Print this page

Federated Authentication for mobile CRM products

Knowledge Article Number 000176013
You have Federated Authentication SSO in an organization. Can you use SSO for the Salesforce mobile CRM app? 
Federated Authentication does not support mobile CRM products but Delegated Authentication does support Mobile CRM products.

Yes, you can use Federated Authentication (e.g. SAML) and Delegated Authentication (DA) in parallel.

The Mobile CRM product prompts the user for username and password - they give their enterprise password, which is be verified by the DA mechanism - a SOAP message is sent to an endpoint in the enterprise, which validates the username/password.

When SAML is configured, the user (via their browser) hits either a URL at the enterprise Identity Provider (IdP) or, if My Domain is configured, any My Domain URL at Salesforce - e.g. The SAML protocol redirects them for authentication in the enterprise, and sends them to Salesforce with a signed XML message representing that authentication.

The two protocols are orthogonal, and can happily co-exist in a single org.

promote demote