Authentication Governance Superbadge Unit

What is Salesforce testing in this Superbadge?

According to Trailhead:

• Audit SSO and MFA Users
• Build Authentication Reports and Dashboards
• Customize a flow

The Concept tested in this Superbadge:

• Authentication Governance

You need to create a new Trailhead Playground for this Superbadge! The new Dev Org includes the “User Access & Permission Assistant” which you will find in the App Launcher by typing in “User”. The new Dev Org needs to be connected to your Trailhead Profile.

Users, Roles, and Profiles and the Authentification they have to use:

User	Role	Profile	Authentication requirement	Activ?
[Admin]	SFAdmin	System Administrator	none	A
User, Security	–	Analytics Cloud Security	SSO	A
Chatter Expert		Chatter Free User	SSO	A
A,Aiyaz	Customer Support, North America	Standard Plattform User	SSO	A
B,Rachel	Customer Support, International	Standard Plattform User	SSO	A
Campfire, Carla	–	Break Glass Admin	Salesforce MFA	A
User, Integration	–	Analytics Cloud Integration User	SSO	A
R,Oliver	Installation & Repair Service	Standard User	SSO
M,Becca	VP, Marketing	Standard User	SSO
G,Robin	SVP,Customer Service & Support	Standard User	SSO
P,Daniel	Director, Direct Sales	Custom, Sales Profile	SSO
Fractour,Cristal	–	Break Glass Admin	Salesforce MFA

I wrote on my Notepad the Role Hierarchy, but this information was not necessary. Also, I did not need to use the User & Access Permission Assistant but it is a nice App, I would consider using it in my Org taking the active Users in the Org into consideration.

User Authentication Reports to create

Report Name	Description
Login Attempts by Status	All login attempts grouped by login status
Failed Login Attempts by User	All unsuccessful login attempts grouped by username and login status
Verification Challenges by Method	All identity verification challenges grouped by method and status
Logins without SSO and MFA	All successful login attempts where login type does not include SSO and (Identity Verification) Method is blank; grouped by username and login type

Reports should show All Users and Logins from the last 30 Days. Don’t forget to hide the Report details.
I created a failed login attempt for the 2nd report with one of the Break Glass Admins to have a reference for the report. Do not get discouraged if the report you create is empty!

The Flow task is pretty straightforward. The explanation where to put the information and where to create the Login Flows is in the sentence. You do not have to test the flow with the Standard and Custom: Sales Profile before checking.

The Trailhead Help contains all the information you need to be successful. Good luck with this Superbadge! You can do it!

The Salesforce Security Superbadge – Requirements & User Stories

Have you started to learn about Salesforce, made your way through Trailhead and now look at this Superbadge?

Have you just managed all the other Superbadges which are now required before you tackle this one?

But do not quite know where and how to start?

Following Jeffrey Alhadeff YouTube Video about the Superbadge, I have drawn out UserStories and talk about some of the challenges! Sorry, you won’t find solutions here though!

What the Salesforce Security Superbadge is about

According to Trailhead, GenZ Capital security has to meet the OldGuard requirements and you as the Salesforce Admin are the go-to person!

Here is the Organisational Chart for GenZ:

Pay attention to the Organisational Chart, it is important for the setup of the GenZ Capital Users.

The Challenge as table:

	ORG wide	Executive	Inside Sales	Field Sales	Project Manager**
Login	PW reset every 90 days PW 8 characters include alpha and numeric characters	mobile access on demand no hour restriction	access via IP 0.0.0.0 between 8:00am and 6:00pm no mobile access	mobile access on demand no hour restriction	mobile access on demand name security property “Project Managers”
Accounts	access for anyone (if profile allows it)	View all	View, create, edit all (no delete)	read, edit all*
Opportunity	access to their own & manager	View all	View, create, edit all (no delete)*	read, create, and edit their own (but not delete)	view all if Type = “Existing Customer & Upgrade” and Stage = “Closed Won”
list view/folders		create / not create or manage for others	create, manage for them and others	create / not create, manage for others
reports/dashboards		create R&D, not folders	create, create & manage folders	create / but not create or manage folders

*do not use View all, Modify All

**do not use Profile to set record level permission, do not use Role for sharing records

GenZ Capital User Stories

I have started the habit of writing User Stories for the Superbadges and in general, for the Dev Orgs, I am creating. It helps to get into the right mindset and keep track of the tasks and keep an eye on the Acceptance criteria, especially if you set up your own Salesforce Dev Org. I will write more about User Stories [later here]