Loading

Federation ID field on User detail page is not visible

Date de publication: May 17, 2026
Description

The Federation ID field on the Salesforce User record is used with SAML SSO (Security Assertion Markup Language Single Sign-On) to map Salesforce users to identities in an external identity provider (IdP), such as Okta, Microsoft Entra ID (formerly Azure AD), or Ping Identity. When SAML SSO is configured, the Federation ID serves as the unique identifier that links a Salesforce user account to the corresponding user in the external IdP.
By default, the Federation ID field does not appear on the standard User page layout and cannot be added or modified via the page layout editor. This article explains which user roles can access and edit the Federation ID field in Salesforce.

Résolution

The Federation ID User field can only be accessed and edited by users who meet one of the following conditions:

Option 1: Grant 'Manage Users' System Permission

Users with the 'Manage Users' system permission can access and edit the Federation ID field. This permission can be granted via a Profile or a Permission Set. You can find the 'Manage Users' permission under System Permissions on the Profile record.
Enabling 'Manage Users' automatically requires the following additional permissions:

  • Reset User Passwords and Unlock Users
  • View All Users
  • Manage Profiles and Permission Sets
  • Assign Permission Sets
  • Manage Roles
  • Manage IP Addresses
  • Manage Sharing
  • View Setup and Configuration
  • Manage Internal Users
  • Manage Password Policies
  • Manage Login Access Policies
  • Manage Two-Factor Authentication in User Interface

Option 2: Use Delegated Administration

Users who are configured as Delegated Administrators can access the Federation ID field for users that fall under the Role specified in their Delegated Administrator configuration under User Administration.

Security Considerations

Important: The SAML Federation ID field on the User object can be unintentionally exposed to non-admin users if a custom report type includes the User object with the Federation ID field, and that report type is deployed and accessible. It is not possible to use Field-Level Security (FLS) to restrict the visibility of the Federation ID field on reports — this is a known security consideration. Administrators should carefully review any custom report types that include User object fields to ensure Federation ID is not inadvertently exposed.



 

Numéro d’article de la base de connaissances

000386215

 
Chargement
Salesforce Help | Article