We want to introduce a case study in which YubiOn for Salesforce was deployed to a company in the service industry. This company consulted us about "realizing MFA at remote connection destinations using authentication devices" and "authentication devices management" to support Salesforce's MFA (multi-factor authentication). YubiOn solved this problem by proposing the introduction of YubiOn for Salesforce, Salesforce's MFA protection product, and using the authentication device YubiKey. This time, I will introduce this specific content.
Introduced Organization
Service industry companies Deployment scale:
Deploying YubiOn for Salesforce Salesforce users: Approximately 20 accounts
Adoption of authentication device YubiKey Arrange YubiKey for each user ※ Uses YubiKey 5 series that supports OTP function
Issues
The customer is using a remote connection system to connect to a device and log in to Salesforce from the remote destination device. At first, they planned to use FIDO security keys to support MFA in Salesforce, but the remote connection system used by the customer was unable to forward FIDO (authentication) communications to the remote destination. Since the use of mobile devices is also prohibited, they would like to use an authentication device if possible. There was also a request to understand who has been assigned which authentication device regarding the use of authentication devices.
In summary, the following two points need to be resolved:
・Ability to use an authentication device and support Salesforce MFA on the connection destination machine.
・Be able to know which authentication device has been assigned to whom.
Solution
Introducing YubiOn for Salesforce "YubiOn for Salesforce" is a package that provides enhanced authentication through MFA using the one-time password (OTP) of the authentication device YubiKey when logging in to the Salesforce platform, as well as integrated management functions for users and YubiKeys. First, install YubiOn for Salesforce in your Salesforce organization. By installing our package, you can implement MFA using password authentication and YubiKey OTP authentication when logging in to Salesforce. Next, I will explain why YubiKey's OTP authentication is effective for MFA at remote connection destinations. When you connect the YubiKey to the device from which you want to make a remote connection, the YubiKey will be recognized as a keyboard device. When you issue an OTP from this YubiKey, it is transmitted to the remote connection destination as a keyboard input. In other words, if keyboard input can be transmitted to the remote machine, YubiKey's OTP authentication can be used. This time, since the remote connection system used by the customer accepts keyboard input, it is possible to use MFA using YubiKey's OTP authentication.
Managing the authentication device YubiKey By installing our package, you can use the YubiKey management screen called "YubiKey Manager". On this management screen, you can register, edit, and delete YubiKeys, or assign (and cancel) YubiKeys to users. We solved the issue of "being able to know which authentication device has been assigned to whom" by using YubiKey Manager.
Adoption of authentication device YubiKey YubiOn for Salesforce supports YubiKey 5 series and later devices with OTP function. Since we are Yubico's official domestic reseller, we were able to provide one-stop support for everything from package installation to hardware procurement.
Summary
YubiOn for Salesforce is recommended for "those who want to use FIDO security keys to support MFA in Salesforce, but are unable to do so due to remote connections", and "those who want to manage which authentication device is assigned to whom". The products and authentication device information introduced this time are summarized below. Please feel free to contact us when making your request.
YubiOn for Salesforce A free trial of the package is available on AppExchange. You can use paid features for 30 days after installing the package, so please try it out. Please check the product introduction page for detailed product information.
YubiKey sales You can buy from our YubiKey shop or Amazon. (If you want to use it with YubiOn for Salesforce, please buy YubiKey 5 series or later.)
※ For bulk purchases and quotation requests please contact us from the contact page.