3 Building Blocks for Managing Cloud Applications
Now that my webinar with Mike Donaldson and Lisa Grady is over I wanted to post up some additional information and also a video of the working demo. Thanks to Ping Identity and Radiant Logic for working with us on this demo.
As a recap of the demo scenario, our theoretical company, MyComany, is looking to leverage cloud-based services and their strategy is to continue to migrate a significant amout of infrastructure to the cloud. The first application they have migrated is Salesforce CRM for Sales management. After that, they plan on expanding into Google Apps, a hosted provider for time and expense submission, HR, etc. The company has an internal Enterprise Directory (LDAP) which stores Employee profile information and the sales region and list of accounts for a Sales Rep is stored in Salesforce CRM. Since not all employees have access to Salesforce, there is also an internal portal that employees use to find Sales Rep and customer information.
Since they started using Salesforce, they are noticing these main problems:
- Managing the provisioning/de-provisioning of internal users in Salesforce is a time consuming manual process and in one case an terminated employee was not de-provisioned correctly and wound up getting access to information they should not have been able to access as a non-employee.
- They have a high number of password management issues since users have a separate account in Salesforce.
- Certain pieces of information are managed about salespeople and accounts in Salesforce and are not visible through the portal. This limited access to information required for the distribution of new leads and to contact the correct Sales Rep in case of a customer issue.
So, they want a solution that provides the following benefits:
- Automates the provisioning and de-provision of users in Salesforce based upon membership in a group in LDAP
- Centralized view of internal user information with attributes coming from LDAP and Salesforce that can be surfaced through the portal
- Centralized view of customer information that shows both the information coming from Salesforce but also includes the information from the accounts payable database for the complete view of the customer
- Single Sign-on into Salesforce from the MyCompany Portal
- Ping Identity PingFederate for provisioning and de-provisioning of users based upon group membership in the salesforce group in VDS
- Ping Identity PingFederate for Internet SSO using VDS as the LDAP directory for the Identity Provider (IdP) and Salesforce as the Service Provider (SP) using SAML
- Radiant Logic VDS Context Edition to create a single view of the employee information with cached attributes coming from LDAP and Salesforce
- Radiant Logic VDS Context Edition to create a single view of the customer with cached attributes coming from the Salesforce Users and Accounts tables
For larger images, please see the slides from the presentation included below.
Once implemented, this simplified their environment and provided greater flexibility as they looked to expand into the other cloud services, minimized trouble tickets for Salesforce password resets and improved internal access to information.
The following video shows the working demo which addresses the requirements above. This is just the starting point of what will eventually become a centralized hub for access to critical user and contextual data across repositories both internal to your company and also across cloud services outside of your firewall.
A recording of the webinar is available on Ping Identity website. Note that registration is required.
I have also uploaded the slides to SlideShare so that you can more easily see the larger images:
I would love to hear what you have to say about this concept. Special thanks to Ian Barnett (Ping Identity) and Prashanth Godey (Radiant Logic) for helping to get this demo set up.