and password with out having different usernames and passwords for every resources in the network.

Suppose in an organization there are different number of systems, applications  and resources which are to be accessed by every user. To access those resources in that organization the user must login to that application with that username and password. If he wants to access more number of resources it may be difficult to remember those passwords. To eliminate such type of issues SSO is implemented.

Benefits of single sign on

When coming to the benifits of Single sign on we can observe many benifits when Single Sign On is implemented. The following are the benefits to your organization with single sign on.

  1. It reduces Administration costs : No need to remember all usernames and passwords. Salesforce provides resources and external applications just logged in without asking to enter username or password.
  2. Leverage existing Investments : Many of the companies uses LDAP data base to manage their users identities to allow authentication to their systems in their organization. Suppose with the user is removed from LDAP system the user is immediately removed and no longer able to login to their systems.
  3. Time Saving.
  4. Increased User adoption : User who uses Salesforce are more comfortable to send email messages that contains links to information to
  5. Increased Security.

Different types of Single sign on Implementations.

Single Sign On or SSO can be implemented by two ways .

  1. Federated Authentication.
  2. Delegate authentication.

What is Federated Single Sign on Authentication.

In salesforce, if Federated single sign on Authentication is enabled then the salesforce does not validate user’s password. Instead of validating user’s password salesforce verifies an insertion in the HTTP POST request and allows single sign on if the assertion is TRUE, if assertion is false salesforce does not allows SSO.

What is Delegate Single sign on Authentication.

Delegate Single Sign-On authentication is the second type of Single sign on in salesforce. If this type is enabled in salesforce allows web services to your organization to establish authentication credentials to the users instead of validating the users passwords.

Authentication Providers.

Authentication providers are those who provide authentication credentials to the users from external service providers. Authentication provide credentials to the users with profiles containing login IP range restrictions, Session Id’s

Single Sign On

Here we are required to setup new Authentication providers  to establish connection. The process of authentication will be like below steps.

  • The users tries to login  in to Salesforce using third party identity.
  • Then login request is redirected to the third party provider.
  • Then the user will be approved to access.
  • The Authentication provider redirects the user to salesforce.
  • Now the user is logged in to salesforce.

Many to Many Relationships in Salesforce

In this article we are going to create Many to Many Relationships between courses and classroom. In salesforce if we want to create Many to Many relationship we want a Junction Object. Junction Object will be Course Offering in our training tutorial                                                       .

 In order to establish Many to Many Relationship between Classroom and Course we are sing Course Offering Object as junction Object.

What is Junction Object ?

In salesforce Junction Object are the part of the objects which joins one object to another. These are specially used to join many objects in Many to Many relationships.

How to create Many to Many Relationships in Salesforce.

Creating Many to Many Relationships in salesforce is very easy but we have to keep little bit concentration on he process of creation. In this Training tutorial we are going to know every thing about Many to Many relationships, what is cross field object, how to create cross field object .

Before going to create Many to Many Relationship we have to create 3 custom objects namely Course, Course Offering, Class Room. Course and Classroom objects are Master objects, Course offering objects is meant for Junction Object.

After creating three custom objects now we have to create custom fields in them. Create the list of fields in Custom objects listed below.

Course offering.

  • Course starting date.
  • Course Last date.
  • Current Seats Occupied.

Class Room

  • Maximum Seats Occupied.

After creating those custom fields in their Custom Objects w have to establish link between those object. This is the to create Many to Many relationships.Go to Junction Object(Course offering) create Master-Detail Relationship related to Classroom.

Select Next. Enter all the details Field label and Field name provided below.

Then press Next =>Next Finally Save it.

Now we have to create another Master-Detail Object in Junction Object(Course offered Object).

Many to Many Relationships in Salesforce

Many to Many Relationships in Salesforce

Many to Many Relationships in Salesforce

Finally  Save it.

Go to Objects we are able to view to relationships created for Junction Object.

Many to Many Relationships in Salesforce

Now go to Classroom tab to create new Records and fill all the details given

Many to Many Relationships in Salesforce

Many to Many Relationships in Salesforce

Now go Detailed view of the record in Course object that we crated and we observe child Object (Course offering). We are not shown full details in that. Edit page layout to display below details.

