How to Implement Salesforce SSO Using OAuth

Last Updated on January 21, 2022

We need to create the Connect App for Salesforce SSO. A connected app is a framework that enables an external application to integrate with salesforce using APIs and standard protocols, such as SAML, OAuth, and OpenID connect. Connected Apps use these protocols to authenticate, authorize, and provide single sign-on (SSO) for external apps.

The external apps that are integrated with Salesforce can run on the customer success platform, other platforms, devices, or SaaS subscriptions.

For example, when you log in to your Salesforce mobile app and see your data from your Salesforce org, you’re using a connected app.

By capturing metadata about an external app, a connected app tells Salesforce which protocol—SAML, OAuth, and OpenID Connect—the external app uses, and where the external app runs. Salesforce can then grant the external app access to its data, and attach policies that define access restrictions, such as when the app’s access expires. Salesforce can also audit connected app usage.

How Can My Salesforce.Org Use Connected Apps?

Access Data with API Integration
Integrate Service Providers with Salesforce

Access Data with API Integration:

When developers or independent software vendors (ISV) build web-based or mobile applications that need to pull data from your Salesforce org, you can use connected apps as the clients to request this data. To do so, you create a connected app that integrates with Salesforce APIs.

Also Read: How To Connect Pipedrive and Salesforce Integration

Integrate Service Providers with Salesforce:

When Salesforce acts as your identity provider, you can use a connected app to integrate your service provider with your org. Depending on your org’s configuration, you can use one of these methods.

Use a connected app with SAML 2.0 to integrate a service provider with your org. Salesforce supports SAML single sign-on (SSO) when the service provider or the identity provider initiates the flow.

What Role Do I Play with Connected Apps?

To put it simply, developers create and configure authorization flows for connected apps, and admins set policies and permissions to control connected app usage. But there’s much more to each role.

Connected App Developer
Connected App Admin

The steps to use a connected app:

There are some steps you need to follow. These steps are described below:

1. Domain Setup
2. The profile must access User Object
3. Connected App Setup

Domain Setup Steps:

Go to Setup -> Quick find box -> Domain Management -> Click Domains -> Create New Domain (If not exists already)

In my case domain name is : gst-idp-dev-ed

Profile Access User Object

The profile you are using for any user it can be any which has access to the User.

For Example here is one profile “Standard User”. By clicking on this profile you can add users to this profile.

Setup -> Quick find Box -> Profiles -> Standard User profile -> Click Standard Users or any other profile.

Add external users to any profile, for example, I am working on Standard User.

Or while you are creating a user you can assign this profile to User.

Click on Assigned Users

Click on New User and then add users

Or you can create a new custom profile which must access user object and then use it.

Setup -> Quick find Box -> Create new User or Edit Existing User -> Assign Standard User Profile or the Custom Profile you have created.

for custom Go to:

Setup -> Quick find Box -> Profiles -> Create New Profile with Users Access Permission.

Connected App Setup Steps:

Setup -> Quick Find Box -> Manage Apps -> Connected App -> Create Connected App

In my case app label is GST_IDP you can give any name and version.

Details inside Connected App:

Consumer Key and Consumer Secret are generated by Salesforce itself.

GST System Calling API

Access your basic information (id, profile, email, address, phone)
Full access (full)

This URL will be used by GST System.

Selected OAuth Scopes:

Callback URL:

http://{Domain Name}/Account/ExternalLoginCallback

The domain name will be replaced by site URL, using that they will access the application
Ex:
https:// gme-gst-test.bp.com/Account/ExternalLoginCallback

1. This will return Consumer Key and Consumer Secret

2. Then we need to pass consumer key, consumer secret, and domain name to .net API as parameters.

Note: Whenever you do the integration with any other site using API, you need to set the site URL in remote site settings.
If you are searching for experienced salesforce consultants for salesforce development services then please get in touch with us.

Also Read: Benefits of Salesforce Commerce Cloud Implementation

Author Sapna Chandani

I am a proficient Salesforce developer with noteworthy experience in the Salesforce consulting domain. Apart from my Job, what evokes curiosity in me is binge-reading, following technical aficionado’s work, and pondering over astonishing things in this universe.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.