Loading
Salesforce now sends email only from verified domains. Read More
Identify Your Users and Manage Access
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            SAML Session Index Support

            You are here:

            1. Salesforce Help
            2. Docs
            3. Identify Your Users and Manage Access

            SAML Session Index Support

            Salesforce supports session index parameters in requests and responses with SAML single logout (SLO). When a user logs out of a connected app registered for SAML SLO, the session index parameter is required to identify which user session to end.

            Required Editions

            Available in: both Salesforce Classic and Lightning Experience
            User Permissions Needed
            To view the settings: View Setup and Configuration
            To edit the settings:

            Customize Application

            AND

            Modify All Data

            As the identity provider, Salesforce generates and sends the session index parameter to the service provider during SAML single sign-on (SSO). Depending on the application initiating SLO, one of these processes occurs.

            • If Salesforce initiates SLO, Salesforce sends the same session index parameter with the logout request to the service provider.
            • If the service provider initiates SLO, Salesforce sends the SAML SLO request to the other service providers participating in the current session. The other service providers post a logout response to Salesforce. Salesforce then returns the logout response to the initiating service provider.

            As the service provider, Salesforce receives and stores the session index parameter sent from the identity provider during SSO. If the identity provider initiates SLO, Salesforce sends a logout response. If Salesforce initiates the SLO, it sends the same session index parameter with the logout request to the identity provider.

            Note
            Note If the identity provider sends more than one session index parameter, Salesforce stores only the first one that it receives. The session index parameter can’t be more than 512 characters.
             
            Loading
            Salesforce Help | Article