{"id":2865,"date":"2014-12-09T03:36:46","date_gmt":"2014-12-09T03:36:46","guid":{"rendered":"https:\/\/devbloglavaprotocols.nityo.in\/salesforce-single-sign-on\/"},"modified":"2014-12-09T03:36:46","modified_gmt":"2014-12-09T03:36:46","slug":"salesforce-single-sign-on","status":"publish","type":"post","link":"https:\/\/www.lavaprotocols.com\/the-cloud-blog\/salesforce-single-sign-on\/","title":{"rendered":"Salesforce Single Sign-On"},"content":{"rendered":"<div style=\"margin-top: 0px; margin-bottom: 0px;\" class=\"sharethis-inline-share-buttons\" ><\/div><p><em><strong>by Kana Sabaratnam, Former General Manager, Lava Labs<\/strong><\/em><\/p>\n<p><!--more--><\/p>\n<p style=\"text-align: left;\">The dilemma in understanding technology has always been considering \u00a0the various options that we have. In considering single sign-on (SSO) for our organization,\u00a0 we \u00a0had \u00a0to \u00a0understand the two permissible methods in <a href=\"https:\/\/lavaprotocols.com\/salesforce-crm\/\" target=\"_blank\" rel=\"noopener\">Salesforce<\/a> which are Delegated Authentication and Federation ID.<\/p>\n<p style=\"text-align: left;\">Having considered both options, we found that there are pros and cons to both systems \u00a0of implementing \u00a0single \u00a0sign \u00a0on \u00a0which is \u00a0worth \u00a0discussing. I hope this will be helpful \u00a0for \u00a0those \u00a0who \u00a0wish \u00a0to implement SSO for their organizations.<\/p>\n<h2 style=\"text-align: left;\"><span style=\"color: #ff6600;\"><strong>Delegated Authentication<\/strong><\/span><\/h2>\n<p style=\"text-align: left;\">We created a Google App that runs on the Google App Engine. Google App has a link to host SSO login and authentication. Like all other google Apps, it \u00a0requires users \u00a0to log in \u00a0to \u00a0google \u00a0using \u00a0their \u00a0email and \u00a0password.<\/p>\n<p style=\"text-align: left;\">Once \u00a0the \u00a0user \u00a0is authenticated, Google App\u2019s home page will display the landing page to start the authentication process. This page will have a link to Salesforce. This link is an auto form submission that links to your Salesforce login page.<\/p>\n<p style=\"text-align: left;\">Clicking on the link will submit the form that contains your Gmail username as your username for Salesforce, and a dynamic token will be generated as your Salesforce password.<\/p>\n<p style=\"text-align: left;\">After \u00a0submitting \u00a0the \u00a0form to \u00a0Salesforce, \u00a0Salesforce \u00a0Delegated Authentication takes over. If the user is <b>\u201csingle sign on\u201d<\/b> enabled, delegated authentication will send a soap type request from Salesforce to your Google App \u00a0link \u00a0specified \u00a0in the \u00a0delegated authentication gateway.<\/p>\n<p style=\"text-align: left;\">Once the request has been received, Google App will check the username and\u00a0 password to see if \u00a0it \u00a0is \u00a0the \u00a0correct username \u00a0and \u00a0password \u00a0that \u00a0was submitted in the automated link. The password is a dynamically generated token from the login link page. This whole process should be completed in less than 2 minutes. Once the token is checked against the the secret format, the response is sent to Salesforce.<\/p>\n<blockquote>\n<p><strong>In considering SSO (single sign on) for \u00a0our organization, we had to understand the two allowed methods in Salesforce which are Delegated Authentication and Federation ID.<\/strong><\/p>\n<\/blockquote>\n<p style=\"text-align: left;\">The \u00a0response \u00a0to \u00a0Salesforce \u00a0is \u00a0soap type response with the Authenticated value set as true or false. If the response is false the user will get a message indicating \u00a0that \u00a0the \u00a0Authentication Provider \u00a0is \u00a0down \u00a0or \u00a0not \u00a0responding. If the response is true, a new session is \u00a0created \u00a0and \u00a0the \u00a0user \u00a0logs \u00a0into Salesforce.<\/p>\n<h2 style=\"text-align: left;\"><span style=\"color: #ff6600;\"><strong>Conclusion<\/strong><\/span><\/h2>\n<p style=\"text-align: left;\">Our primary focus is<a href=\"https:\/\/lavaprotocols.com\/services\/\" target=\"_blank\" rel=\"noopener\"> cloud solutions<\/a>. Therefore it is clear that Delegated Authentication was most suited. However, we are very much in-favour of the features available in sAmL such as; JIT and direct login on the service provider. we are hoping to have some solution soon so that the user adoption rates would be much more encouraging.<\/p>\n<p><i><span style=\"font-weight: 400;\">Lava is an<\/span><\/i><a href=\"https:\/\/lavaprotocols.com\/salesforce-crm\/\"> <i><span style=\"font-weight: 400;\">authorised Salesforce Partner<\/span><\/i><\/a><i><span style=\"font-weight: 400;\"> in Malaysia and has more than a decade of experience in cloud solutions which includes marketing automation, CRM implementation, change management, and consultation. We pride ourselves in not just being a CRM partner but in also understanding the needs of our customers and taking their business to the next level.<\/span><\/i><\/p>\n<p>\u00a0<\/p>\n<p><span class=\"et_bloom_bottom_trigger\"><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>What is a single sign-on? How do you use it in your business? If you&#8217;re on Salesforce, you need to first understand two permissible methods in Salesforce.<\/p>\n","protected":false},"author":1,"featured_media":2866,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2865","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"jetpack_featured_media_url":"https:\/\/www.lavaprotocols.com\/the-cloud-blog\/wp-content\/uploads\/2024\/10\/IdentityFlow.png","_links":{"self":[{"href":"https:\/\/www.lavaprotocols.com\/the-cloud-blog\/wp-json\/wp\/v2\/posts\/2865","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.lavaprotocols.com\/the-cloud-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.lavaprotocols.com\/the-cloud-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.lavaprotocols.com\/the-cloud-blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.lavaprotocols.com\/the-cloud-blog\/wp-json\/wp\/v2\/comments?post=2865"}],"version-history":[{"count":0,"href":"https:\/\/www.lavaprotocols.com\/the-cloud-blog\/wp-json\/wp\/v2\/posts\/2865\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.lavaprotocols.com\/the-cloud-blog\/wp-json\/wp\/v2\/media\/2866"}],"wp:attachment":[{"href":"https:\/\/www.lavaprotocols.com\/the-cloud-blog\/wp-json\/wp\/v2\/media?parent=2865"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.lavaprotocols.com\/the-cloud-blog\/wp-json\/wp\/v2\/categories?post=2865"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.lavaprotocols.com\/the-cloud-blog\/wp-json\/wp\/v2\/tags?post=2865"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}