So Many Logins, So Little Time: Salesforce as an Identity Provider for Single Sign-On

December 15, 2015
Read

 

In our previous post, we explored how to configure Salesforce as a Service Provider for SSO. Now, let's dive into the flip side and learn how to set it up as an Identity Provider (IdP), enabling convenient access to other applications for your Salesforce users.

Step 1: Enable Salesforce as Identity Provider

  • Navigate to: Setup > Security Controls > Enable Identity Provider.
  • Choose the desired certificate:
    • Salesforce self-signed: Use this for basic internal SSO setups.
    • Third-party signed: Recommended for secure external SSO integrations.


  • Gather the following details to share with your Service Provider (SP):
    • Sign-in page URL: Replace yourdomain with your custom domain name: https://yourdomain.my.salesforce.com/idp/endpoint/HttpRedirect
    • Sign-out page URL: https://yourdomain.my.salesforce.com
    • Change password URL: https://yourdomain.my.salesforce.com/_ui/system/security/ChangePassword
    • Verification certificate: Click "Download Certificate" and share it with your SP.
  • Once your SP configures SSO settings, create a Connected App in Salesforce:

Step 2: Set Up Salesforce Connected App

  • Navigate to: Setup > Create > Apps > Connected Apps > New.
  • Fill in the mandatory fields, using information provided by your SP:
    • Start URL: The SP URL where users land after authentication (optional for mobile devices).
    • Entity ID: A unique identifier for your application in the SP system.
    • ACS URL: Similar to the Entity ID, but with "https" prefix and "acs" suffix.
    • Subject type: An external identifier linking users across applications (determined during analysis).
  • Access setup: Control user access to the SP through profiles or permission sets within Salesforce.

Authentication Process:


  • Users access the SP application.
  • The SP redirects them to your Salesforce IdP login page.
  • Users log in with their Salesforce credentials.
  • Salesforce verifies the user and sends authentication information back to the SP.
  • The SP grants access to its application based on the received information.

Additional Notes:

  • Consider using multi-factor authentication (MFA) for enhanced security.
  • Refer to your SP's documentation for specific configuration details.
Tags :

No comments:

Post a Comment

Powered by Blogger.