Superbadges
Authentication Governance Superbadge Unit
What is Salesforce testing in this Superbadge?
According to Trailhead:
- Audit SSO and MFA Users
- Build Authentication Reports and Dashboards
- Customize a flow
The Concept tested in this Superbadge:
- Authentication Governance
You need to create a new Trailhead Playground for this Superbadge! The new Dev Org includes the “User Access & Permission Assistant” which you will find in the App Launcher by typing in “User”. The new Dev Org needs to be connected to your Trailhead Profile.
Users, Roles, and Profiles and the Authentification they have to use:
| User | Role | Profile | Authentication requirement | Activ? |
|---|---|---|---|---|
| [Admin] | SFAdmin | System Administrator | none | A |
| User, Security | – | Analytics Cloud Security | SSO | A |
| Chatter Expert | Chatter Free User | SSO | A | |
| A,Aiyaz | Customer Support, North America | Standard Plattform User | SSO | A |
| B,Rachel | Customer Support, International | Standard Plattform User | SSO | A |
| Campfire, Carla | – | Break Glass Admin | Salesforce MFA | A |
| User, Integration | – | Analytics Cloud Integration User | SSO | A |
| R,Oliver | Installation & Repair Service | Standard User | SSO | |
| M,Becca | VP, Marketing | Standard User | SSO | |
| G,Robin | SVP,Customer Service & Support | Standard User | SSO | |
| P,Daniel | Director, Direct Sales | Custom, Sales Profile | SSO | |
| Fractour,Cristal | – | Break Glass Admin | Salesforce MFA |
I wrote on my Notepad the Role Hierarchy, but this information was not necessary. Also, I did not need to use the User & Access Permission Assistant but it is a nice App, I would consider using it in my Org taking the active Users in the Org into consideration.
User Authentication Reports to create
| Report Name | Description |
|---|---|
| Login Attempts by Status | All login attempts grouped by login status |
| Failed Login Attempts by User | All unsuccessful login attempts grouped by username and login status |
| Verification Challenges by Method | All identity verification challenges grouped by method and status |
| Logins without SSO and MFA | All successful login attempts where login type does not include SSO and (Identity Verification) Method is blank; grouped by username and login type |
Reports should show All Users and Logins from the last 30 Days. Don’t forget to hide the Report details.
I created a failed login attempt for the 2nd report with one of the Break Glass Admins to have a reference for the report. Do not get discouraged if the report you create is empty!
The Flow task is pretty straightforward. The explanation where to put the information and where to create the Login Flows is in the sentence. You do not have to test the flow with the Standard and Custom: Sales Profile before checking.
The Trailhead Help contains all the information you need to be successful. Good luck with this Superbadge! You can do it!
