Newer Version Available
Single Sign-On
| Available in: both Salesforce Classic (not available in all orgs) and Lightning Experience |
| Federated Authentication is available in: All
Editions Delegated Authentication is available in: Professional, Enterprise, Performance, Unlimited, Developer, and Database.com Editions Authentication Providers are available in: Professional, Enterprise, Performance, Unlimited, and Developer Editions |
| User Permissions Needed | |
|---|---|
| To view the settings: | View Setup and Configuration |
| To edit the settings: | Customize Application AND Modify All Data |
When you set up SSO, you configure one system to trust another to authenticate users, eliminating the need for users to log in to each system separately. The system that authenticates users is called an identity provider. The system that trusts the identity provider for authentication is called the service provider.
For example, you can configure Google as an identity provider to authenticate users accessing your org. So users log in to your org using their Google credentials. In this example, your org acts as the service provider, trusting Google to accurately authenticate users.
You can configure your Salesforce org as an identity provider, a service provider, or both. For each of these use cases, you select the authentication protocol to use. Salesforce supports SSO with SAML and OpenID Connect. Salesforce also has preconfigured authentication providers that you can use to enable SSO with systems that have their own authentication protocols, like Facebook. For more information, see Single Sign-On Use Cases. To see a SAML SSO implementation where Salesforce is the identity provider, watch this video.
You can also set up a single identity provider to authenticate users for multiple service providers. For example, you can enable your org as an identity provider and configure Workday and Office 365 as service providers. Users can then access your org, Workday, and Office 365 with one login.
After you configure SSO, set up Single Logout so users can log out of a service provider and identity provider at the same time.
SSO Content
Refer to the following Help articles to learn about and set up SSO in Salesforce.