Close Menu
SalesforceCodex
    Facebook X (Twitter) Instagram
    Trending
    • Top 10 Salesforce Flow Features of Salesforce Summer ’25
    • Unlock the Power of Vibe Coding in Salesforce
    • How to Implement Dynamic Queueable Chaining in Salesforce Apex
    • How to Implement Basic Queueable Chaining in Salesforce Apex
    • How to Suppress PMD Warnings in Salesforce Apex
    • Top 10 PMD Issues Salesforce Developers Should Focus on in Apex
    • How to Use Graph API for Outlook-Salesforce Connection
    • Enhancing Performance with File Compression in Apex
    Facebook X (Twitter) Instagram
    SalesforceCodex
    Subscribe
    Tuesday, May 20
    • Home
    • Architecture
    • Salesforce
      • News
      • Apex
      • Integration
      • Books Testimonial
    • Questions
    • Certification
      • How to Prepare for Salesforce Integration Architect Exam
      • Certification Coupons
    • Integration Posts
    • Downloads
    • About Us
      • Privacy Policy
    SalesforceCodex
    Home»Salesforce»Certification»Configure SAML Single Sign-on between two Salesforce Orgs

    Configure SAML Single Sign-on between two Salesforce Orgs

    Dhanik Lal SahniBy Dhanik Lal SahniNovember 10, 2020Updated:January 12, 2025No Comments5 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr Email
    Configure SAML Single Sign-on between two Salesforce Orgs
    Share
    Facebook Twitter LinkedIn Pinterest Email

    Single Sign-On is authentication mechanism that enable users to securely authenticate with multiple applications and websites by using one set of credentials.

    SSO works based upon a trust relationship set up between an application, known as the service provider (in this case Salesforce system), and an identity provider, like Salesforce, Gmail, Microsoft etc.

    Identity Providers:

    An identity provider (abbreviated IdP or IDP) is a system entity that creates, maintains, and manages identity information for principals and also provides authentication services to relying applications within a federation or distributed network. Identity providers offer user authentication as a service.

    In our use case, Salesforce will be used as Identity provider.

    Service Providers

    A service provider is a vendor that provides IT solutions and/or services to end users and organizations. In our case, Salesforce is Service provider which gives CRM as a service.

    Salesforce offers following ways to use Single Sign-on.

    • Federated authentication using Security Assertion Markup Language (SAML)
      1. Federated authentication uses SAML, an industry standard for secure integrations.
      2. Federated Authentication lets us send authentication and authorization data between affiliated but unruled web services.
      3. User credential is not validated at service provider, it is validate at identity provider. Identity provider gives detail about user auth detail to service provider.
      4. Service provider will load data based on auth detail.
      5. This can be used by enterprise to login into different sub sytem using one set of credential. This reduced lot of time and it is more secure.
    Salesforce SAML Process | SAML Request
    • Delegated authentication SSO:
      1. In delegate authentication, one system is relying on another system to validate user credential. Like we can configure Salesforce org to rely on LDAP (Lightweight Directory Access Protocol).
      2. This can be used where organization system is access from less secure areas like public system, mobiles etc.
      3. Username and password is still being sent over internet so it is less secure than Federated authentication.

    Single Sign-on Benefits:

    1. Reduces password fatigue
    2. Reduces security risks for your customers, vendors, and partner entities
    3. Simplifies username and password management
    4. Improves identity protection
    5. Increases speed where it is most needed
    6. Relieves help desk workloads

    Setting Up Single Sign-on between two Salesforce Orgs:

    Many organization has multiple orgs to handle business. There we can setup single-on between those Salesforce Orgs. One Salesforce orgs will be service provider (SP) and second Salesforce Orgs will be identity provider (IP).

    Let us setup single sign-on between two Salesforce orgs. Below steps will be required to setup single sign-on.

    1. Set up My Domain in both Salesforce Orgs
    2. IP -> Enable Identity providers and create Certificate
    3. IP->Create connected app
    4. SP->Single Sign-On Setting based on certificate metadata URL
    5. SP->Add Single Sign-on setting in my domain
    6. Setup Users in both SP and IP

    1. Set up My Domain in both Salesforce Orgs

    My domain will help us in branding our Salesforce orgs. Enabling my domain is also required for

    1. for working in multiple Salesforce orgs in the same browser
    2. setting up single sign-on for external identity vendors
    3. setting up authentication providers like google, facebook etc
    4. setting up lighting components as tab or standalone apps

    By default my domain is already activate in new Salesforce orgs. In case, it is not enabled then go to Setup->My Domain and enable it.

