Single Sign-On (SSO) Architecture in Salesforce
Objective: Enable users to log into Salesforce using enterprise credentials (e.g., Okta, Azure AD, Google Workspace).
🔧 Architecture Components:
-
Identity Provider (IdP): External system that authenticates users (e.g., Okta, ADFS)
-
Service Provider (SP): Salesforce
-
Protocols:
-
SAML 2.0 (most common for enterprise SSO)
-
OIDC / OAuth 2.0 (used for modern/mobile apps)
-
🧩 Flow (SAML Example):
-
User clicks login via SSO
-
Redirects to IdP
-
IdP authenticates user
-
SAML Assertion sent back to Salesforce
-
User is logged in
🔐 Security Best Practices:
-
Use Just-in-Time (JIT) provisioning
-
Enforce Multi-Factor Authentication (MFA)
-
Audit Login History for compliance
