Using non-Salesforce credentials to get into Salesforce
This scenario can be simplified like this: A user already has a username + password combination stored in another system. The user wants to log into Salesforce using that existing username and password, instead of maintaining a separate username and password that's used only to log into Salesforce.
To achieve this, Salesforce allows:
- Delegated Authentication
- Federated Authentication using SAML 2.0
- External authentication providers: Facebook, Google, Janrain, LinkedIn, Microsoft Access Control Service, another Salesforce org, Twitter, any service provider who implements the OpenID Connect protocol
Using Salesforce credentials to get into another app
This scenario can be simplified like this: A user is already logged into Salesforce. The user wants to launch another app without having to authenticate again. Instead, the other app should recognize the user and respond accordingly, based on the the user's Salesforce session.
To facilitate this, Salesforce offers:
Closing thoughts
A company can mix the two approaches above, so that Salesforce becomes an intermediate link in a chain that allows access to a third-party app using credentials maintained in a non-Salesforce system.
