• Identity Lifecycle for Salesforce EmpowerID’s automated lifecycle management simplifies the entire JML process within Salesforce, removes the risk of manual errors, and eliminates your security problems.
  • Zero Trust Delegated Administration for Salesforce Out of the box, Salesforce is not Zero Trust compatible. EmpowerID changes all that and delivers the granular level security that your organization needs.
  • Salesforce Compliance and Recertification EmpowerID is world-class for its tracking and logging capability. When integrated with Salesforce, this makes compliance and recertification a dream.
  • Adaptive MFA for Salesforce Passwords and user practices are your weakest link. Organizations find the security/usability balance difficult. EmpowerID’s Adaptive MFA changes that.

Watch a short demo video of how EmpowerID integrates with Salesforce:

Identity Lifecycle for Salesforce

EmpowerID’s Identity Lifecycle for Salesforce automates account provisioning and access assignment.

Because EmpowerID is process-based and workflow driven, it aligns with your organization’s own business processes.

This not only makes policy-based “Compliant Access” automation easy, but also it eliminates security problems and human errors associated with the manual user creation, role, profile, and permission set assignment in SalesForce.

Your organization’s lifecycle events can be triggered manually by workflows, but the most efficient method is automatically detecting changes to your HR systems as they occur.

EmpowerID not only does this, but it also handles provisioning and deprovisioning across all your Salesforce environments.

This is throughout the entire Joiner-Mover-Leaver (JML) process, and this automatic management of users in adherence with your own business policies is both efficient and easy.

Naturally, when users leave your organization, your organization’s deprovisioning policy allows for a graceful handover of responsibilities, a straightforward transfer of data ownership, and results in minimal impact to everyone involved.

Zero Trust Delegated Administration for Salesforce

Unmodified, Salesforce’s out of the box roles and security model conflicts with organization’s seeking to pursue a Zero Trust strategy.

One of the key tenants of the Zero Trust model is that users should never be granted permanent unproxied access to systems. This is for two principle reasons:

  • unproxied access cannot be easily monitored
  • permanent privileged access is an opening waiting to be compromised by an attacker.

Unfortunately, with an unmodified Salesforce, these are impossible to prevent.

However, EmpowerID was designed with this exact scenario (and Zero Trust) in mind. EmpowerID overlays a single unified security model on top of SalesForce (or any other application of this nature).

This security model allows EmpowerID to transform your current, broad, non-Zero Trust security model to one that is both granular and Zero Trust compatible.

Even though such granular level functionality is impossible within the Salesforce security model, it is standard within EmpowerID.

Once transformed, you can now delegate granular administrative privileges to users within your specific business units or partner organizations.

Even better is these fine-grained delegations are flexible and scalable enough to support even the most complex global organizations and multi-tenancy scenarios.

This not only allows you to control exactly who may see which objects and identities and who may perform what tasks, but this is also done without granting any native administrative privileges. Users never get unproxied access.

Salesforce Compliance and Recertification

EmpowerID assists your Salesforce team in breezing through audits. Currently, maintaining control and visibility over your Salesforce environments is headache-inducing for many auditors.

With compliance, your users must have appropriate access according to their roles within your organization.

However, with the certification process, the lack of detail and granularity with tracking and logging means it is both inadequate and next to impossible.In contrast, this is almost automatic with EmpowerID.

EmpowerID not only maintains an up-to-date audit, but also can provide complete control over who has access to what across all your Salesforce tenants

Being policy-based and workflow driven, EmpowerID’s built-in attestation policies allow for rapid periodic recertification of Salesforce group and role assignments. This eliminates the major hassle and concerns of auditing this essential infrastructure.

Other areas where EmpowerID also excels in aiding compliance and recertification are with categorizing external users and Separation of Duties (SoD).

With the former, EmpowerID categorizes external users to allow their access to be reviewed and analyzed separately. With the latter, your own risk-based SoD policies define toxic combinations of access and subsequent actions.

When EmpowerID detects such conflicts, it automatically escalates and resolves these.

Adaptive MFA for Salesforce

Few would argue that sales and customer data are the lifeblood of any organization. However, ensuring the identity of those accessing these services is critical.

Not least because of the trust element, which is something you should nurture and cherish, but also in preventing data loss and/or system downtime.

Unfortunately, passwords continue to be the weakest link in an organization’s security strategy.

Though Multi-Factor Authentication (MFA) is the only proven means to plug this gap, on its own, it does not tick all the requisite boxes.

Because poor practices are prevalent, organizations know they must strike a balance between stringent password policies and usability.

EmpowerID’s Aadaptive MFA (AMFA) delivers on both.

AMFA eases the adoption of more secure or stringent login procedures by allowing you to determine the login circumstances. For example, not forcing users to perform MFA on every login, but only when your business rules specify.

To facilitate this, EmpowerID provides users a wide range of user-friendly options, including:

  • One-time password
  • FIDO/Yubikey tokens
  • 3rd parties such as DUO
  • The EmpowerID Mobile phone app, which allows users to click to approve their logins.