The Federation ID field on the Salesforce User record is used with SAML SSO (Security Assertion Markup Language Single Sign-On) to map Salesforce users to identities in an external identity provider (IdP), such as Okta, Microsoft Entra ID (formerly Azure AD), or Ping Identity. When SAML SSO is configured, the Federation ID serves as the unique identifier that links a Salesforce user account to the corresponding user in the external IdP.
By default, the Federation ID field does not appear on the standard User page layout and cannot be added or modified via the page layout editor. This article explains which user roles can access and edit the Federation ID field in Salesforce.
The Federation ID User field can only be accessed and edited by users who meet one of the following conditions:
Users with the 'Manage Users' system permission can access and edit the Federation ID field. This permission can be granted via a Profile or a Permission Set. You can find the 'Manage Users' permission under System Permissions on the Profile record.
Enabling 'Manage Users' automatically requires the following additional permissions:
Users who are configured as Delegated Administrators can access the Federation ID field for users that fall under the Role specified in their Delegated Administrator configuration under User Administration.
Important: The SAML Federation ID field on the User object can be unintentionally exposed to non-admin users if a custom report type includes the User object with the Federation ID field, and that report type is deployed and accessible. It is not possible to use Field-Level Security (FLS) to restrict the visibility of the Federation ID field on reports — this is a known security consideration. Administrators should carefully review any custom report types that include User object fields to ensure Federation ID is not inadvertently exposed.
000386215

We use three kinds of cookies on our websites: required, functional, and advertising. You can choose whether functional and advertising cookies apply. Click on the different cookie categories to find out more about each category and to change the default settings.
Privacy Statement
Required cookies are necessary for basic website functionality. Some examples include: session cookies needed to transmit the website, authentication cookies, and security cookies.
Functional cookies enhance functions, performance, and services on the website. Some examples include: cookies used to analyze site traffic, cookies used for market research, and cookies used to display advertising that is not directed to a particular individual.
Advertising cookies track activity across websites in order to understand a viewer’s interests, and direct them specific marketing. Some examples include: cookies used for remarketing, or interest-based advertising.