You are here:
Review Single Sign-On Controls
Single Sign-On (SSO) is a foundational security control in Salesforce that enables centralized, enterprise-grade identity management while reducing reliance on local credentials.
Single Sign-On (SSO) is a foundational security control in Salesforce that enables centralized, enterprise-grade identity management while reducing reliance on local credentials. Salesforce supports multiple SSO deployment models, including acting as a service provider, an identity provider, or both through identity provider chaining and cross-org trust relationships.
Properly implemented, SSO strengthens access security by enforcing consistent password standards, multi-factor authentication (MFA), session assurance, and conditional access policies across Salesforce and integrated systems. When SSO is missing or misconfigured, companies experience increased risk of credential compromise, unauthorized access, lateral movement, and reduced visibility into identity posture.
Security Health Review uses configuration signals to assess SSO posture against Salesforce best practices, identifying critical security and business risks.
- Supported SSO Scenarios: Salesforce as the Service Provider Control (Relying Party)
Enables users to authenticate to Salesforce with an external enterprise identity provider (IdP), centralizing authentication and access controls. - Supported SSO Scenarios: Salesforce as Identity Provider Control (OpenID Connect or SAML)
Allows Salesforce to act as the central identity authority for authenticating users to downstream applications.
