Single Sign On:
What is the difference between configuration and customization in Salesforce.
Configuration:
•Configuration means providing a user defined values which will enable a given feature or module to function.Example: Email setting is an example of configuration.
•salesforce users can configure CRM application. Marketing User can enable few tabs which are not available for Customer support people.
• Adding a new field to a given salesforce object is configuration.
• adding a new field which will use formula to perform some result is configuration
Customization:
•Any feature or functions which are not available as a part of application and the application needs to extend refers to customization.•Despite you configured the things there are few actions which are not achievable and it results into adding some custom code, which results in Customization.
• Adding triggers on the object to perform some action is called customization
• Adding Apex Code which will generate a vCard from a given Contact is called Customization.
How to Implement Single Sign On for Across Multiple Organizations In salesforce?
In this Article we will use one Salesforce Intense as Identity Provider and Other Salesforce Instance as Service provider.
Before Starting you have to decide which salesforce instance will act as Identity Provider and which will act as Service Provider.
Step 1: Enable Domain In Identity Provider Organization
From Click Domain Management | My Domain. Enter a new sub domain name, and click Check availability. If the name is available, click the term and condition box,Then click register domain.
Step 2: Enable Identity Provider
From Set up click Security controls | Identity Provider
Click Enable
Click "Download Certificate". Remember where you save the certificate , as you will upload it later.
Once you enable identity provider ,you will see page like below with Identity Provider related Information.
Image
In Above Image ,Issuer is Nothing But domain URL of Identity Provider Org.
Step 3: Enable Single Sign On in Service Provider Org
Now we have to go to other Salesforce Instance which is acting as Service Provider.
From Setup,Click "Security Controls | Single Sign-On Setting" then click Edit.
Select SAML Enabled check box.
We have to upload certificate download from Identity Provider to here in Service provider while declaring SSO related settings. we have to come back again here to setup "Identity Provider Login URL".
We will get this URL once we define Connected App in Identity Provider instance.
Use the following settings
Image
Step 4: Define Connected App in Identity Provider Instance
Log into the salesforce organization that act as the Identity provider.
From Setup.Click Create | Apps, then in the "Connected APP" Section , Click New
Specify the following information:
Connected App Name: Salesforce Service Provider
Contact Email :
Enable SAML: Select this option to enter service provider details.
Entity ID:
ACS URL:
Once you save, you should be able to see settings page something like shown below :
Image
NOTE: Once you define Connected App, We need to add which profiles should be able to access this app.
From above setting page ,copy url of "IDP-Initiated Login URL" and go back to SSO setting page of Service Provider and Add this URL.
Image
Step 5: Setting up Users
Everything is already at place, Lets start with user setup.
Copy one of User name from Identity Provider Instance to "Federation ID" fields of related user in Service Provider.
Example : In Identity Provider , ihave user "".Now in Service Provider i have user "" and want to relate this user. SO In federation ID filed of "" user, i will copy "".
Image
Testing Scenario :
To Test this, We need to inform salesforce that Instead of standard login page, Users have to use single sign on settings.
Image
Before Starting you have to decide which salesforce instance will act as Identity Provider and which will act as Service Provider.
Step 1: Enable Domain In Identity Provider Organization
From Click Domain Management | My Domain. Enter a new sub domain name, and click Check availability. If the name is available, click the term and condition box,Then click register domain.
Step 2: Enable Identity Provider
From Set up click Security controls | Identity Provider
Click Enable
Click "Download Certificate". Remember where you save the certificate , as you will upload it later.
Once you enable identity provider ,you will see page like below with Identity Provider related Information.
Image
In Above Image ,Issuer is Nothing But domain URL of Identity Provider Org.
Step 3: Enable Single Sign On in Service Provider Org
Now we have to go to other Salesforce Instance which is acting as Service Provider.
From Setup,Click "Security Controls | Single Sign-On Setting" then click Edit.
Select SAML Enabled check box.
We have to upload certificate download from Identity Provider to here in Service provider while declaring SSO related settings. we have to come back again here to setup "Identity Provider Login URL".
We will get this URL once we define Connected App in Identity Provider instance.
Use the following settings
Image
Step 4: Define Connected App in Identity Provider Instance
Log into the salesforce organization that act as the Identity provider.
From Setup.Click Create | Apps, then in the "Connected APP" Section , Click New
Specify the following information:
Connected App Name: Salesforce Service Provider
Contact Email :
Enable SAML: Select this option to enter service provider details.
Entity ID:
ACS URL:
Once you save, you should be able to see settings page something like shown below :
Image
NOTE: Once you define Connected App, We need to add which profiles should be able to access this app.
From above setting page ,copy url of "IDP-Initiated Login URL" and go back to SSO setting page of Service Provider and Add this URL.
Image
Step 5: Setting up Users
Everything is already at place, Lets start with user setup.
Copy one of User name from Identity Provider Instance to "Federation ID" fields of related user in Service Provider.
Example : In Identity Provider , ihave user "".Now in Service Provider i have user "" and want to relate this user. SO In federation ID filed of "" user, i will copy "".
Image
Testing Scenario :
To Test this, We need to inform salesforce that Instead of standard login page, Users have to use single sign on settings.
Image
No comments:
Post a Comment