Loading
Salesforce now sends email only from verified domains. Read More
Identify Your Users and Manage Access
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Single Sign-On for Salesforce Customer Identity

            You are here:

            1. Salesforce Help
            2. Docs
            3. Identify Your Users and Manage Access

            Single Sign-On for Salesforce Customer Identity

            With single sign-on (SSO) for Salesforce Customer Identity, users can log in to multiple applications with one set of credentials. Depending on your use case, you can configure your site as a service provider or relying party so users can log in with credentials from a third party, such as Google. Or you can set up your site as an identity provider so it can authenticate users for a third-party app. You can also set up SSO between your site and mobile apps.

            Required Editions

            Available in: both Salesforce Classic and Lightning Experience
            Available in: Professional, Enterprise, Unlimited, and Developer Editions
            Note
            Note SSO terms differ depending on which authentication protocols you're using. For more information, see Single Sign-On Terminology.

            Configure single sign-on for these use cases.

            Let Users Log in to Your Site from a Third Party

            When you configure your site as a service provider or relying party, users are logged in to your site from a third-party provider. You can use the SAML authentication protocol to configure your site as a service provider for a third-party identity provider. Or you can use OpenID Connect, which handles both authentication and authorization, or similar protocols to configure your site as the relying party with authentication providers. For example, when users visit your site login page, they see an option to log in with a third party such as Google. When they select this option, they’re redirected to a Google login form where they can enter their credentials. After Google authenticates their credentials, they’re redirected to your site and logged in.

            Let Users Log in to a Third Party with Salesforce Credentials

            If you want users to log in to an external web app using credentials from your site, you can configure your site as an identity provider. For this use case, Salesforce performs authentication. You can configure your site as an identity provider using SAML or you can set up your site as an OpenID provider using the OpenID Connect protocol. With either configuration, your users are able to log in to your web app with their Salesforce credentials.

            Let Users Log In to a Mobile App from Your Site

            If you want your users to access a mobile app from your site without logging in again, configure SSO for mobile apps. For this use case, you can use the Salesforce Mobile Software Development Kit (SDK) to create an app. Then you can use the OAuth protocol to configure your site to point to your app. For example, you create a mobile app for your site so that users can access it from their mobile devices. Set up SSO so that users can access your app with their credentials from your site.

            • Configure Your Experience Cloud Site as a Service Provider or Relying Party
              To let users log in to your Experience Cloud site with credentials from a third-party provider, configure your site as a service provider or relying party. For single sign-on (SSO) authentication only, you can use SAML to configure your site as a service provider. Or, if you want the third party to authenticate users and authorize them to access third-party data, set up an authentication provider to configure SSO with your site as the relying party.
            • Configure Your Experience Cloud Site as an Identity Provider or OpenID Provider
              To let users log in to a third-party service provider with credentials from your Experience Cloud site, configure your site as an identity provider. Depending on the third party you want to integrate, you can use SAML or OpenID Connect as your authentication protocol.
            • Set Up SSO for Mobile Apps
              If you want your users to access a mobile app from your site without logging in again, configure SSO for mobile apps.
             
            Loading
            Salesforce Help | Article