What should an integration architect recommend to ensure all integrations to the Northern Trail Outfitters’ company portal use SSL mutual authentication?
A.
Generate a certification authority (CA) signed certificate.
To ensure that all integrations calling into a Salesforce portal are secured with Mutual Authentication, the architect must enable and configure specific platform-level security settings. The primary recommendation is to Enforce SSL/TLS Mutual Authentication for the relevant integration users.
Mutual Authentication (Two-way SSL) adds a layer of trust beyond the standard session-based authentication. When enforced, the Salesforce server requires the calling client to present a valid CA-signed certificate that matches a certificate stored in the org. This ensures that only authorized systems with the correct private key can establish a connection.
To implement this, the architect must first work with Salesforce support to enable the feature. Once enabled, a Mutual Authentication Certificate must be uploaded to the org, and a specific user profile—cloned for integration purposes—must have the "Enforce SSL/TLS Mutual Authentication" permission enabled. This configuration forces the client to use port 8443 (the dedicated port for mutual TLS) for API calls, providing a highly secure, server-to-server connection that protects against impersonation and unauthorized data access.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit