Thursday, August 7, 2025

Single Sign-On (SSO) Architecture in Salesforce

 

Single Sign-On (SSO) Architecture in Salesforce

Objective: Enable users to log into Salesforce using enterprise credentials (e.g., Okta, Azure AD, Google Workspace).

🔧 Architecture Components:

  • Identity Provider (IdP): External system that authenticates users (e.g., Okta, ADFS)

  • Service Provider (SP): Salesforce

  • Protocols:

    • SAML 2.0 (most common for enterprise SSO)

    • OIDC / OAuth 2.0 (used for modern/mobile apps)

🧩 Flow (SAML Example):

  1. User clicks login via SSO

  2. Redirects to IdP

  3. IdP authenticates user

  4. SAML Assertion sent back to Salesforce

  5. User is logged in

🔐 Security Best Practices:

  • Use Just-in-Time (JIT) provisioning

  • Enforce Multi-Factor Authentication (MFA)

  • Audit Login History for compliance

No comments: