Loading
Salesforce now sends email only from verified domains. Read More
Identify Your Users and Manage Access
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Salesforce as a SAML Identity Provider

            You are here:

            1. Salesforce Help
            2. Docs
            3. Identify Your Users and Manage Access

            Salesforce as a SAML Identity Provider

            Set up single sign-on (SSO) by using your Salesforce org or Experience Cloud site as a SAML identity provider for an external service provider, such as Google Apps. In this SSO configuration, users log in to the service provider with their Salesforce credentials. To set up this configuration, enable Salesforce as an identity provider and integrate your service provider using the external client apps framework or the connected apps framework.

            Required Editions

            Available in: both Salesforce Classic and Lightning Experience
            Available in: Developer, Enterprise, Performance, Unlimited, and Database.com Editions
            User Permissions Needed
            Define and modify identity providers and service providers: Customize Application
            Important
            Important Connected apps creation is restricted as of Spring ‘26. You can continue to use existing connected apps during and after Spring ‘26. However, we recommend using external client apps instead. If you must continue creating connected apps, contact Salesforce Support.

            See New connected apps can no longer be created in Spring ‘26 for more details.

            For example, you build a custom Your Benefits web app that implements SAML for user authentication. You want your users to be able to log in to this app with their Salesforce credentials. To set up this SSO flow, configure the Your Benefits web app as a Salesforce external client app or connected app. Define your Salesforce org as the SAML identity provider for the app. Your users can now log in to the Your Benefits web app with their Salesforce credentials.

            To set up this SSO configuration, follow these instructions.

            1. Enable Salesforce as an identity provider.
            2. Complete prerequisites for integrating service providers.
            3. Integrate your service provider as a SAML-enabled app.
            4. Map Salesforce users to the service provider.

            For detailed instructions on configuring SSO for specific service providers, see examples for setting up SSO with external service providers.

            Salesforce supports identity provider-initiated login and service provider-initiated login for SAML. For service provider-initiated login, Salesforce supports forced authentication requests. For more information about these login flows, see SAML SSO Flows.

            Steps, Examples, and More Information

            See these links for information related to setting up SSO with Salesforce as a SAML identity provider.

            • Enable Salesforce as a SAML Identity Provider
              You can configure Salesforce as a single sign-on (SSO) SAML identity provider to external service providers. When your org acts as a SAML identity provider, users can access multiple apps with a single login. To get started with this configuration, enable Salesforce as an identity provider and share configuration information with your service provider.
            • Complete Prerequisites for SAML Service Provider Integration
              Before integrating a service provider with Salesforce, enable your org as an identity provider and exchange SAML single sign-on (SSO) information with your service provider.
            • Integrate Service Providers as SAML-Enabled Apps
              To configure SAML single sign-on (SSO) with Salesforce as an identity provider, integrate a service provider by using the external client apps framework or the connected apps framework. With this SSO configuration, users log in to the service provider by using the same credentials that they use to log in to your Salesforce org or Experience Cloud site. To change your service provider details, edit your app. Control which users can access your app by managing profiles and permission sets.
            • Map Salesforce Users to the SAML Service Provider
              To ensure that your SAML service provider can recognize Salesforce users when they log in with single sign-on (SSO), update user information in Salesforce. Provide user identifiers that the service provider recognizes.

            See Also

             
            Loading
            Salesforce Help | Article