ISVforce Guide

Introduction
ISVforce Quick Start
Designing and Building Your App
Overview of Packages
Components Available in Managed Packages
About API and Dynamic Apex Access in Packages
Architectural Considerations for Group and Professional Editions
Connected Apps
Environment Hub
Get Started with the Environment Hub
Manage Orgs in the Environment Hub
Single Sign-on in the Environment Hub
Enable SSO for a Member Org
Define an SSO User Mapping
Use a Federation ID or Formula for SSO
Disable SSO for a Member Org
Environment Hub Best Practices
Environment Hub FAQ
Considerations for the Environment Hub in Lightning Experience
Notifications for Package Errors
Packaging and Testing Your App
Passing the Security Review
Publish Your Offering on the AppExchange
Manage Orders
Managing Licenses
Provide a Free Trial
Supporting Your Customers
Upgrading Your App
Appendices
Glossary
PDF

Newer Version Available

This content describes an older version of this product. View Latest

Single Sign-on in the Environment Hub

Developing, testing, and deploying apps means switching between multiple Salesforce environments and providing login credentials each time. Single sign-on (SSO) simplifies this process by letting an Environment Hub user log in to member orgs without reauthenticating. You can set up SSO by defining user mappings manually, using Federation IDs, or creating a formula.
Available in: both Salesforce Classic and Lightning Experience
Available in: Enterprise, Performance, and Unlimited Editions

The Environment Hub supports these SSO methods for matching users.
SSO Method Description
Mapped Users Match users in the Environment Hub to users in a member org manually. Mapped Users is the default method for SSO user mappings defined from the member detail page.
Federation ID Match users who have the same Federation ID in both the Environment Hub and a member org.
User Name Formula Match users in the Environment Hub and a member org according to a formula that you define.
If you specify multiple SSO methods, they’re evaluated in this order: (1) Mapped Users, (2) Federation ID, and (3) User Name Formula. The first method that results in a match is used to log in the user, and the other methods are ignored. If a matching user can’t be identified, the Environment Hub directs the user to the standard Salesforce login page.

SSO doesn’t work for newly added users or for user mappings defined in a sandbox org. Only add users, edit user information, or define SSO user mappings in the parent org for the sandbox.

Note