Step 4: Add Single Sign-On Providers to the Login Page and Test the SSO Connection
After you configure Salesforce as a SAML service provider, add the identity provider to your login page so that users can easily access it. Then, to confirm that users can successfully log in, test your SSO connection.
Required Editions
| Available in: both Salesforce Classic and Lightning Experience |
Federated Authentication is available in: All Editions Delegated Authentication is available in: Professional, Enterprise, Performance, Unlimited, Developer, and Database.com Editions Authentication Providers are available in: Professional, Enterprise, Performance, Unlimited, and Developer Editions |
| User Permissions Needed | |
|---|---|
| To view the settings: | View Setup and Configuration |
| To edit the settings: | Customize Application AND Modify All Data |
These instructions differ depending on whether you’re setting up SSO for internal users (employees) logging into your org or external users (customers and partners) logging into an Experience Cloud site.
- To add your identity provider to your My Domain login page, which makes it available to internal users, see Add Identity Providers to the My Domain Login Page.
- To add your identity provider to your Experience Cloud site login page, which makes it
available to external users, complete these steps.
- From Setup, in the Quick Find box, enter Sites, and then select All Sites.
- Next to the Experience Cloud site, select Workspaces.
- Select Administration, and then select Login & Registration.
- Scroll to Login Page Setup. Here, you can select options to display on the login
page. Select your SAML configuration, and save your changes.When you load your Experience Cloud login page, your identity provider appears as a login option.
- To test your SSO connection for orgs and Experience Cloud sites, complete these
steps.
- Make sure that you’re logged out of the identity provider and your Salesforce org or Experience Cloud site.
- Go to your My Domain or Experience Cloud login page.
- Select the option to log in via your identity provider.Behind the scenes, Salesforce sends a SAML request to your identity provider. The identity provider redirects you to its login page.
- On the identity provider login page, enter your login credentials.The identity provider sends a SAML response, which contains a SAML assertion, to Salesforce. Salesforce validates the SAML response and assertion. If successful, you’re logged in to the identity provider and the service provider, and you’re redirected back to the service provider.
You can complete these steps while you’re already logged in to the identity provider. If you do, the process looks slightly different. When you select the option to log in with your identity provider, a successful SSO login automatically redirects you back to Salesforce.
For more information about how SAML SSO works, see SAML Single Sign-On Flows.
To troubleshoot SSO issues, check out these resources in Salesforce Help.
