Loading
Salesforce now sends email only from verified domains. Read More
Identify Your Users and Manage Access
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            FAQs for Delegated Authentication

            You are here:

            1. Salesforce Help
            2. Docs
            3. Identify Your Users and Manage Access

            FAQs for Delegated Authentication

            Review these frequently asked questions (FAQs) to help you implement and troubleshoot delegated authentication.

            Required Editions

            Available in: both Salesforce Classic and Lightning Experience
            Available in: Professional, Enterprise, Performance, Unlimited, Developer, and Database.com Editions
            Are there any requirements for implementing my web service?
            Your org’s implementation of the web service must be accessible by Salesforce servers, so deploy the web service on a server in your DMZ. Remember to use your server’s external DNS name when entering the delegated gateway URL in Single Sign-On Settings.
            For security reasons, make your web service available by TLS. A certificate from a trusted provider, such as Verisign or Thawte, is required. For a list of trusted providers, contact Salesforce.
            Are there special mapping considerations?
            Map your org’s internal usernames to your Salesforce usernames. If your org doesn’t follow a standard mapping, extend your user database schema to include the Salesforce username as an attribute of a user account. Your authentication service can then use this attribute to map back to a user account.
            Namespaces, element names, and capitalization must be exact in SOAP requests. Wherever possible, generate your server stub from the WSDL file to ensure accuracy.
            How are passwords reset when delegated authentication has been implemented?
            Password reset is disabled for delegated authentication because Salesforce no longer manages user passwords. Users who try to reset their passwords in Salesforce are directed to their Salesforce admin.
            Where can I view delegated authentication errors?
            Admins with the Modify All Data permission can view the 21 most recent login errors for your Salesforce org. From Setup, in the Quick Find box, enter Delegated Authentication Error History, then select Delegated Authentication Error History. For each failed login, you can view the user's username, login time, and the error.
             
            Loading
            Salesforce Help | Article