Gartner Blog Network

A glimpse of the future: Salesforce Identity

by Ian Glazer  |  September 19, 2012  |  8 Comments

Today unveiled its entrance into the identity market, with a set of identity capabilities, and the market may never be the same.’s identity capabilities include a federation identity and service provider as well as some user provisioning services. These capabilities use the existing Salesforce user store (and associated schema) as its identity repository that can then be referenced and leveraged via the other identity services.  Furthermore, these identity services are not just available in classic, but in and Heroku applications as well.

You’re likely asking, “Federation and user provisioning – how is that a glimpse of the future?” Taken in isolation, you are right; federation and user provisioning aren’t futuristic or anything special to crow about. But the crucial thing to note is that isn’t thinking about identity in isolation, and isn’t deploying identity in isolation. isn’t offering identity by itself but instead offering identity within the context of PaaS, delivered, managed, and licensed as such. Become a Salesforce customer and you get identity, not as a side dish added in for free, but something baked right into the applications. It is also crucial to note that went well beyond just integrating its own bits, but instead is offering identity services to help integrate and manage non-Salesforce services and identities.

These identity services, with undoubtedly more to come, are woven into not only crucial business applications (like CRM) but into’s PaaS infrastructure. Identity just happens! This is the future of identity services. Identity gets delivered in the context of something the business and IT as a whole cares about.

From a market perspective, this is a huge deal. Cloud-delivered federation and web SSO providers are going to feel’s presence in a major way. New market battlelines are being drawn. The old fight between identity suite vendors will give way to the new fights between, Microsoft Office365 + Azure, and Oracle Public Cloud. This changes the balance of the identity ecosystem and it is too early to tell how smaller identity vendors will fit in this coming world.

I know full well that an announcement does not happily deployed customer make, and will have to prove to the market it can deliver all of this magically identity goodness. But I will give them credit for taking a standards-based approach by not only supporting SAML 1.1 and 2.0 but also OAuth, OpenID Connect, and SCIM. Not only does standards support facilitate identity services, they also will make integrating Salesforce Identity to your identity bridge and on-premise identity infrastructure far easier than if took a proprietary approach. Furthermore, as our upcoming “2013 Planning for Identity and Privacy” will point out, this sort of delivery of identity services can only happen when those services are standards based.

If announcements like this are any indicate, next 18 months are shaping up to be some of the most interesting in the history of identity management.

Category: cloud  federated-identity  federation  iam  identity-management-market  

Tags: df12  dreamforce  iam  

Ian Glazer
Research Vice President and Agenda Manager
4 years at Gartner
16 years IT industry

Ian Glazer is a research vice president and agenda manager on the Identity and Privacy Strategies team. He leads IdPS' coverage for authorization and privacy. Topics within these two main areas include externalized authorization management, XACML, federated authorization, privacy by design, and privacy programs. Read Full Bio

Thoughts on A glimpse of the future: Salesforce Identity

  1. Curious to see how SF manages enterprise demand for this. Our preference is to use SSO against our IdP vs. theirs. Given how differently we treat our sales force, however, I could see a business case for having a separate SF identity and let SCIM manage the provisioning events if the offering is as robust as it sounds.

  2. Ian Glazer says:

    I think your pattern you describe is pretty common. But using Salesforce’s IdP to do onward SSO to things like Concur for your sales team might be a fairly compelling pattern as well. I’ll be curious to see how much just-in-time provisioning SF will be able to do.

  3. Roland Tepp says:

    Its good to see a big business like SalesForce seeing the bigger picture in the federated services.

    Let’s hope they pull it off and can show the general business world what the potential business value of such services can be.

    (I do have a painful memory of few years back when I tried to sell the idea of using federated identity to a business people building a SaaS platform and basically banging my head against the brick wall of misunderstanding)

  4. […] forward to 2012 (has it taken THIS LONG?). Yesterday, announced their Identity offering. And, for whatever reason, something clicked for me. I’ve spent the last six years digging […]

  5. Any mention of strong authentication in the mix? It seems weird to have everyone talk about consolidating identity without addressing the vulnerability of relying on username / password-based authentication…

  6. Ian Glazer says:

    I believe I saw otp and oob SMS mechanisms, but I need to dig and confirm

  7. Hmm, I’m wondering if that conversation might not go a little something like:

    Wonk: “Hey, let’s put all our stuff in the cloud behind a single sign-on system to simplify access and drive down costs.”

    Security/compliance guy: “And what about protecting it from malicious access?”

    Wonk: “Uh, well, we could deploy expensive hardware tokens, mobile phone apps (assuming people’s phones support them – not everyone has an iPhone or Android), or slow, failure-prone OOB SMS?”

  8. *Sound of trapdoor opening under Wonk’s feet*

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.