Today salesforce.com unveiled its entrance into the identity market, with a set of identity capabilities, and the market may never be the same. Salesforce.com’s identity capabilities include a federation identity and service provider as well as some user provisioning services. These capabilities use the existing Salesforce user store (and associated schema) as its identity repository that can then be referenced and leveraged via the other identity services. Furthermore, these identity services are not just available in classic salesforce.com, but in Force.com and Heroku applications as well.
You’re likely asking, “Federation and user provisioning – how is that a glimpse of the future?” Taken in isolation, you are right; federation and user provisioning aren’t futuristic or anything special to crow about. But the crucial thing to note is that salesforce.com isn’t thinking about identity in isolation, and isn’t deploying identity in isolation. Salesforce.com isn’t offering identity by itself but instead offering identity within the context of PaaS, delivered, managed, and licensed as such. Become a Salesforce customer and you get identity, not as a side dish added in for free, but something baked right into the applications. It is also crucial to note that salesforce.com went well beyond just integrating its own bits, but instead is offering identity services to help integrate and manage non-Salesforce services and identities.
These identity services, with undoubtedly more to come, are woven into not only crucial business applications (like CRM) but into salesforce.com’s PaaS infrastructure. Identity just happens! This is the future of identity services. Identity gets delivered in the context of something the business and IT as a whole cares about.
From a market perspective, this is a huge deal. Cloud-delivered federation and web SSO providers are going to feel salesforce.com’s presence in a major way. New market battlelines are being drawn. The old fight between identity suite vendors will give way to the new fights between salesforce.com, Microsoft Office365 + Azure, and Oracle Public Cloud. This changes the balance of the identity ecosystem and it is too early to tell how smaller identity vendors will fit in this coming world.
I know full well that an announcement does not happily deployed customer make, and salesforce.com will have to prove to the market it can deliver all of this magically identity goodness. But I will give them credit for taking a standards-based approach by not only supporting SAML 1.1 and 2.0 but also OAuth, OpenID Connect, and SCIM. Not only does standards support facilitate identity services, they also will make integrating Salesforce Identity to your identity bridge and on-premise identity infrastructure far easier than if salesforce.com took a proprietary approach. Furthermore, as our upcoming “2013 Planning for Identity and Privacy” will point out, this sort of delivery of identity services can only happen when those services are standards based.
If announcements like this are any indicate, next 18 months are shaping up to be some of the most interesting in the history of identity management.