{"id":2410,"date":"2023-11-23T11:14:33","date_gmt":"2023-11-23T11:14:33","guid":{"rendered":"https:\/\/www.emizentech.com\/blog\/?p=2410"},"modified":"2023-11-23T11:14:38","modified_gmt":"2023-11-23T11:14:38","slug":"implement-sso-using-oauth-for-salesforce","status":"publish","type":"post","link":"https:\/\/multisitelocal.ezxdemo.com\/blog\/implement-sso-using-oauth-for-salesforce.html","title":{"rendered":"How to Implement Salesforce SSO Using OAuth"},"content":{"rendered":"\n<p>SSO, also known as sign-on, avoids the need for users to log in to every system. It configures one system to rely on another to authenticate users. The system that authenticates users is known as an identity provider, and the system that trusts the identity provider for authentication is known as the service provider.&nbsp;<\/p>\n\n\n\n<p>You can also implement Salesforce SSO to diminish the number of attack surfaces, as users only log in once daily and use one set of credentials. Also, reducing login to one set of credentials enhances enterprise security.&nbsp;<\/p>\n\n\n\n<p>We can implement Salesforce SSO using 3rd party identity provider, delegated authentication, OAuth, and more. You can choose any method depending on your organization&#8217;s current infrastructure, user management practices, and security requirements. You need to understand the process and then move ahead thoroughly.&nbsp;<\/p>\n\n\n\n<p>In this post, we will implement Salesforce SSO using OAuth (An open protocol that authorizes a client app to access data from a protected resource through the tokens exchange).<\/p>\n\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_81 counter-hierarchy ez-toc-counter ez-toc-light-blue ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #007db2;color:#007db2\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #007db2;color:#007db2\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/multisitelocal.ezxdemo.com\/blog\/implement-sso-using-oauth-for-salesforce.html#Implement_Salesforce_SSO_%E2%80%93_Lets_Start_The_Process\" >Implement Salesforce SSO &#8211; Let&#8217;s Start The Process<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/multisitelocal.ezxdemo.com\/blog\/implement-sso-using-oauth-for-salesforce.html#How_Can_My_SalesforceOrg_Use_Connected_Apps\" >How Can My Salesforce.Org Use Connected Apps?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/multisitelocal.ezxdemo.com\/blog\/implement-sso-using-oauth-for-salesforce.html#What_Role_Do_I_Play_with_Connected_Apps\" >What Role Do I Play with Connected Apps?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/multisitelocal.ezxdemo.com\/blog\/implement-sso-using-oauth-for-salesforce.html#Details_inside_Connected_App\" >Details inside Connected App:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/multisitelocal.ezxdemo.com\/blog\/implement-sso-using-oauth-for-salesforce.html#Key_Takeaways\" >Key Takeaways<\/a><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Implement_Salesforce_SSO_%E2%80%93_Lets_Start_The_Process\"><\/span>Implement Salesforce SSO &#8211; Let&#8217;s Start The Process<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>First, we need to create the Connect App for Salesforce SSO. A connected app is a framework that enables an external application to integrate with Salesforce using APIs and standard protocols, such as SAML, OAuth, and OpenID connect. Moreover, connected Apps use these protocols to authenticate, authorize, and provide single sign-on (SSO) for external apps. Such apps activate an SSO or set security policies to restrict what data 3rd-party apps can access from your org.\u00a0<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter is-resized\"><img fetchpriority=\"high\" decoding=\"async\" src=\"\/blog\/wp-content\/uploads\/sites\/2\/2020\/05\/1-Salesforce.png\" alt=\"Salesforce\" class=\"wp-image-2413\" width=\"318\" height=\"318\"\/><\/figure><\/div>\n\n\n<p>The external apps that are integrated with Salesforce can run on the customer success platform, other platforms, devices, or SaaS subscriptions.<\/p>\n\n\n\n<p>For example, when you log in to your Salesforce mobile app and see your data from your Salesforce org, you\u2019re using a connected app.