Hey Trailblazer, we are here to guide you in earning the Security Specialist Superbadge. The first step to move ahead is clearing the User Authentication Specialist Superbadge. The second step is clearing the Security Governance Specialist Superbadge.In this, you will have to clear the Authentication Governance Superbadge Unit. First, you must pass the User Authentication to achieve this badge. I will help you figure out each challenge and how to clear it.
This blog consists of all three challenges of User Authentication Troubleshooting Superbadge Unit
Audit SSO and MFA Users
Build Authentication Monitoring Report
Configure Concurrent Session Email Action
Every challenge has an outcome and hints at how to achieve it. It also consists of solving these errors, ”Challenge Not yet complete... here's what's wrong: We can't find the 'MFA_Authorization_Required’ permission set assigned to the expected user(s). Be sure to review all users, active and inactive.”, “Challenge Not yet complete... here's what's wrong: We can't find the 'Single_Sign_On’ permission set assigned to the expected users.” , ”Challenge Not yet complete... here's what's wrong: We can't find the expected report named ‘Login Attempts by Status. Make sure there are only one ‘Login Attempts by Status’ report and it’s in the correct folder and has a description.”. “Challenge Not yet complete... here's what's wrong: We can't find the expected report named ‘Failed Login Attempts by User’. Make sure there is only one ‘Failed Login Attempts by User’ report and it’s in the correct folder and has a description.”, “Challenge Not yet complete... here's what's wrong: We can't find the expected user report named ‘Verification Challenges by Method’.Make sure there is only one ‘Verification Challenges by Method’ report and it’s in the correct folder and has a description.” , “Challenge Not yet complete... here's what's wrong: We can't find the expected report named ‘Logins without SSO and MFA’. Make sure there is only one ‘Logins without SSO and MFA’ report and it’s in the correct folder and has a description.”, “Challenge Not yet complete... here's what's wrong: We can't find the ‘AlertAdmins' send email action in the ‘Concurrent_User_Authentication_Login_Flow’ flow or it's not configured as expected.” and “Challenge Not yet complete... here's what's wrong: We can't find the ‘Standard User - Concurrent User Authentication Login Flow’ login flow with the expected configurations.”
Challenges 1: Audit SSO and MFA Users
Review company policies related to SSO and MFA, audit users, and make the necessary adjustments to user permissions.
If you are getting the above error then you have to follow the below steps to be on track.
Step-1: Navigate to the permission set from setup in your developer org and find the permission set with the name ‘MFA Authorization Required’
Step-2: Assign the user to the permission set having the profile name ‘Break Glass Administrator’.
If you are getting the above error you are on the right track just need to do a few steps.
Step 1: Navigate to the permission set from setup in your developer org and find the permission set with the name ‘Single Sign-On’.
Step 2: Assign the users to the permission set having all the profiles except ‘Break Glass Administrator’ and except your user as specified in the Business requirement.
Now check the challenge you are done now with the first challenge…
Challenges 2: Build Authentication Monitoring Reports
Build the authentication monitoring reports according to the specifications outlined in the requirements.
In this challenge you need to keep the following points in mind :
First, create a separate report folder named ‘User Authentication Reports’
You have to create multiple Reports on the user and add all the reports in the above-specified folder.
Users' login history of ‘Last 30 days’ only.
Navigate to Reports → Click on New Folder → Create folder name with ‘User Authentication Reports’.
If you are getting any of the above errors then you need to include something just follow the below steps to complete this challenge without any error.
Step 1: Navigate to Reports → click on New Report → In the search box search for ‘user’ → select user and click on ‘Start Report’
Step 2: Click on Filter (at the top right beside Outline) then click on the Last login and select Range ‘Last 30 Days’ from the dropdown and click on Apply.
Step 3: Then select View and select ‘All Users’ from the drop-down and click on Apply.
