Salesforce Developer Security Authentication Federated Auth
// Salesforce - Developer - Security - Federated Authentication Flows:
In federated single sign-on there are two parties, which will be referred to as
follows:
1. The identity provider, or IDP, is the service which stores and confirms
identities.
2. The service provider, or SP, is the service a user would want to access which
needs identity confirmation from the IDP.
Salesforce has the ability to act as either the SP, the IDP, or in some complex
situations both. For example you may have one primary Salesforce org which acts
as the IDP for several smaller Salesforce orgs but also acts as the SP for an
active directory IDP. In fact this scenario existed internally at Salesforce for
some time.
Here are the most common single sign-on flows that Salesforce supports:
1. SP initiated SSO where the user logs in to the service and it reaches out to
the IDP for identity confirmation.
2. IDP initiated SSO where the user logs in to the identity provider and it
forwards the identity confirmation to the service (along with the user).
page revision: 0, last edited: 01 Jan 2017 23:02