<\/p>\n\n\n\n<p>By capturing metadata about an external app, a connected app tells Salesforce which protocol\u2014SAML, OAuth, and OpenID Connect\u2014the external app uses, and where the external app runs. Salesforce can then grant the external app access to its data, and attach policies that define access restrictions, such as when the app\u2019s access expires. Salesforce can also audit connected app usage.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How_Can_My_SalesforceOrg_Use_Connected_Apps\"><\/span>How Can My Salesforce.Org Use Connected Apps?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Access Data with API Integration<\/li>\n\n\n\n<li>Integrate Service Providers with Salesforce<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Access Data with API Integration:<\/h3>\n\n\n\n<p>When developers or independent software vendors (ISV) build web-based or mobile applications that need to pull data from your Salesforce org, you can use connected apps as the clients to request this data. To do so, you create a connected app that integrates with Salesforce APIs.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Also Read: <a href=\"https:\/\/multisitelocal.ezxdemo.com\/blog\/pipedrive-salesforce-integration.html\" target=\"_blank\" rel=\"noopener\">How To Connect Pipedrive and Salesforce Integration<\/a><\/h4>\n\n\n\n<h3 class=\"wp-block-heading\">Integrate Service Providers with Salesforce:<\/h3>\n\n\n\n<p>When Salesforce acts as your identity provider, you can use a connected app to integrate your service provider with your org. Depending on your org\u2019s configuration, you can use one of these methods.<\/p>\n\n\n\n<p>Use a connected app with SAML 2.0 to integrate a service provider with your org. Salesforce supports SAML single sign-on (SSO) when the service provider or the identity provider initiates the flow.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What_Role_Do_I_Play_with_Connected_Apps\"><\/span>What Role Do I Play with Connected Apps?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>To put it simply, developers create and configure authorization flows for connected apps, and admins set policies and permissions to control connected app usage. But there\u2019s much more to each role.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Connected App Developer<\/li>\n\n\n\n<li>Connected App Admin<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">The steps to use a connected app:<\/h3>\n\n\n\n<p>There are some steps you need to follow. These steps are described below:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>1. Domain Setup<\/li>\n\n\n\n<li>2. The profile must access User Object<\/li>\n\n\n\n<li>3. Connected App Setup<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Domain Setup Steps:<\/h3>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter\"><img decoding=\"async\" src=\"\/blog\/wp-content\/uploads\/sites\/2\/2020\/05\/2-Domain-Setup-Steps.png\" alt=\"Domain Setup Steps\" class=\"wp-image-2414\"\/><\/figure><\/div>\n\n\n<p>Go to Setup -&gt; Quick find box -&gt; Domain Management -&gt; Click Domains -&gt; Create New Domain (If not exists already)<\/p>\n\n\n\n<p>In my case domain name is : <strong>gst-idp-dev-ed<\/strong><\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Profile Access User Object<\/h4>\n\n\n\n<p>The profile you are using for any user it can be any which has access to the User.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>For Example here is one profile \u201c<strong>Standard User<\/strong>\u201d. By clicking on this profile you can add users to this profile.<\/li>\n<\/ul>\n\n\n\n<p>Setup -&gt; Quick find Box -&gt; Profiles -&gt; Standard User profile -&gt; Click Standard Users or any other profile.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter\"><img decoding=\"async\" src=\"\/blog\/wp-content\/uploads\/sites\/2\/2020\/05\/3-Standard-User-profile.png\" alt=\"Standard User profile\" class=\"wp-image-2415\"\/><\/figure><\/div>\n\n\n<p><strong>Add external users to any profile, for example, I am working on Standard User.<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Or while you are creating a user you can assign this profile to User.