Many to Many Relationships in Salesforce

Now go to detailed view of the record in Classroom Object.

Many to Many Relationships in Salesforce

The above shown Course offering is the Junction Object. Edit page layout. But we are not able to find Maximum Seats Occupied field in the available fields. In earlier when we edit page layout for Course object we have Maximum seats Occupied field but we are not having any Such type of field. So here comes the concept of Cross fields.

Many to Many Relationships in Salesforce

By creating Cross Formula field in Junction object we can arrange that Maximum seats occupied in layout.

Many to Many Relationships in Salesforce

Enter the details given above.

Many to Many Relationships in Salesforce

Now we can find Maximum seats occupied field.

Many to Many Relationships in Salesforce

Go to Classroom fields in detail view. Now edit the page layout.

Many to Many Relationships in SalesforceMany to Many Relationships in Salesforce

Many to Many Relationships in Salesforce

All the details available now. Successfully we have created Many to Many Relationships.

Creating Formula Field in salesforce

Creating Formula fields in Salesforce :  Formulas are those which are used to calculate something, combine data from multiple fields, to check for a condition, to show information from one record on a related record.These formulas will be simple or complex with layers of nested logic s. Formula fields is based on other fields values and it is shown only in detailed view of an object and can not be viewed in editable view of an object.

 creating Formula field in Salesforce ?

Go to Setup => Build => Create => Object => Select object => Custom Fields & Relationships => Click new => Formula.

Now we are creating Formula field for student object to calculate average of three subjects F = ( S1+ S2 + S3) /3.

Go to detail view of the object.

Go to Custom fields and relationships and create new.

Now select formula which is of type number and Click next.Formulae fields in Salesforce

  • Now provide all the details like field label and field name . For formula return type select with decimal places zero.
  • A formula editor is shown with two tabs. 1.Simple formula and Advanced Formula.

Select the tab Advanced Formula you can observe function with right extreme which can be used. While writing this formula in the editor we can see two field in inside fields and outside fields to refer to the fields in the object.

In the formula editor provide the Formula given.

Now check the visibility at the top to give accessibility of this field to every profile.

Finally Save it.

Now go to your Student object create record and fill S1, S2, S3 subject marks and save it. In editable view formula field is not available . In Detailed view of the record you can view Formula.

How to create Roll-Up Summary fields in Salesforce

How to create Roll-Up Summary fields in Salesforce : In this training tutorial we are going to learn what is Roll-Up Summary field in salesforce, Characteristic of Roll-Up Summary field and how to create Roll-Up Summary field in Salesforce.

Roll-Up Summary field : Roll-Up Summary field in salesforce calculates values from a set of related records.

Roll-Up Summary field can do the following functions.

  • Count : It calculates the total number of related records.
  • Sum : It totals the values of selected fields.
  • Min : Displays lowest value.
  • Max : Displays the highest value.

Characteristics of Roll-Up Summary.

  1. Roll-Up Summary field can be created only in a object which is referred as a object with a master detailed relationship field.
  2. Roll-Up Summary field can only created for Master-detail Relationship.
  3. Roll-Up Summary field can not be  created for Lookup Relationship.
  4. It Derives the data from child Object.
  5. We can’t change field type of a field that we reference in a roll-up summary field.
  6. Auto numbers are not available here.
  7. Roll-Up Summary fields are not available for mapping lead fields of converted fields.

How to create Roll-Up Summary Fields in Salesforce.

Here we are going to create Roll-Up Summary field in Custom object called “College”. Totally we are going to create Four Roll-Up Summary fields which are Total number of Students from Student Object, Total number of Employes from Employs Object, Total Fee Paid from Student Object and finally Total Courses from Course Object.

Step1 : Go to Detailed view of the object then go to Custom fields and Relationship section.

Custom fields and Relationship section => New => Roll-Up Summary.

How to create Roll-Up Summary fields in Salesforce

Now enter all the details like Field Label and Field name and Select Next.

How to create Roll-Up Summary fields in Salesforce

Enter Summarized object from picklist, Select Roll-Up Types select Next and finally Save it.