Conquering Salesforce IAM - First Steps

Identity & Access Management (IAM). The three most dreaded words for any beginning Salesforce admin, developer or architect. It’s one of the most difficult topics to grasp in the famous Technical Architect pyramid. At least it was for me when I started my journey to CTA in 2017. I realised I had no experience or knowledge about this topic.

It’s only 5 years ago, but things looked very different. There was no Architect Relations team creating detailed data models, design templates, etc… The only official resource were the Salesforce help pages. I took this as a challenge to myself, to deep-dive where needed and research when I couldn’t find it.

Conquering Salesforce IAM - First Steps, by Nicolas Vanden Bossche

Introduction

In the end, I found a few like-minded people who were also looking for answers. The Trailblazer Community came to my rescue. After a tireless back-and-forth I finally had answers to (almost) all of my questions. Since then, the learning never stopped. Whenever I see an article, blog post or video related to IAM, I dive into it to absorb more knowledge.

Absorbing knowledge is useful for 2 purposes. First to apply knowledge and second to share knowledge. Now the time has come to share my knowledge. This post is the first of a series. We’ll take a journey together by taking small, sizeable steps into the world of Salesforce IAM.

Why

There are many amazing IAM resources out there. Some examples are the CloudSundial Identity site or the Apex Hours series on IAM. It’s where I’ve gotten my own deep technical knowledge and I still reference them frequently. So why am I creating another IAM series? Good question, I’m glad you asked!

  1. I want to make the daunting IAM topic approachable to a wider audience. The idea is that you’ll be able to jump in with limited knowledge about the security space. No initial hurdles to jump over.

  2. It helped me personally to understand the attacker’s point of view. This way I didn’t only know which security measures I was putting in place, but also which attacks it was preventing at every step of the way. I want to bring the attacker’s angle to this series.

  3. It fills a gap. A long-format, written text has a certain beauty to it. It can be easily referenced. It tells a story. There aren’t many stories like that about this topic.

That’s a lot to live up to. I’ll do my best to make it, and I hope you’ll be here reading along with me.

Next Episode

In the next episode, we’ll talk about the mind of the attacker. Which attacks exist in the security space, and which of those are specific to Salesforce?

Don’t want to miss it? Follow me on LinkedIn for my latest content.

Posts in this Series

salesforceiamidentity