For those that don’t know, Trailhead uses a service called Trailblazer Identity for managing user sign-up and login. Trailblazer Identity is one of the greatest innovations that Salesforce has created. It solves a truly unique problem set: how to unify all the Salesforce community properties such as Trailhead, Trailblazer Community, Dreamforce, Events, AppExchange under a common profile and identity that represents their single user across all Salesforce properties. At the same time, it also supports myTrailhead users within a company who may double up as Salesforce community users. That’s some serious double-thinking going on - you can be a member of several communities, plus access Trailhead, plus access private myTrailhead content - all as the same user! I could be an Independent Software Vendor (ISV) managing my app on AppExchange, a guest at Dreamforce, a partner attending a Trailblazer Community event, a Salesforce learner on Trailhead, or a learner on my own company’s myTrailhead tenant - all within the same day. That is a truly unique problem set that was solved with a single identity service!
Using Trailblazer Identity means a single person can use many different login identities (Google, Facebook, Salesforce, LinkedIn, Email) for many different use cases in many different user contexts (I’m an ISV, a partner, a learner, an admin, an employee, an event attendee) all going through the same identity service to sign up, login, access different types of content, and view their profile of accomplishments and engagement with Trailhead, myTrailhead, and the Salesforce community. As you can hopefully imagine, there are many different ways Trailblazer Identity interacts with users - whether it’s logging them in either via the web site or single sign-on, linking or merging their identities and users together, signing them up, or managing their settings including their hands-on orgs used for challenges. And it does all of this for both Trailhead and myTrailhead. As a result, there’s some complexity in the identity service which creates an opportunity to educate others how it works.
When I start explaining Trailblazer Identity in the context of both Trailhead and myTrailhead, I wind up with a white board that looks a little like this:
White board of Trailblazer Identity with Trailhead and myTrailhead
Keep in mind, every myTrailhead user is a Trailhead user. This means that myTrailhead users have full access as first class citizens to public Trailhead content while, at the same time, having access to their organization’s private myTrailhead content.
In its most basic form, Trailblazer Identity works like this: a new user signs up for Trailhead using a login identity that Trailblazer Identity accepts including:
- *Salesforce production org
- including developer edition and a trial org
- email address/one-time password
*Important Note: sandbox org logins do not work with Trailblazer Identity for login or sign up. This affects Trail Tracker sync later on in this blog post. If you have developers in a sandbox that aren’t already in a production Salesforce org, Trail Tracker won’t be able to load any of their badges. Those developers can still use a different login identity like Google or Facebook; however, their badges won’t sync with Trail Tracker.
Web login and sign up options
Now that Trailblazer Identity has some information about the login identity that you’re using to sign up, it asks for some simple information to finish the user registration. All users, including myTrailhead users, must self-register first as a Trailhead user. This guarantees a set of rights for all users based on the Terms of Service for Trailhead. For instance, an organization can inactivate a production user, removing their access to their private badges. But the organization can't take away access to a user's public badges as long as that user connected a separate, non-production org identity to their Trailhead user. Because everyone must self-register as Trailhead users, there is no way to auto-provision users on Trailblazer Identity such as through an LDAP or Active Directory service.
Progressive Profile User Registration
Login and Signup flows put together
If your intention is to create multiple Trailhead users intentionally, for instance if you’re getting ready to do a demonstration to your team but don’t want it to affect your real badges or profile, then you can use a different email address or modify your email. For example, Gmail allows you to add a ‘+’ in your address as a filter which will act like a new email address even if emails will still go to your original address. There’s a great blog from Google about using filters in email addresses.
It’s also important to understand that you can use more than one login identity tied to your Trailhead user, so any of the following login identities can be used to login to your single Trailhead User.
Multiple Logins, Only one of You
Manage Login Identities under Settings
Linking or Merging users
And now that you have your single Trailhead user, you can login through the web site by clicking the login button or through single sign-on. To learn more about the single sign-on route, check out this awesome blog post.
Most importantly, now that you have a single user with multiple login identities, you have a single place to share your user’s profile and accomplishments. It doesn’t matter what login identity you use to login, you can access your single Trailhead profile.
Public Trailhead Badges and Rank
myTrailhead + Public Trailhead Badges and Rank
People find Trailhead through a variety of means such as searching Google, following someone on Twitter, and word of mouth. Most of these result in a new Trailhead user signing up via the public Trailhead web site.
A myTrailhead user will typically become a Trailhead user by clicking through a single sign-on deep link in an email inviting them to earn a badge on myTrailhead. They might also click a single sign-on link from another website like a community or within a chatter post in the Salesforce app. Keep in mind, a Trailhead user must use a Salesforce production org login to access their myTrailhead content - that’s how Trailhead connects the dots between the org they’re logging in from and the myTrailhead tenant they should have access to. After all, it’s possible for a single Trailhead user to have access to multiple myTrailhead tenants of content. If that user already exists and has logged into their production org in another browser tab, Trailhead will log them in automatically. If not, Trailhead will take them through the progressive profile sign up process and then deep link them to the content from the email.
myTrailhead login and single sign-on flow
Finally, Trailblazer Identity helps Trailhead to connect the dots with Trail Tracker reporting. Trail Tracker is a free AppExchange app for tracking user badge and Trailmix activity. When reporting on badge activity via Trail Tracker, Trailhead uses your user’s information to decide how to sync their activity with their reporting organization.
Every day, a scheduled Apex job in Trail Tracker runs, it calls into Trailhead with the organization Id and retrieves all of the badge and Trailmix activity for any user who has linked or used the same production org identity to login for their Trailhead user. That way, Trailhead can share the user’s public and private myTrailhead badges the same way Trailhead figures out whether you can see public or public and private badges on your profile. And if the user doesn’t use myTrailhead, that’s okay. Trail Tracker will sync all of their public badges with your organization - as long as they’ve linked at least one of their Trailhead user login identities with the same org. More about using Trail Tracker and linking login identities in this fantastic blog post.
Trail Tracker and User Identities
Trailblazer Identity is one of the greatest innovations that Salesforce has created. It allows you to access multiple communities in different contexts as your day switches you from partner, to customer, to developer, to employee end-user. It solves many difficult problems and helps us unify the community as well as providing a secure, scalable, and trusted service for all Salesforce community properties including Trailhead and myTrailhead.