Time Estimate

Topics

Learning Objectives

After completing this module, you’ll be able to:
  • Describe what an auth provider is.
  • List the auth providers that come with Salesforce.
  • Configure an auth provider.
  • Describe the value of a registration handler.

Social Sign-On

It’s been this way since before the Beigecoats League was formed. If it’s an option, settlers in the outlying space colonies prefer to use their social account rather than creating a new online account with each website. They can log in once to their favorite social account like ShadowMoon (or one of the old standbys, like Facebook or Google) to access other accounts, such as their email or online banking. By offering social sign-on, you give your customers a convenient and secure experience with Universal Deliveries.

To enable customers to log in to Salesforce with their social credentials, you configure an authentication (auth) provider for the social account. Here’s what your customer experiences when you do.

Social sign-on process

  • A customer encounters a Salesforce login page with options to log in via Google, Facebook, Twitter, as well as username and password. (1)
  • The customer chooses to log in via Facebook credentials. (2)
  • Salesforce redirects the customer to Facebook. (3)
  • The customer logs in to Facebook. (4)
  • Facebook logs in the customer to Salesforce automatically because Salesforce trusts Facebook’s verification. (5)

Salesforce has several auth providers to choose from—more, if you count those auth providers that your developers can configure using the OpenID Connect protocol. And even more—if your developers want to create their own authentication provider, they can use Salesforce APIs to do so.

Create an Authentication Provider

You choose which auth providers can access your Salesforce org from Setup. With a few clicks, you can add the option to log in with one or more social accounts. Here’s how to set up Facebook as an auth provider.
  1. From Setup, enter Auth in the Quick Find box, then select Auth. Providers.
  2. Click New, then select Facebook for the provider type.
  3. Name the auth provider Facebook.
  4. For Registration Handler, click Automatically create a registration handler template.
  5. For Execute Registration As, choose yourself. Heads up: This step is essential and often gets overlooked.

    In production, you don’t choose yourself. You create a service account instead to avoid problems in the future. If you use yourself and leave the company, the process starts to fail when your Salesforce account is disabled.

  6. For Icon URL, click Choose one of our sample icons, select an icon, copy the URL, and paste it in Icon URL.
  7. Leave the other fields empty. Salesforce supplies the values, including the consumer key and consumer secret, when you use the Salesforce out-of-the-box providers (Facebook, Google, and so on).
  8. Click Save.

Auth provider configuration page

After defining the auth provider, Salesforce generates several URLs. Use the Test-Only Initialization URL to test your connection with the social network.

  1. From the auth provider detail page, under Salesforce Configuration, copy the URL displayed in Test-Only Initialization URL.

    Test the auth provider URL

  2. Paste the URL into a browser.

    If it works, you get the Facebook login page.

  3. Log in to the Facebook page.
  4. When prompted, authorize your app.

    You’re redirected to Salesforce, where you see the XML information that Facebook sent us.

This XML information is useful for debugging and adding more functionality to your auth provider. Here we see that the Facebook user is Mel Reynolds, his org ID, link to his Facebook account, and email address.

Output of the auth provider test URL

Log In with Facebook

Now that you’ve created a Facebook authentication provider, let’s return to the Login & Registration page and add Facebook as a login option.
  1. From Setup, enter All Communities in the Quick Find box, select All Communities, then click Workspaces next to customers.
  2. Select Administration, then Login & Registration and you see that Facebook is now an option.

    Facebook option on the login configuration page

  3. Select Facebook and click Save.

To confirm your change, return to your private (incognito) browser and reload the login page. Check that the Facebook icon appears on the login page.

Login page with Facebook logo

Try to sign in with a Facebook account. Did you get an error like this one?

Error logging into Facebook

Not to worry. We fix it next.

Update the Registration Handler

The Facebook login doesn’t work because the out-of-the-box Salesforce registration handler for the Facebook authentication provider doesn’t work. Why? Authentication providers like Facebook frequently change authentication requirements to increase security. No problem. We can update the registration handler on our own.

What’s a registration handler?

A registration handler (sometimes called reghandler) creates and updates a user on the fly with identity information pulled from the authentication provider, in this case, Facebook. A registration handler allows you to get additional information from Facebook, like a profile picture, to use when creating the Salesforce user.

We chose the out-of-the-box Facebook registration handler when we selected the Automatically create a registration handler template on the Login & Registration page.

Open the autogenerated registration handler.

  1. From Setup, enter Auth. in the Quick Find box, then select Auth. Providers.
  2. Next to the Facebook authentication provider, click Edit.
  3. Under Registration Handler, click Magnifying glass to view the full name of the autocreated registration handler, for example, AutocreatedRegHandler1467402405056.
  4. From Setup, enter Apex Class in the Quick Find box, then select Apex Classes.
  5. Next to your registration handler, click Edit.

Registration handler Apex class

Yes, it’s code, in the form of an Apex class. If you don’t do code, that’s okay. You don’t have to. You’re just going to do a simple cut and paste to replace this Apex class with the one we provide in the Salesforce Identity Git repository.

Replace the registration handler with the one provided in the GitHub repository.

  1. In another browser tab, open the registration handler, https://github.com/salesforceidentity/IdentityTrail-Module3/blob/master/SimpleFacebookRegistrationHandler.cls.
  2. Copy the code from GitHub and paste it over the autogenerated registration handler in Salesforce.
  3. Click Save.

Now try to log in to Facebook again.

  1. Return to the private (incognito) browser and reload the login page.
  2. Click the Facebook icon and then enter your Facebook username and password.

    If you see this page, your Facebook login is working. By choosing to build a community with the Aloha template, your customers are greeted with an app launcher like this one.

Log in through Facebook to get to community app launcher

The app launcher doesn’t look like much now, but you can add apps for your customers’ convenience. This way, customers can click an icon to get instant access to apps for support, billing, collaboration, and more.

Community App Launcher
retargeting