Loading
Identify Your Users and Manage Access
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Configure a Janrain Authentication Provider

            You are here:

            1. Salesforce Help
            2. Docs
            3. Identify Your Users and Manage Access

            Configure a Janrain Authentication Provider

            Configure Janrain as an authentication provider so your users can log in to Salesforce using their Janrain credentials.

            Required Editions

            Available in: Lightning Experience and Salesforce Classic
            Available in: Enterprise, Performance, Unlimited, and Developer Editions
            User Permissions Needed
            To view the settings: View Setup and Configuration
            To edit the settings:

            Customize Application

            AND

            Manage Auth. Providers

            Setting up a Janrain authentication provider is slightly different from setting up other providers. You don’t use the single sign-on (SSO) URL that you obtain after registering your provider with Salesforce to start the flow. Instead, you use Janrain’s login widget deployed on your site.

            To set up your Janrain provider, follow these steps.

            • Set up a registration handler.
            • Register a Janrain app.
            • Define the Janrain provider in Salesforce.
            • Get the login widget code from Janrain.
            • Create a site to call the login widget.

            See Also

            Set Up a Registration Handler

            To use an authentication provider for single sign-on, you must create a registration handler. The registration handler creates users and updates existing users who access Salesforce via the identity provider. You can set up a registration handler with Apex or Flow Builder. For more information, see Create an Authentication Provider Registration Handler.

            Register a Janrain App

            Sign up for a Janrain account from the Janrain website. After you have your Janrain account, you need the apiKey.

            1. Select Deployment | Sign-in for Web | Handle Tokens.
            2. Copy the apiKey. You need the key later when creating the Janrain provider in Salesforce.
            3. Add Salesforce to the Janrain domain allowlist in your Janrain account at Deployment | Application Settings | Domain Whitelist.

            Define the Janrain Provider in Salesforce

            To create a Janrain provider in Salesforce, you need the Janrain API key.

            1. From Setup, in the Quick Find box, enter Auth. Providers, and then select Auth. Providers | New.
            2. For the provider type, select Janrain.
            3. Enter a name for the provider.
            4. Enter the URL suffix, which is used in the callback URL. For example, if the URL suffix of your provider is MyJanrainProvider, your SSO URL is similar to https://mydomain_login_url or site_url /services/auth/sso/JanrainProvider.
            5. For Consumer Secret, use the Janrain apiKey value.
            6. If you enter a consumer key and consumer secret, the consumer secret is included in SOAP API responses by default. To hide the secret in SOAP API responses, deselect Include Consumer Secret in SOAP API Responses. Starting in November 2022, the secret is always replaced in Metadata API responses with a placeholder value. On deployment, replace the placeholder with your consumer secret as plain text, or modify the value later through the UI.
            7. Optionally, enter a custom error URL for the provider to use to report errors.
            8. Optionally, enter a custom logout URL to provide a destination for users after they log out if they authenticated using the SSO flow. Use this field to direct users to a branded logout page or destination other than the default Salesforce logout page. The URL must be fully qualified with an http or https prefix, such as https://acme.my.salesforce.com.
            9. To use an Apex registration handler, take these steps.
              1. For Registration Handler Type, select Apex.
              2. For Registration Handler, select an existing Apex class that implements the Auth.RegistrationHandler interface. Or, to create an template for the registration handler, click Automatically create a registration handler template. Edit this class later, and modify the default content before using it.
            10. To use a flow for your registration handler, take these steps.
              1. For Registration Handler Type, select Flow.
              2. For Registration Handler, select an existing flow of the Identity User Registration flow type.
              3. Select a default profile. A default profile is required to run the registration handler. If you don't specify a default profile here, set the default profile in the flow itself.

                If you use the Authentication Provider User Registration flow template, the profile that you set here is automatically stored in the defaultProfileId variable.

              4. Select a default account. If you use your authentication provider for Experience Cloud sites, this account stores new internal users.

                If you use the Authentication Provider User Registration flow template, the profile that you set here is automatically stored in the defaultAccountId variable.

            11. For Execute Registration As, select an execution user to run the Apex class or flow. The user must have the Manage Users permission.

              Execute Registration As provides the context in which the registration handler runs. In production, you typically create a system user for the Execute Registration As user. This way, operations performed by the handler are easily traced back to the registration process. For example, if a contact is created, the system user creates it.

            12. To use a portal with your provider, select the portal from the Portal dropdown list.
            13. For Icon URL, add a path to an icon to display as a button on the login page for a site. This icon applies to an Experience Cloud site only. It doesn’t appear on your Salesforce login page or My Domain login URL. Users click the button to log in with the associated authentication provider for the site. Specify a path to your own image, or copy the URL for one of our sample icons into the field.
            14. To use the Salesforce multi-factor authentication (MFA) functionality instead of your identity provider’s MFA service, select Use Salesforce MFA for this SSO provider. This setting triggers MFA only for users who have MFA applied to them directly. For more information, see Use Salesforce MFA for SSO.
            15. Save your work.

            Write down the value of the generated callback URL. You need this URL to complete the Janrain setup.

            Several client configuration parameters are available after configuring Janrain as the authentication provider. Use them for the flowtype value in the callback URL with your Janrain login widget.

            • test—Make sure that the third-party provider is set up correctly. The admin configures a Janrain widget to use flowtype=test, signs in to the third party, and is redirected to Salesforce with a map of attributes.
            • link—Link existing Salesforce users to a third-party account. The user goes to a page with a Janrain widget configured to use flowtype=link, signs in to the third party, signs in to Salesforce, and approves the link.
            • sso—Perform SSO into Salesforce from a third party using third-party credentials. The user goes to a page with a Janrain widget configured to use flowtype=sso and signs in to the third party. The third party creates a user or updates an existing user. Then the third party signs the user into Salesforce as that user.

            Client configuration URLs support additional request parameters that enable you to direct users to log in to specific sites, obtain customized permissions from the third party, or go to a specific location after authenticating.

            Get the Login Widget Code from Janrain

            Get the login widget code from Janrain for your Salesforce org.

            1. From your Janrain account, select Application | Sign-in for Web | Get the Code.
            2. Enter the callback URL value from your Janrain provider information in Salesforce along with the query parameter flowtype=sso as the token URL.
              For example: 
              https://acme.my.salesforce.com/services/authcallback/00DD##############/JanrainApp?flowtype=sso

              For an Experience Cloud site, add the community parameter, and pass it to the login widget as the token URL. For example:

              janrain.settings.tokenUrl='https://acme.my.salesforce.com/services/authcallback/00DD##############/JanrainApp'​+'?flowtype=sso&community='+encodeURIComponent('https://acme.my.site.com/customers');

            Create a Site to Call the Login Widget

            1. Enable Sites.
            2. Create a page, and copy the login widget code to the page.
            3. Create a site, and specify the page that you created as the home page for the site.
             
            Loading
            Salesforce Help | Article