HomeProductsDocsPlayground
Fundamentals
Authentication
Authorization
Session Management
Profile Management
Logout
Branding
Custom domain
Login
Consent
MFA
Authentication
CYM-Identity allows your applications to delegate or outsource the user authentication process to Salesforce Identity. Meaning you'll no longer have to maintain the authentication flows (username/email/phone, password/biometrics, ...) for each of your apps
CYM-Identity supports browser-based redirect flows: Your users are required to visit your community website to complete the authentication.
Below is a simple diagram which shows the interactions
Authentication DelegationAuthentication Delegation
CYM-Identity plays a role of an intermediary between your applications and your Salesforce Identity or your Community login experience. CYM-Identity follows a well established standard : OpenID Connect

Authenticating Users

One of the benefits is that you reuse 100% of your existing investment in your community's login experience.
  1. If you have already deployed a passwordless solution, you'll continue to use it.
  2. If you have deployed Login flows, you'll continue to use them as well.
  3. If you have a branded login experience, you'll continue to use it.
If you are just starting, learn how you can customize your community login experience

Single Sign On

Single Sign On is a property of the authentication scheme implemented whereby a user will authenticate once, and gain access to multiple applications without re-entering her credentials - provided other security policies allow it.
By looking at this definition, you'll notice a few important points :
  1. SSO only applies when two or more applications are accessed by the user. If you have only one application, there's no SSO. It's a standalone authentication.
  2. In an SSO scenario, a user will not have to authenticate more than once. This is the main benefit, SSO provides a much better user experience.
  3. Even with SSO in place, you can have other policies which will require the user to authenticate. (max_age or prompt=login are OpenID Connect request parameters which could trigger a user re-authentication)
Without Single Sign On
Password hell experiencePassword hell experience
With Single Sign On
Single Sign On experienceSingle Sign On experience
There are multiple ways to implement Single Sign On, CYM-Identity supports Delegated Authentication.

One User Profile Everywhere

CYM-Identity allows you to share your user profile information across your applications. All user claims are centralized within your Salesforce Org and shared, whenever required, to other applications.
Unified ProfileUnified Profile

Products

AuthenticationMultifactor AuthenticationBrandingApplication ManagementAPI Management

Documentation

FundamentalsGuidesDevelopObject ReferenceClass Reference