Hey Trailblazer, we are here to guide you in earning the Security Specialist Superbadge. The first step to move ahead is clearing the User Authentication Specialist Superbadge. It consists of mini super-badges, the first being the User Authentication Settings Superbadge Unit and the second being the Multi-Factor Authentication and Single Sign-On Settings Superbadge Unit. First, you must pass the User Authentication to achieve this badge. I will help you figure out each challenge and how to clear it.
These users play important roles in our testing:
Murphy Jean - SSO Testing
Brochan Pane - "Break Glass" Administrator Testing
This blog consists of all four challenges of the Multi-Factor Authentication and Single Sign-On Settings Superbadge include:
Single Sign-On User Configuration
SAML Configuration and Testing
Multi-Factor Authentication
Lightning Login and Salesforce Authenticator App
Every challenge has an outcome and hints at how to achieve it. It also consists of solving these errors, ”Challenge Not yet complete... Here's what's wrong: We can't see that you were able to successfully test login via single sign-on using the Axiom Heroku web app.”, “Challenge Not yet complete... here's what's wrong: We can't see that you were able to successfully test your Lightning Login configuration for Brochan Pane”
Challenge 1: Single Sign-On User Configuration
Our first challenge revolves around setting up Single Sign-On for "SSO User," who, in this case, is Murphy Jean. To get started, you'll need to assign a Federation ID to Murphy Jean. Provide a unique Federation ID, for instance, "Murphy@Jean,". Save your changes.
The next step involves creating a permission set. Before doing so, go to the "Single Sign-On Settings" and ensure that you enable and select the necessary checkbox before saving your settings.
Now, let's proceed to create a Single Sign-On setting. Click "New" and follow the steps outlined in the table.
Please note that you will need these settings in the subsequent steps. Create a permission set by the name 'Single Sign-On ‘'. Click on 'Save.'
Now, we have to enable one setting of permission from here. So, scroll to the bottom. Find a 'System Permission' option and click on this. It will give you the list of all the permissions that are there. We have to enable Single Sign-On as below.
If you are getting the above error, correct the Single Sign-On Settings
Now we have to assign this permission set to the SSO users we have for testing. Click on the 'Manage Assignment' button. Click on 'Add Assignment.' Now, choose 'Murphy Jean’ and click on 'Assign.'
Next in 'My Domain settings' under the 'Policy' section, you need to check this option to prevent login from ‘https://login.salesforce.com/ ‘ and under the 'Authentication Configuration' section select the checkboxes with 'Axiom SSO Test.' Just save your changes."
"Return to the Axiom web app. If you don't already have the app open in a browser window, you can access it at https://axiomsso.herokuapp.com.
1. Click on 'SAML Identity Provider & Tester.'
2. Then, click on 'Generate a SAML Response.'
3. Enter the following values, and leave the other fields as they are:
Just click on 'Request Sample Response.' Click on 'Login.' If everything works fine, we should be able to log in. Let's click on 'Login' and proceed further. So, we have successfully logged into Salesforce. There you go; the first challenge has been passed.
Challenge 2: SAML Configuration and Testing
This SAML configuration and testing should also pass post doing the first challenge. Click on this 'Check Challenge' button. Hey, it also passed
Challenge 3: Multi-Factor Authentication
Now I will launch my Trailhead playground because I want to log in as a system admin, not 'Jean Murphy.'
1. Create a new permission set named 'MFA Authorization for Break Glass Admin' and assign it to 'Brochan Pane.'
2. Enable 'Multi-Factor Authentication for User Interface logins' in 'System Permissions.'
Challenge 4: Lightning Login and Salesforce Authenticator App
Here are steps and instructions related to setting up permissions, multi-factor authentication, and Salesforce Authenticator.
"Here are the key steps you need to follow:
1. Create a permission set named 'Lightning Login' for the user.
2. Enable 'Lightning Login User' in the system settings.
3. Assign the 'Lightning Login user' permission set to the user 'Brochan Pane.' Log in as 'Brochan Pane' and test multi-factor authentication.
4. Once you have created the permission set and enabled Lightning Login, you must set up the Salesforce Authenticator app on your mobile device.
After installing the app, follow its prompts to link your Salesforce account. You'll receive a notification on your mobile device and be asked to click on the 'Next' button. On your mobile, you'll get a confirmation that the account has been added, indicating that multi-factor authentication is set up.
5. Test Multi-Factor Authentication: Now, log out of the current session, and login again as 'Brochan Pane.' When you enter your credentials and click 'Login,' you'll receive a notification on your mobile device. This notification confirms that you have successfully set up multi-factor authentication. Click on the 'Approve' button on your mobile to complete the login process.
6. Enroll in Lightning Login: The final step is to enroll in 'Lightning Login.' Click on the 'Enroll' button. A notification will be sent to your mobile device. Click 'Approve' on your mobile to complete the enrollment. This will allow you to access your account without providing a password.
If you are getting the below error, do sign in without a password as mentioned below
To use Lightning Login, you don't need to enter a password. Enter your username in the designated text area and blank the password field. After pasting your username, click on the 'Login' button and you will get a notification on the phone to approve this once that is done This will complete the login process without the need for a password.
Congratulations! You have earned this badge. If you are still stuck in the challenge and require assistance, please leave a comment or contact us at Reach us. You can click on "Reach Us" on the website and share the error you are stuck with.
Blog Credit:
Team Avenoir
Avenoir Technologies Pvt. Ltd.
Reach us: team@avenoir.ai
Are you in need of Salesforce Developers?
Reach Us Now!