Want to do salesforce.com single sign on?

Single Sign on (SSO) for salesforce.com can take various forms.


The Winter 10 version supports SAML2 for salesforce.com and the Salesforce partner & customer portals. It does not support SAML2 for Salesforce Sites yet. (Scheduled for a coming release).


When setting up SSO here are some issues you should consider:

  • What is your User or Identity store? Is it an internal store such as Active Directory, Oracle access Manager or a Custom LDAP? or do you want to use a cloud based store like Salesforce, or Google to manage your user identification information?
  • Do you have more than one user identity store?
  • Do you want to auto-provision (activate/create) the Salesforce users (Just in time) or do you have an existing provisioning process?
  • Do you want to allow deep linking to URLs? or always force people to login via a “home page” or “dashboard” ?
  • Is SSO for your internal users or your customers/partners.  Do you have separate data stores for each?
  • Do you want users to keep existing usernames & passwords or get a new “single” username/password?
  • Should I use salesforce.com’s Delegated Authentication model or the SAML2 SSO?


Sounds like a lot to think about.


The reality is that there are many variants and solutions to meet your specific requirements.


At WDCi we have been looking at these issues for a while and using our partnership with Ping Identity to provide solutions to  Single Sign-On requirements for Salesforce.com and other systems.


Take a look at the Identity pages on our website or contact us for more information on the right solution for SSO for your company.

Get in touch today to see how we can help you.