SUPPORT.TWILIO.COM END OF LIFE NOTICE: This site, support.twilio.com, is scheduled to go End of Life on February 27, 2024. All Twilio Support content has been migrated to help.twilio.com, where you can continue to find helpful Support articles, API docs, and Twilio blog content, and escalate your issues to our Support team. We encourage you to update your bookmarks and begin using the new site today for all your Twilio Support needs.

Understanding the Impact of Salesforce MFA/SSO Requirements on Segment

Issue

Salesforce is enforcing new authentication requirements, including the deprecation of username and password authentication and mandatory MFA/SSO for interactive logins. Users are concerned about how these changes impact Segment’s Salesforce destinations, specifically regarding OAuth reauthentication with SAML SSO and the ability to manage authentication centrally across multiple destinations.

 

Product

Twilio Segment

 

Environment

Segment Console

 

Cause

Salesforce is updating its security model to require OAuth JWT Bearer for service accounts and enforce MFA/SSO for interactive logins. Segment’s Salesforce destinations use OAuth 2.0, but each destination manages its own credentials.

 

Resolution

  • Segment’s OAuth flow supports SAML SSO redirects for Salesforce authorization, including MFA/SSO as required by Salesforce.
  • Token refreshes are handled server-side by Segment, so users are redirected to Salesforce for reauthentication as needed.
  • Centralized (workspace-level) authentication for Salesforce destinations is not currently available. Each destination must be reconnected individually if credentials need to be refreshed or rotated.

 

Additional Information 

A feature request for workspace-level authentication for destinations has been submitted. Users are encouraged to reconnect each Salesforce destination before the enforcement deadline to avoid service disruption.

 

Have more questions? Submit a request
We can’t wait to see what you build.
Powered by Zendesk