Want to do salesforce.com single sign on?

Single Sign on (SSO) for salesforce.com can take various forms.

The Winter 10 version supports SAML2 for salesforce.com and the Salesforce partner & customer portals. It does not support SAML2 for Salesforce Sites yet. (Scheduled for a coming release).

When setting up SSO here are some issues you should consider:

• What is your User or Identity store? Is it an internal store such as Active Directory, Oracle access Manager or a Custom LDAP? or do you want to use a cloud based store like Salesforce, or Google to manage your user identification information?
• Do you have more than one user identity store?
• Do you want to auto-provision (activate/create) the Salesforce users (Just in time) or do you have an existing provisioning process?
• Do you want to allow deep linking to URLs? or always force people to login via a “home page” or “dashboard” ?
• Is SSO for your internal users or your customers/partners.  Do you have separate data stores for each?
• Do you want users to keep existing usernames & passwords or get a new “single” username/password?
• Should I use salesforce.com’s Delegated Authentication model or the SAML2 SSO?

Sounds like a lot to think about.

The reality is that there are many variants and solutions to meet your specific requirements.

At WDCi we have been looking at these issues for a while and using our partnership with Ping Identity to provide solutions to  Single Sign-On requirements for Salesforce.com and other systems.

Take a look at the Identity pages on our website or contact us for more information on the right solution for SSO for your company.