When is two-way TLS required in Salesforce?

Two-way TLS (Transport Layer Security) is necessary for establishing a secure channel between two communicating parties, particularly in scenarios that require mutual authentication. In the context of Salesforce, two-way TLS is essential for outbound integrations because it ensures that the Salesforce instance verifies the identity of the external system it is communicating with, and vice versa.

During an outbound integration, Salesforce needs to send data to an external service or system. Two-way TLS guarantees that both Salesforce and the external service can validate each other's certificates, which enhances security by preventing unauthorized access and ensuring that sensitive data is transmitted securely.

In contrast, inbound integrations typically involve external systems sending data to Salesforce, where Salesforce needs to authenticate the incoming requests. While security is still critical, the type of authentication required for inbound integrations does not necessitate two-way TLS in the same manner as it does for outbound integrations. Internal Salesforce applications and mobile accessibility also do not specifically require two-way TLS, as they operate within the secure perimeter of Salesforce’s architecture or utilize different forms of authentication suited for those contexts.