Just Another Dang Blog

Just passed my last required certification which is the Identity and Access Management Designer to finally become Salesforce Certified System Architect. What a journey and accomplishment. My study method seems to be working and would like to share my methods and notes.

The method :
At the start of the 2nd part of thIs year(2018) I made a goal to start the Technical Architect journey and get certified every month . The method I’ve been doing is really easy, I book a date one month in advance and spend at least an hour or two reading the materials I need. I use a technique called Pomodoro using an online tool kanbanflow.com and concentrate on learning a concept. I try to do this at least everyday either before bed or if I missed it for that evening I try to get up early in the morning. So far this has worked great for me as this made me consistent.

Exam takeaways
Now about the Identity and Access Management exam. This is like the rest of the exam which is 60 + 5 extra multiple choice question. You are given 120 minutes and passing is 65%.
Honestly this was a hard exam. Best if you have done implementation of it. I wasn’t that confident I would pass the exam when I hit the Submit button.

Trailhead: Identity and Access Management Designer
Go over this trialmix and nail down it to 100%. – https://trailhead.salesforce.com/users/00550000006yDdKAAU/trailmixes/architect-identity-and-access-management

On this tutorial. I’ll walk through to the steps needed to setup Social Single Sign On with LinkedIn to Salesforce.

Do the following Salesforce steps first then we run over next LinkedIn steps.

Login to Salesforce and go to Setup and search for Auth Provider

When creating an Auth Provider – you can have Salesforce auto manage the values for a Auth Provider.

• • Select the Provider and Provide Name and URL Suffix
    
  • On the Registration Handler section click on Automatically create a registration handler template – you would need to edit this later
    
  • Hit Save.
  • Create an Account, then make sure the Account Owner has a role assigned
  • Next, let’s edit the AccountHandler auto generated for us.
  • You can grab the code from github and replace the handler – https://github.com/olopsman/salesforce-identity-registration-handler/blob/master/RegistrationHandlerTemplate
  • Update the following Constants to match your org and Community Profile name

private static final String ORG_SUFFIX = '.sso.dang.org';
private static final String DEFAULT_ACCOUNTNAME = 'Dang Channel';
private static final String EXTERNAL_USER_PROFILE = 'Customer Community User';

• Next go to Communities Setup and for members grant the profile access to the community
  
• Next to to Login and Registration and enable the LinkedIn or social sign on platform you want to configure.
  
• Then finally copy the community URL

Next would be to create an application in your Social account LinkedIn. The steps would be similar for other like Google, Twitter and Facebook. Go developer.linkedin.com and create an App.

Give your name and app and fill in the required fields. Paste the community URL to the website URL so after authentication it knows where to redirect the page.

Note: you will notice that creating an app also creates a consumer key and secret, since we left these values blank in Salesforce as this was auto managed for us. You can copy the consumer key and secret to the Auth Provider section if you want to override this.

Go to your community URL and you should see LinkedIn option to login. Click on that to login to LinkedIn and authorize Salesforce to access your info. After authorization you would be redirected back to the community logged in. And bedind the scenes you have been created as a contact and user in Salesforce.

I learned the different methods to provision external users in Salesforce.

* You can create Customers and Partners

* depending on account type you can create certain users
* personaccount and contact – customers
* account – partner/customer
* Account owner must have a role
* You can manually create contact and enable as customer or partner
* Partners have roles when enabled
* You can self register

* assign the profile in setup or
* assign in the selfregister code this overrides the setup
* assign the role
* assign the account
* You can sign up via API using the following methods

* createPortalUser
* createPersonAccountPortalUser
* Social sign on to provision a user –
* You can Just in time provision using SAML

* combine saml with more attributes and SSO to provision a user
* SAML Subject NameId as the Federation ID
* does not work for PersonAccount
* Contact email must be unique accross all even none external users
* account name and number must be unique or causes duplicate error
* Data loader
* Bulk Provisioning via API

* use same api methods – can you pass bulk here? api limits apply
* Identity Connect with Active Directory

https://developer.salesforce.com/blogs/developer-relations/2014/06/how-to-provision-salesforce-communities-users.html

So wanted to do this for some time now and got the chance to do this now as I wanted to share something new everyday.

Let’s Encrypt is a free, automated and open Certificate Authority. Today I learned it was not straight forward to install.

I first tried to add the ppa certbot and when I tried to install python certbot app I got errors on dependencies. I then tried certbot-auto script which was successful but my site was still not showing as being secured by SSL.

Finally the following worked for me.

Here are the steps to install the SSL
Login to shell on your google cloud instance
ssh -i xx_gca key bitnami@ipaddress

Change directory
cd /tmp

Run the following command – replace the version with the latest version from github

curl -s https://api.github.com/repos/xenolf/lego/releases/latest | grep browser_download_url | grep linux_amd64 | cut -d '"' -f 4 | wget -i - tar xf lego_v1.0.1_linux_amd64.tar.gz

Untar the file
tar xf lego_v1.0.1_linux_amd64.tar.gz

Make the lego executable by copying to the binary directory

sudo mv lego /usr/local/bin/lego

Stop your server
sudo /opt/bitnami/ctlscript.sh stop

Run the lego client
sudo lego --email="youremail@domain.com" --domains="yourdomain.com" --domains="www.yourdomain.com" --path="/etc/lego" run

Backup your existing certificates by renaming them
mv server.key server.key.2018

Copy the server certficates from /etc/lego/certificate to /opt/bitnami/apache2/conf

Change directory and go to
cd /opt/bitnami/apps/wordpress/conf

Edit the following httpd-app.conf file
sudo vi httpd-app.conf

Add the following conditions and rule
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.lopau.com/$1 [R,L]

Finally start back the server
sudo /opt/bitnami/ctlscript.sh start

Reload your website and check the URL, you should now be secured with an SSL

That should get your going.

Other things to note:

• certificates only valid for 90 days
• suggestions is to auto renew
• certificates are free and can be used on websites, ftp servers, mail servers
• need an ACME client
  • uses ACME protocol to verify that you control a given domain
    • other options are at https://letsencrypt.org/docs/client-options/

On my next tutorial, I’ll show you to setup a cron job to auto renew the certificate.