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">Click on Assigned Users<img decoding=\"async\" class=\"aligncenter wp-image-2416 size-full\" src=\"\/blog\/wp-content\/uploads\/sites\/2\/2020\/05\/4-Standard-User.png\" alt=\"Standard User\" width=\"1115\" height=\"226\"><\/h4>\n\n\n\n<h4 class=\"wp-block-heading\">Click on New User and then add users<img decoding=\"async\" class=\"aligncenter wp-image-2417 size-full\" src=\"\/blog\/wp-content\/uploads\/sites\/2\/2020\/05\/5-Salesforce-Standard-User.png\" alt=\"Salesforce Standard User\" width=\"1111\" height=\"318\"><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Or you can create a new custom profile which must access user object and then use it.<\/li>\n<\/ul>\n\n\n\n<p>Setup -&gt; Quick find Box -&gt; Create new User or Edit Existing User -&gt; Assign Standard User Profile or the Custom Profile you have created.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">for custom Go to:<\/h4>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter\"><img decoding=\"async\" src=\"\/blog\/wp-content\/uploads\/sites\/2\/2020\/05\/6-for-custom-Go-to.png\" alt=\"for custom Go to\" class=\"wp-image-2418\"\/><\/figure><\/div>\n\n\n<p>Setup -&gt; Quick find Box -&gt; Profiles -&gt; Create New Profile with Users Access Permission.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Connected App Setup Steps:<\/h4>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter\"><img decoding=\"async\" src=\"\/blog\/wp-content\/uploads\/sites\/2\/2020\/05\/7-Connected-App-Setup-Steps.png\" alt=\"Connected App Setup Steps\" class=\"wp-image-2419\"\/><\/figure><\/div>\n\n\n<p>Setup -&gt; Quick Find Box -&gt; Manage Apps -&gt; Connected App -&gt; Create Connected App<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter\"><img decoding=\"async\" src=\"\/blog\/wp-content\/uploads\/sites\/2\/2020\/05\/8-GST_IDP.png\" alt=\"GST_IDP\" class=\"wp-image-2420\"\/><\/figure><\/div>\n\n\n<p>In my case app label is <strong>GST_IDP<\/strong> you can give any name and version.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Details_inside_Connected_App\"><\/span>Details inside Connected App:<img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-2421 size-full\" src=\"\/blog\/wp-content\/uploads\/sites\/2\/2020\/05\/9-Details-inside-Connected-App.png\" alt=\"Details inside Connected App\" width=\"1267\" height=\"591\"><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Consumer Key and Consumer Secret are generated by Salesforce itself.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter\"><a href=\"https:\/\/multisitelocal.ezxdemo.com\/contact-us.html?utm_source=blog&amp;utm_medium=banner&amp;utm_campaign=emizen_blog\"><img decoding=\"async\" src=\"\/blog\/wp-content\/uploads\/sites\/2\/2020\/05\/hire-salesforce-developers-1.png\" alt=\"hire salesforce developers\" class=\"wp-image-2389\"\/><\/a><\/figure><\/div>\n\n\n<div class=\"center-imgs\"><p><\/p>\n<h3>GST System Calling API<\/h3>\n<p>Access your basic information (id, profile, email, address, phone)<br>\nFull access (full)<\/p>\n<p>This URL will be used by GST System.<\/p>\n<h4>Selected OAuth Scopes:<\/h4>\n<h4>Callback URL:<\/h4>\n<p><strong><span style=\"color: #ff0000\">http:\/\/{Domain Name}\/Account\/ExternalLoginCallback<\/span><\/strong><\/p>\n<p><strong>The domain name will be replaced by site URL, using that they will access the application<\/strong><br>\nEx:<br>\n<strong><span style=\"color: #ff0000\">https:\/\/ gme-gst-test.bp.com\/Account\/ExternalLoginCallback<\/span><\/strong><\/p>\n<figure><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2428 alignleft\" src=\"\/blog\/wp-content\/uploads\/sites\/2\/2020\/05\/1-icon.jpg\" alt=\"Consumer Key and Consumer Secret\" width=\"67\" height=\"25\"><\/figure><p>1. This will return Consumer Key and Consumer Secret<\/p>\n<p>&nbsp;<\/p>\n<figure><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2429 alignleft\" src=\"\/blog\/wp-content\/uploads\/sites\/2\/2020\/05\/2-icon.jpg\" alt=\"pass consumer key, consumer secret \" width=\"64\" height=\"26\"><\/figure><p>2. Then we need to pass consumer key, consumer secret, and domain name to .net API as parameters.