Want to do salesforce.com single sign on?

Single Sign on (SSO) for salesforce.com can take various forms.


The Winter 10 version supports SAML2 for salesforce.com and the Salesforce partner & customer portals. It does not support SAML2 for Salesforce Sites yet. (Scheduled for a coming release).


When setting up SSO here are some issues you should consider:

  • What is your User or Identity store? Is it an internal store such as Active Directory, Oracle access Manager or a Custom LDAP? or do you want to use a cloud based store like Salesforce, or Google to manage your user identification information?
  • Do you have more than one user identity store?
  • Do you want to auto-provision (activate/create) the Salesforce users (Just in time) or do you have an existing provisioning process?
  • Do you want to allow deep linking to URLs? or always force people to login via a “home page” or “dashboard” ?
  • Is SSO for your internal users or your customers/partners.  Do you have separate data stores for each?
  • Do you want users to keep existing usernames & passwords or get a new “single” username/password?
  • Should I use salesforce.com’s Delegated Authentication model or the SAML2 SSO?


Sounds like a lot to think about.


The reality is that there are many variants and solutions to meet your specific requirements.


At WDCi we have been looking at these issues for a while and using our partnership with Ping Identity to provide solutions to  Single Sign-On requirements for Salesforce.com and other systems.


Take a look at the Identity pages on our website or contact us for more information on the right solution for SSO for your company.