Step 4: Then click on the Outline tab beside the Filters tab and in the GROUP ROWS select ‘Login Status’ based on that we have to group by the records and remove the unwanted column just keep Last Login and disable all the below Details Row, Sub Totals, Grand Total to make the report more fine.
Step 5: Just save the report, provide the name ‘Login Attempts by Status’ and Report description as ‘All login attempts grouped by login status’, and click on Select Folder, search the folder you made add this report to the Folder ‘User Authentication Reports’ and click on save.
Step 6: Now you have to create a Second report. Again repeat Step 1, Step 2, Step 3, and Step 4 now add one more Filter. In the Add filter search box search ‘Login Status’ choose the operator ‘not equal to’ and write Success in the below input field.
Step 7: Then click on the Outline tab beside the Filters tab and in the GROUP ROWS select ‘Login Status’ and Username based on that we have to group by the records and remove the unwanted columns just keep Last Login and disable all the below Details Row, Sub Totals, Grand Total to make the report finer.
Step 8: Just save the report, provide the name ‘Failed Login Attempts by User’ and report description as ‘All unsuccessful login attempts grouped by username and login status’ and click on Select Folder and search the folder you made add this report to the Folder ‘User Authentication Reports’ and click on save same as we do in Step 5.
Step 9: Now create a third report and repeat the same steps till Step 4. This time in the Outline tab add two different GROUP ROWS: Method and Status. Repeat step 4 to make the report more fine. Then save the report with the name ‘Verification Challenges by Method’ and the Report description as ‘All identity verification challenges grouped by method and status’ Add this report to the Folder ‘User Authentication Reports’ and click on save as we do in Step 5.
Now check the Challenge. You have completed the Second Challenge also.
Challenges 3:Configure Concurrent Session Email Action
Modify the existing Concurrent User Authentication Login Flow with an action that sends an email every time a concurrent session is blocked. Ensure the activated flow is triggered by login flows for those with the Standard User and the Custom: Sales Profile profiles.
If you are getting the above error while checking the challenge you might miss some steps just follow the below steps to overcome it.
Step 1: Navigate to the Setup → search flow → open the flow name ‘Concurrent User Authentication Login Flow’. Open the flow.
Step 2: Drag and drop an Action Element in the flow free-form Select Email and then click on the Action Search Box and select Send Email on Label put ‘AlertAdmins’ and enable Body and put value ‘{!EmailBody}’, enable Subject and put value ‘{!EmailSubject}’, enable Recipient Address List and put ‘Security@CloudNineCreditLines.example.com’.
Step 3: Delete the connected node between the Decision Login element and Block Screen Element and drag the Decision Login element node to the newly created AlertAdmin Action Element. Connect AlertAdmin Action Element to the Block Screen Element so that after triggering the Email for Block condition it shows an error message through Screen Element.
Still getting the above error Just check the below steps to complete the third Challenge. Just a few steps ahead.
Step 1: Navigate to setup → Search Login Flows → Click on New → Select Type as Flow
Give Name ‘Standard User - Concurrent User Authentication Login Flow’
Select Flow as Concurrent_User_Authentication_Login_Flow, select user License as Salesforce and Profile ‘Standard User’ and Save so, Login Flow is assigned to the Users with Standard User Profile
Step 2 : Again Create a new Login Flow Give Name ‘Sales Profile - Concurrent User Authentication Login Flow’ Select Flow as Concurrent_User_Authentication_ Login_Flow, select user License as Salesforce and Profile ‘Custom: Sales Profile’ and Save so, Login Flow is assigned to the Users with Custom: Sales Profile Profile.
Now check the last challenge, you have completed all your superbadge.Congratulations!
Thank You! Please leave a comment to help me understand how the blog helped you. If you need further assistance, please contact us. You can click "Reach Us" on the website and share the issue with me.
Blog Credit:
Team Avenoir
Avenoir Technologies Pvt. Ltd.
Reach us: team@avenoir.ai
Are you in need of Salesforce Developers?
Reach Us Now!