Loading
Salesforce now sends email only from verified domains. Read More
Identify Your Users and Manage Access
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Single Sign-On for Portals and Sites

            You are here:

            1. Salesforce Help
            2. Docs
            3. Identify Your Users and Manage Access

            Single Sign-On for Portals and Sites

            You can configure single sign-on (SSO) for portals and Sites. Keep in mind that customer and partner portals aren't available for new orgs as of the Summer ’13 release. Use Experience Cloud sites instead.

            Required Editions

            Available in: both Salesforce Classic and Lightning Experience

            Federated Authentication is available in: All Editions

            Delegated Authentication is available in: Professional, Enterprise, Performance, Unlimited, Developer, and Database.com Editions

            Authentication Providers are available in: Professional, Enterprise, Performance, Unlimited, and Developer Editions

            If you continue to use portals and Sites, be aware of these requirements.

            • You can use only SAML version 2.0 with portals and Sites.
            • Only customer portals and partner portals are supported.
            • Service provider initiated login isn’t supported.
            • For portals, the portal_id and organization_id attributes are required. If only one is specified, the user receives an error.
            • For Sites, the portal_id, organization_id, and siteUrl attributes are required. If only one is specified, the user receives an error.
            • For portals, if both portal_id and organization_id attributes are populated in the SAML assertion, the user is directed to that portal login. If neither is populated, the user is directed to the regular SAML Salesforce login.
            • For Sites, if all the portal_id, organization_id and siteUrl attributes are populated in the SAML assertion, the user is directed to that Sites login. If the siteUrl isn’t populated and the other two are, the user is directed to the portal login.
            • You can use multiple portals with a single org.

            When enabling identity providers and defining service providers for portals or Sites, note these considerations.

            • When defining a service provider, if the Subject Type is Username, the Salesforce organization ID is prepended to the user name in the SAML assertion. For example, if the user is jDeoint@WFC.com, the subject for the SAML assertion contains 00DE0000000FFLT@jDeoint@WFC.com. If the Subject Type is Federation ID, the exact federation ID is used.
            • The attribute is_portal_user included in the SAML assertion generated by Salesforce contains values. Consider sharing this example with your service provider. 
              <saml:Attribute Name="is_portal_user" 
   NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
      <saml:AttributeValue 
         xmlns:xs="http://www.w3.org/2001/XMLSchema" 
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
         xsi:type="xs:anyType">true
      </saml:AttributeValue>
</saml:Attribute>

            Enable Single Sign-On for Portals

            You can set up portals to use SAML single sign-on (SSO). However, customer portals and partner portals aren't available for new orgs as of the Summer ’13 release. Use Experience Cloud sites instead.

            Required Editions

            Available in: Salesforce Classic
            Available in: Enterprise, Performance, Unlimited, and Developer Editions
            User Permissions Needed
            To view the settings: View Setup and Configuration
            To edit the settings:

            Customize Application

            AND

            Modify All Data
            1. Set up either a customer or partner portal.
              In addition to the SAML sign-on information that you must gather and share with your identity provider, give your information provider the following information: your Org ID, and your Portal ID. Add the following attributes to the SAML assertion sent from your identity provider: organization_id, portal_id
            2. Get the values for org ID and portal ID from Setup.
              1. From Setup, in the Quick Find box, enter Company Information, then select Company Information and copy the ID located in Salesforce Organization ID.
              2. For the Customer Portal, from Setup, in the Quick Find box, enter Customer Portal Settings, then select Customer Portal Settings. Click the name of the Customer Portal, and then copy the ID located in Portal ID. For partner portals, from Setup, in the Quick Find box, enter Partners, then select Settings. Click the name of the partner portal, and copy the ID located in Salesforce Portal ID.

            Enable Single Sign-On for Sites

            You can set up portals to use SAML single sign-on (SSO). However, you must set up a portal to enable Sites. Customer portals and partner portals are not available for new orgs as of the Summer ’13 release. Use Communities instead.

            Required Editions

            Available in: both Salesforce Classic and Lightning Experience
            Available in: Developer, Enterprise, Performance, and Unlimited Editions
            User Permissions Needed
            To create and edit Salesforce Sites:

            Customize Application

            OR

            Create and Set Up Experiences
            1. Set up either a customer or partner portal.
            2. Set up your Sites.
            3. If you are using a customer portal, set up your Sites to use the customer portal.
            4. In addition to the SAML sign-on information that you must gather and share with your identity provider, give your information provider the following information.
              • Org ID
              • Portal ID
              • Sites URL
            5. Add the following attributes to the SAML assertion sent from your identity provider.
              • organization_id
              • portal_id
              • siteurl
            6. Get the values for org ID, portal, and Sites URL from Setup.
              1. From Setup, in the Quick Find box, enter Company Information, then select Company Information, and copy the ID located in Salesforce Organization ID.
              2. For the Customer Portal, from Setup, in the Quick Find box, enter Customer Portal Settings, then select Customer Portal Settings. Click the name of the Customer Portal, and then copy the ID located in Portal ID.

                For partner portals, from Setup, in the Quick Find box, enter Partners, then select Settings. Click the name of the partner portal, and copy the ID located in Salesforce Portal ID.

              3. From Setup, in the Quick Find box, enter Custom URLs, then select Custom URLs.

            Salesforce automatically provides SSO for Sites using SAML when your company’s identity provider initiates login.

            To use SAML for Sites when a service provider initiates login, create a Visualforce page that provides a redirect to your server. Here’s an example.

            <apex:page showHeader="false" sidebar="false">
 <script>
     var PingSpURL = "https://my.pingserver.com:9031/idp/startSSO.ping?PartnerSpId=salesforce.com.sp";
     var siteLoginPage = "&TargetResource={!$Site.CurrentSiteUrl}siteLogin?startUrl={!$Site.OriginalUrl}";
     window.location = PingSpURL+siteLoginPage;
 </script>
</apex:page>
             
            Loading
            Salesforce Help | Article