Salesforce Developer Security Authentication Federated Auth


// Salesforce - Developer - Security - Federated Authentication Flows:

In federated single sign-on there are two parties, which will be referred to as 

1. The identity provider, or IDP, is the service which stores and confirms 

2. The service provider, or SP, is the service a user would want to access which 
   needs identity confirmation from the IDP.

Salesforce has the ability to act as either the SP, the IDP, or in some complex 
situations both. For example you may have one primary Salesforce org which acts 
as the IDP for several smaller Salesforce orgs but also acts as the SP for an 
active directory IDP. In fact this scenario existed internally at Salesforce for 
some time.

Here are the most common single sign-on flows that Salesforce supports:

1. SP initiated SSO where the user logs in to the service and it reaches out to 
   the IDP for identity confirmation.

2. IDP initiated SSO where the user logs in to the identity provider and it 
   forwards the identity confirmation to the service (along with the user).
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License