<\/p>\n<figure><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-2422 size-full\" src=\"\/blog\/wp-content\/uploads\/sites\/2\/2020\/05\/10-remote-site-settings.png\" alt=\"remote site settings\" width=\"1366\" height=\"405\"><\/figure><p><strong>Note:<\/strong> Whenever you do the integration with any other site using API, you need to set the site URL in remote site settings.<br>\nIf you are searching for experienced <a href=\"https:\/\/multisitelocal.ezxdemo.com\/salesforce-consulting.html\">salesforce consultants<\/a> for <a href=\"https:\/\/multisitelocal.ezxdemo.com\/salesforce.html\">salesforce development<\/a> services then please get in touch with us.<\/p>\n<h4>Also Read: <a href=\"https:\/\/multisitelocal.ezxdemo.com\/blog\/salesforce-commerce-cloud-benefits.html\" target=\"_blank\" rel=\"noopener\">Benefits of Salesforce Commerce Cloud Implementation<\/a><\/h4><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Key_Takeaways\"><\/span><strong>Key Takeaways<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Now, you know how to implement SSO using OAuth to ease users&#8217; log-in to each system. You may find it simple to attain this, but trust us, it needs expertise. You can connect with a leading Salesforce consulting company offering perfect guidance to make the best use of the platform.&nbsp;<\/p>\n\n\n\n<p>When Emizentech is here to serve you the best, you don\u2019t need to go here and there to find the best company. We have a team of experienced <a href=\"https:\/\/multisitelocal.ezxdemo.com\/salesforce-consulting.html\">Salesforce consultants<\/a> assisting worldwide clients in accomplishing their Salesforce projects.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>SSO, also known as sign-on, avoids the need for users to log in to every system. It configures one system to rely on another to authenticate users. The system that authenticates users is known as an identity provider, and the system that trusts the identity provider for authentication is known as the service provider.&nbsp; You<\/p>\n","protected":false},"author":39,"featured_media":40556,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"MSN_Categories":"Uncategorized","MSN_Publish_Option":false,"MSN_Is_Local_News":false,"MSN_Is_AIAC_Included":"Empty","MSN_Location":"[]","MSN_Add_Feature_Img_On_Top_Of_Post":false,"MSN_Has_Custom_Author":false,"MSN_Custom_Author":"","MSN_Has_Custom_Canonical_Url":false,"MSN_Custom_Canonical_Url":"","_lmt_disableupdate":"","_lmt_disable":"","footnotes":""},"categories":[87],"tags":[],"class_list":{"0":"post-2410","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-salesforce-development"},"modified_by":"Marketing EmizenTech","featured_image_src":"https:\/\/multisitelocal.ezxdemo.com\/blog\/wp-content\/uploads\/sites\/2\/2020\/05\/How-to-Implement-Salesforce-SSO-Using-OAuth-600x400.jpg","featured_image_src_square":"https:\/\/multisitelocal.ezxdemo.com\/blog\/wp-content\/uploads\/sites\/2\/2020\/05\/How-to-Implement-Salesforce-SSO-Using-OAuth-600x408.jpg","author_info":{"display_name":"Virendra Sharma","author_link":"https:\/\/multisitelocal.ezxdemo.com\/blog\/author\/salesforce"},"_links":{"self":[{"href":"https:\/\/multisitelocal.ezxdemo.com\/blog\/wp-json\/wp\/v2\/posts\/2410","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/multisitelocal.ezxdemo.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/multisitelocal.ezxdemo.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/multisitelocal.ezxdemo.com\/blog\/wp-json\/wp\/v2\/users\/39"}],"replies":[{"embeddable":true,"href":"https:\/\/multisitelocal.ezxdemo.com\/blog\/wp-json\/wp\/v2\/comments?post=2410"}],"version-history":[{"count":0,"href":"https:\/\/multisitelocal.ezxdemo.com\/blog\/wp-json\/wp\/v2\/posts\/2410\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/multisitelocal.ezxdemo.com\/blog\/wp-json\/wp\/v2\/media\/40556"}],"wp:attachment":[{"href":"https:\/\/multisitelocal.ezxdemo.com\/blog\/wp-json\/wp\/v2\/media?parent=2410"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/multisitelocal.ezxdemo.com\/blog\/wp-json\/wp\/v2\/categories?post=2410"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/multisitelocal.ezxdemo.com\/blog\/wp-json\/wp\/v2\/tags?post=2410"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}