As the number of Salesforce user accounts increases within your organization, managing those accounts becomes a challenge. This adds mundane password management tasks to the IT help desk’s plate, steering their focus away from more critical tasks. Synchronizing passwords between Active Directory and Salesforce is a good way to avoid this issue, you just need to find the right application to do it.
Luckily, password synchronization seldom requires additional infrastructure and is easy to configure. With a multitude of applications that enable this synchronization, you should look for a solution with options to:
- Restrict access based on organizational unit and group memberships.
- Decide which password change or reset operations will be synchronized for each user.
- Change or reset passwords based on verification of successful password change from Active Directory.
- Link accounts based on certain attributes.
Organizational and group-based restrictive access
You should be able to decide which user accounts can synchronize their Active Directory passwords with their Salesforce account. For example, you may want to enable employees from the sales organizational unit (OU) to synchronize with Salesforce, but disabled this option for an OU with temporary employees or interns. This way, you can avoid unnecessary synchronization processes from using up your network’s bandwidth.
A provision for users to decide which actions will be synchronized with Salesforce
End users should have the option to choosewhich of their password change or reset operations are synchronized with Salesforce. For example, there’s no point in synchronizing a password change to Salesforce if the user is merely testing a functionality. By providing users with this choice, you can cut down on redundant synchronizations and save network resources.
An option to commit password changes or password resets based on Active Directory
Having different passwords across Active Directory and Salesforce defeats the purpose of using a password synchronization solution itself. A user’s password change and reset operations should be synchronized with Salesforce only if the operation succeeds in Active Directory, thereby maintaining consistent credentials between the two accounts. Administrators should retain control over this setting as passwords may be changed for any trial purpose.
A choice to link accounts based on certain attributes
To better integrate password synchronization with Salesforce, administrators should be able to chose how accounts link between Active Directory and Salesforce. Each organization’s IT policy is unique and may favor different attributes for linking; this is why you should be able to choose the linking attribute you deem fit.
ADSelfService Plus is a web-based, end user identity management tool that supports real-time password synchronization with Salesforce. The entire process of password synchronization between Active Directory and Salesforce is easy and takes less than 30 seconds.
To learn more, click here.
Want to see this product in action? Download a free 30-day trial now.