#SSO1 discussing

Hello All,

Context : We have implemented B2B experience cloud portal for our B2B clients. Clients (external users) connects to the portal via SSO (Auth0 and internal IDP). Inside portal, we have embedded different portals (not Salesforce and which are accessible via SSO i.e. client can switch from portal to portal and no need to provide Username and Password) as well as Widgets (using iFrames) and API callouts (wherein we use JWT token returned by Auth0 for connected client).  Also there are functionalities per client in the front ex. mark some items favorite, add some records in his/her watchlist etc..). 

Now we have below requirement : 

We want our sales(internal user) to connect as Client(external user) via SSO and MUST have same view as Client in the portal.  

I can't use standard functionality "Log in to Experience as User" because it initiate another session by Salesforce and not SSO. Hence I can't access other portals, widgets and make API callouts. 

Any ideas/suggestions ? What could be another workaround ? 

#Salesforce Identity #SSO #Openidconnect #Experience Cloud #External Community Users #Internal Users 

FYI @Christophe Bouchet  

Thank you in advance for your help. 

Best regards,

Onkar Dhane. 

Hello!  My org uses SSO with Delegated Authentication.  Some users randomly report receiving an error when logging in: "We can't log you in because of an issue with single sign on."  Looking into the Delegated Authentication Error History, all it says is "java.net.MalformedURLException".  Other users with SSO enabled do not see the error.  This can happen while on the company network or VPN.  Any advice is appreciated as I'm new to SSO authentication.

We have enforced SSO for our users. When a user authenticates with Salesforce using an external application such as workbench or a google sheet connector they login using the custom domain and Microsoft Azure SSO login button.

The login history suggests differently, and says they are logging in using 'login.salesforce.com'. For such a login I would expect to see our custom domain.

Here are the logins highlighted in green where I would expect to the login URL as the custom domain

Am i misunderstanding the login history?

#Security #Identity & Access Management #SSO

My single sign on shows two different expiration date.

When I checked the SAML Single Sign On settings page in setup, for the field 'Identity Provider Certificate', It shows the following value 'CN=Microsoft Azure Federated SSO Certificate

Expiration: 4 Jul 2026 13:10:37 GMT'

I then opened the certificate itself, present on the field Request Signing Certificate, it says that the expiration date is in 2024.

Which is the true expiration date?

I checked with my Identity Provider team, they said it is 2026, but want to double check why it is showing 2024 in SF.

#SSO  #SSO Setup  #Single Sing-on  #Security  #Identity & Access Management

Hello, I am preparing to implement MFA to anticipate SF's enforcement actions planned for Spring '24.

In my org, some users use SSO to connect. To my knowledge, their SSO does not include MFA.

How should I proceed ?

1. Should I enable MFA for all users (including SSO ones) ? If yes - how will SSO users be impacted ?

or

2. Should I enable MFA from users who use direct login and waive MFA for SSO users ?

Thank you so much in advance for your answers.

#MFA - Getting Started #MFA #SSO #Spring24 

I want to reset password for User but I am getting message 'Passwords cannot be reset for Single Sign-On Users' . When I try to forgot password .I received a link on mail to reset password but after on clciking on it I get error  .'Passwords cannot be reset for Single Sign-On Users. For help with resetting your password, please Contact your company's administrator for assistance'

How to reset a password for user. I have checked various articles but no help.

#Salesforce #Salesforce Developer #SSO #Sales Cloud

Hi Folks,

One of our clients is planning to remove SSO from their ORG. I do not see any form of guide to remove SSO from an ORG. All I see are guides and trailheads on how to enable SSO and how to disable login from my domain. Any help is appreciated.

Thanks,

Sanam

#SSO #Single Sing-on

I created a new self signed certificate for to replace our expiring one. 

I replaced the expiring cert with the new one on the SAML Single Sign-On Settings page in

fields Request Signing Certificate and Assertion Decryption Certificate. They both show the new certificate. 

However, when I go to Setup > Certificate and Key Management page, the expiring certificate does not have the Delete action. Does this mean it wasn't successfully replaced? It has been two days. 

#Security #SSO

Our instance will be refreshed next month, and we will have a new instance.  We're already searching for hard coded references to the old instance and we use my domain.  But we use Single Sign On extensively and we need it to work after the refresh. 

We use Single Sign On, will that be affected by the instance refresh?  Will we need to create a new Single Sign On setup after the instance refresh?  We use Azure for our SSO. 

#SSO #Instance Refresh:

Hello!  I've seen this question asked before but am struggling to find a clear response.  We have been using My Domain for a while and use Okta for authentication.  Since our instance already ends with .my.salesforce.com and that is what is used with Okta, should we plan for an alternative way to login once Enhanced Domains is enabled?  I don't want to be locked out of my org but don't want to spend time working through a secondary authentication method if it's unnecessary.  Thank you! #EnhanceDomain #SSO #Salesforce Admin #Salesforce Developer