How should an architect solve the problem of accessing data from a legacy application without single-sign-on enabled?

Leveraging Canvas to display the legacy application within Salesforce is a practical and effective approach when dealing with a legacy application that does not have single sign-on (SSO) enabled. Canvas allows third-party applications to be embedded seamlessly within Salesforce, providing a more integrated user experience. This method enables users to interact with the legacy application without leaving the Salesforce environment, facilitating data access and maintaining a consistent interface.

This solution is particularly useful because it avoids the complexities involved in migrating the legacy application or managing separate authentication processes outside Salesforce. By displaying the application through Canvas, users benefit from a unified login experience within Salesforce, reducing friction and enhancing productivity. Moreover, it allows the architect to utilize Salesforce's security features while still providing the necessary access to the legacy system.

The other options present various alternatives but may not offer the same level of integration or user experience. Utilizing the Streaming API for real-time updates would primarily enhance data notification capabilities rather than directly solve the access issue. Migrating the legacy app to Heroku could introduce significant overhead in terms of development and maintenance. Creating a web-tab directly to the legacy application might still face the same SSO challenges and could result in inefficient user navigation, making Canvas the more streamlined choice.