- Keeping eye on different username / passwords for dev orgs and sandboxes
- Giving Access to your sandbox / dev org to others
- White listing the IPs to avoid tokens being asked
- Sandbox Refresh - changing email and verification
- Scripts to reset passwords or profiles or emails, etc.
I believe Environment Hub is quite sleek solution.
Install Environment Hub Application
- You will need to contact customer support to have that App installed
- In case of production org (non ISV), it should be installed in production org
- for ISV, it is more flexible, but prefer to be at same place as LMA org
Configuration
- Select Environment Hub App
- Add Environment Hub tab
- In case of production org, all sandboxes should be auto discovered
- In case of ISV, we might want to register different Developer org to Environment hub
- We should give all users who need to use Environment Hub, appropriate access to their profile
- Manage Environment Hub
- Connect Organization to Environment Hub
Sandboxes
- Sandboxes are auto discovered by Environment Hub
- We should enable the SSO on it
- Once SSO is enabled, it is required to refresh this sandbox
- Once that is done, any production user (with Connect Organization permission) will be able to login to that org!
- No more email reset, password rest, white listing IP, ...
Development Orgs
- We can connect any dev org to Environment Hub
- We should enable SSO on it
- Now there are 3 different method to map Environment Hub user to Dev org
- User name mapping - we can map the user name from Env hub to Dev org - manually
- Federation Id : in case of SSO, as long as federation id matches between dev org and env hub org
- User name formula field - apply the user name formula field so that env hub user can be converted to one of the Dev org user
In most cases, there is only one user that we care about, hence I use third approach (formula field) to give all users in Environment hub access to dev org.
E.g. if dev org user is dev2@ot.com, I will make formula field to be "dev2@ot.com", hence all environment hub user will evaluate to "dev2@ot.com" and would have full access to my dev org.