    Save both Salesforce orgs domain url. We required these in next steps.

    2. IP -> Enable Identity providers and Create Certificate

    Enable Salesforce.com as identity provider so that we can use as single sign-on with other sites or Salesforce orgs.

    To enable it go to Setup->Identity Provider- Click on Enable Identity Provider button.

    Once identity provider is enabled for Identity Provider Salesforce org, create certificate on same screen. Select SelfSignedCert in drop down and save it.

    Salesforce IDP

    It will create a certificate like below. Generated metadata URL will be used create single sign-on setting in service provider.

    Salesforce Certificate

    3. IP->Create connected app

    Create connected app in Identity Provider Salesforce org so that this can be used in service provider org for integration. Use below setting for connected app. We have to setup these information in web app settings section of connected app.

    1. Connected app name : Salesforce SSO Test
    2. Entity Id – Add Service provide Salesforce org domain URL
    3. ACS URL : Add Service provide Salesforce org domain URL
    4. Subject Type : Federation Id
    5. Issuer : Add Identity provider Salesforce Org domain URL

    Rest setting will be default setting.

    Salesforce Connected App

    4. SP->Single Sign-On Setting based on metadata URL

    Now setup single sign-on setting in service provide Salesforce Org. To setup single sign-on go to Setup->Single Sign-On Settings. Click New from Metadata URL to create single sign-on setting for identity provider.

    Provide metadata URL which we got while creating certificate in step2 (highlighted in image). Based on metadata URL, it will automatically create single sign-on setting.

    SAML In Salesforce

    Just change SAML identity type, it should be Assertion contains the Federation Id the user objects ( as highlighted).

    5. SP->Add Single Sign-on setting in my domain

    Once single sign-on is setup. Now setup generated single sign-on setting in service provider login screen. As we have setup single sign-on name as gmailcomidentity-dev-ed, it will appear in authentication configuration screen. Select gmailcomidentity-dev-ed and save it, now this single sign-on option will appear on login screen of service provider Salesforce org.

    Single Sign-on in Salesforce

    6. Setup Users in both SP and IP

    Now setup user in both identity provider Salesforce org and service provider Salesforce org. Setup Federation Id in both Salesforce orgs. I have setup my user email ‘salesforcecodex@*****.com’ in both org’s user records. Similar to below image, setup Federation id in your orgs.

    Test Video:

    Single Sign-on| SAML in Salesforce

    Session Video:

    References:

    https://help.salesforce.com/articleView?id=connected_app_overview.htm&type=0

    Related Posts

    1. Automating data synchronization between Salesforce and Amazon Seller
    2. AWS Signature 4 Signing in Salesforce
    3. Download the S3 File in Salesforce using AWS Signature Version 4.0
    4. Use Named Credential to Upload File in S3

    certification connected app integration integration architecture OpenId salesforce SAML Single sign-on SSO
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleStop deselecting lightning-dual-listbox list
    Next Article Difference between Salesforce WSDL Files
    Dhanik Lal Sahni
    • Website
    • Facebook
    • X (Twitter)

    With over 18 years of experience in web-based application development, I specialize in Salesforce technology and its ecosystem. My journey has equipped me with expertise in a diverse range of technologies including .NET, .NET Core, MS Dynamics CRM, Azure, Oracle, and SQL Server. I am dedicated to staying at the forefront of technological advancements and continuously researching new developments in the Salesforce realm. My focus remains on leveraging technology to create innovative solutions that drive business success.

