5. Set Up Social Sign-On15 mins
- Describe what an auth provider is.
- List the auth providers that come with Salesforce.
- Configure an auth provider.
- Describe the value of a registration handler.
To enable customers to log in to Salesforce with their social credentials, you configure an authentication (auth) provider for the social account. Here’s what your customer experiences when you do.
- A customer encounters a Salesforce login page with options to log in via Google, Facebook, Twitter, as well as username and password. (1)
- The customer chooses to log in via Facebook credentials. (2)
- Salesforce redirects the customer to Facebook. (3)
- The customer logs in to Facebook. (4)
- Facebook logs in the customer to Salesforce automatically because Salesforce trusts Facebook’s verification. (5)
Salesforce has several auth providers to choose from—more, if you count those auth providers that your developers can configure using the OpenID Connect protocol. And even more—if your developers want to create their own authentication provider, they can use Salesforce APIs to do so.
- From Setup, enter Auth in the Quick Find box, then select Auth. Providers.
- Click New, then select Facebook for the provider type.
- Name the auth provider Facebook.
- For Registration Handler, click Automatically create a registration handler template.
- For Execute Registration As, choose yourself. Heads up: This step is
essential and often gets overlooked.
In production, you don’t choose yourself. You create a service account instead to avoid problems in the future. If you use yourself and leave the company, the process starts to fail when your Salesforce account is disabled.
- For Icon URL, click Choose one of our sample icons, select an icon, copy the URL, and paste it in Icon URL.
- Leave the other fields empty. Salesforce supplies the values, including the consumer key and consumer secret, when you use the Salesforce out-of-the-box providers (Facebook, Google, and so on).
- Click Save.
After defining the auth provider, Salesforce generates several URLs. Use the Test-Only Initialization URL to test your connection with the social network.
- From the auth provider detail page, under Salesforce Configuration, copy
the URL displayed in Test-Only Initialization
- Paste the URL into a browser.
If it works, you get the Facebook login page.
- Log in to the Facebook page.
- When prompted, authorize your app.
You’re redirected to Salesforce, where you see the XML information that Facebook sent us.
This XML information is useful for debugging and adding more functionality to your auth provider. Here we see that the Facebook user is Mel Reynolds, his org ID, link to his Facebook account, and email address.
- From Setup, enter All Communities in the Quick Find box, select All Communities, then click Workspaces next to customers.
- Select Administration, then Login
& Registration and you see that Facebook is
now an option.
- Select Facebook and click Save.
To confirm your change, return to your private (incognito) browser and reload the login page. Check that the Facebook icon appears on the login page.
Try to sign in with a Facebook account. Did you get an error like this one?
Not to worry. We fix it next.
What’s a registration handler?
A registration handler (sometimes called reghandler) creates and updates a user on the fly with identity information pulled from the authentication provider, in this case, Facebook. A registration handler allows you to get additional information from Facebook, like a profile picture, to use when creating the Salesforce user.
We chose the out-of-the-box Facebook registration handler when we selected the Automatically create a registration handler template on the Login & Registration page.
Open the autogenerated registration handler.
- From Setup, enter Auth. in the Quick Find box, then select Auth. Providers.
- Next to the Facebook authentication provider, click Edit.
- Under Registration Handler, click to view the full name of the autocreated registration handler, for example, AutocreatedRegHandler1467402405056.
- From Setup, enter Apex Class in the Quick Find box, then select Apex Classes.
- Next to your registration handler, click Edit.
Yes, it’s code, in the form of an Apex class. If you don’t do code, that’s okay. You don’t have to. You’re just going to do a simple cut and paste to replace this Apex class with the one we provide in the Salesforce Identity Git repository.
Replace the registration handler with the one provided in the GitHub repository.
- In another browser tab, open the registration handler, https://github.com/salesforceidentity/IdentityTrail-Module3/blob/master/SimpleFacebookRegistrationHandler.cls.
- Copy the code from GitHub and paste it over the autogenerated registration handler in Salesforce.
- Click Save.
Now try to log in to Facebook again.
- Return to the private (incognito) browser and reload the login page.
- Click the Facebook icon and then enter your Facebook username and
If you see this page, your Facebook login is working. By choosing to build a community with the Aloha template, your customers are greeted with an app launcher like this one.
The app launcher doesn’t look like much now, but you can add apps for your customers’ convenience. This way, customers can click an icon to get instant access to apps for support, billing, collaboration, and more.