I am the lead engineer on a web-based application that we would like to tightly integrate with salesforce. Specifically, we would like to:
- Save email, hashed password / salt with contact record, and implement basic authentication service
- Save entitlement information as part of the contact record
Basically, we would like to use salesforce as an authentication / entitlements service. Once a contact has been “converted” into a full fledged user of our system, we would like to be able to add user credentials to the contact object, and build an apex remote call that our system would use to authenticate the user. Furthermore, we would also like to enable / disable certain functionality on our site based on entitlements configured as part of the contact record.
I have read about using salesforce as an identity provider, but I don’t think that this what we want. The contact record does not allow salesforce login.
Any direction would be appreciated.
I believe what you want to do may bypass SF’s terms on users. If you want to authenticate users through salesforce, I believe you need a user license for every user (but there are some cheap licenses for high amounts of users, contact salesforce).
If you want access based on the contact object, you can map contacts to portal users, which creates an additional user object. From there on I do think the Salesforce Identity they are building, may be what you want ?
http://www.salesforce.com/company/news-press/press-releases/2012/09/120919-7.jsp