    Related Posts

    By Dhanik Lal Sahni6 Mins Read

    Top 10 Salesforce Flow Features of Salesforce Summer ’25

    May 11, 2025
    By Dhanik Lal Sahni6 Mins Read

    Unlock the Power of Vibe Coding in Salesforce

    April 30, 2025
    By Dhanik Lal Sahni5 Mins Read

    How to Implement Dynamic Queueable Chaining in Salesforce Apex

    April 21, 2025
    Add A Comment
    Leave A Reply Cancel Reply

    Ranked #1 SALESFORCE DEVELOPER BLOG BY SALESFORCEBEN.COM
    Featured on Top Salesforce Developer Blog By ApexHours
    Recent Posts
    • Top 10 Salesforce Flow Features of Salesforce Summer ’25
    • Unlock the Power of Vibe Coding in Salesforce
    • How to Implement Dynamic Queueable Chaining in Salesforce Apex
    • How to Implement Basic Queueable Chaining in Salesforce Apex
    • How to Suppress PMD Warnings in Salesforce Apex
    Ranked in Top Salesforce Blog by feedspot.com
    RSS Recent Stories
    • How to Connect Excel to Salesforce to Manage Your Data and Metadata February 9, 2025
    • Difference Between With Security and Without Security in Apex January 2, 2025
    • Top Reasons to Love Salesforce Trailhead: A Comprehensive Guide December 5, 2024
    • How to Utilize Apex Properties in Salesforce November 3, 2024
    • How to Choose Between SOQL and SOSL Queries July 31, 2024
    Archives
    Categories
    Tags
    apex (110) apex code best practice (8) apex rest (11) apex trigger best practices (4) architecture (22) Asynchronous apex (9) AWS (5) batch apex (9) batch processing (4) code optimization (8) code review tools (3) custom metadata types (5) design principle (9) einstein (3) flow (15) future method (4) google (6) google api (4) integration (19) integration architecture (6) lighting (8) lightning (64) lightning-combobox (5) lightning-datatable (10) lightning component (29) Lightning web component (61) lwc (50) named credential (8) news (4) optimize apex (3) optimize apex code (4) Permission set (4) Queueable (9) rest api (23) S3 Server (4) salesforce (140) salesforce apex (46) salesforce api (4) salesforce api integration (5) Salesforce Interview Question (4) salesforce news (5) salesforce question (5) solid (6) tooling api (5) Winter 20 (8)

    Get our newsletter

    Want the latest from our blog straight to your inbox? Chucks us your detail and get mail when new post is published.
    * indicates required

    Ranked #1 SALESFORCE DEVELOPER BLOG BY SALESFORCEBEN.COM
    Featured on Top Salesforce Developer Blog By ApexHours
    Recent Posts
    • Top 10 Salesforce Flow Features of Salesforce Summer ’25
    • Unlock the Power of Vibe Coding in Salesforce
    • How to Implement Dynamic Queueable Chaining in Salesforce Apex
    • How to Implement Basic Queueable Chaining in Salesforce Apex
    • How to Suppress PMD Warnings in Salesforce Apex
    Ranked in Top Salesforce Blog by feedspot.com
    RSS Recent Stories
    • How to Connect Excel to Salesforce to Manage Your Data and Metadata February 9, 2025
    • Difference Between With Security and Without Security in Apex January 2, 2025
    • Top Reasons to Love Salesforce Trailhead: A Comprehensive Guide December 5, 2024
    • How to Utilize Apex Properties in Salesforce November 3, 2024
    • How to Choose Between SOQL and SOSL Queries July 31, 2024
    Archives
    Categories
    Tags
    apex (110) apex code best practice (8) apex rest (11) apex trigger best practices (4) architecture (22) Asynchronous apex (9) AWS (5) batch apex (9) batch processing (4) code optimization (8) code review tools (3) custom metadata types (5) design principle (9) einstein (3) flow (15) future method (4) google (6) google api (4) integration (19) integration architecture (6) lighting (8) lightning (64) lightning-combobox (5) lightning-datatable (10) lightning component (29) Lightning web component (61) lwc (50) named credential (8) news (4) optimize apex (3) optimize apex code (4) Permission set (4) Queueable (9) rest api (23) S3 Server (4) salesforce (140) salesforce apex (46) salesforce api (4) salesforce api integration (5) Salesforce Interview Question (4) salesforce news (5) salesforce question (5) solid (6) tooling api (5) Winter 20 (8)

    Get our newsletter

    Want the latest from our blog straight to your inbox? Chucks us your detail and get mail when new post is published.
    * indicates required

    Facebook X (Twitter) Instagram Pinterest YouTube Tumblr LinkedIn Reddit Telegram
    © 2025 SalesforceCodex.com. Designed by Vagmine Cloud Solution.

    Type above and press Enter to search. Press Esc to cancel.

    Ad Blocker Enabled!
    Ad Blocker Enabled!
    Our website is made possible by displaying online advertisements to our visitors. Please support us by disabling your Ad Blocker.