You need to sign in to do that
Don't have an account?
Federated SAML SSO
HI All,
we are using ping identity provider for SSO . it would be great if you can answer some of my question :
1.) For SAML SSO configurations, which SAML profiles and bindings will be used (e.g. SP-Initiated-SSO-Post-Post etc.)
2.) Does SFDC integration needs any back-channel communication ? (e.g. Artifact resolution or other SOAP communication)
3.) Need set of user attributes that IdP need to send in an assertion to SFDC .
4.) How sandbox SSO configuration is defined - Does it rely on PROD Federation setup or do we need to configure new dedicated Federation setup with each QA, Test, Dev sandbox .
5.) In identity provider side do we have to set up IDP Role and SP role both for SSO outlook integration ?
Regards,
Neha
Hello Neha,
This is big list of questions :) I would suggest you to first refer following help documents and come back if you have any questions:
http://wiki.developerforce.com/page/Single_Sign-On_with_SAML_on_Force.com
http://ap1.salesforce.com/help/doc/en/sso_saml.htm
Thnks for your reply .
I have checked these links and all the doubts are clear , only one question is left . Actually we are using ping identity provider and
1.) In below link from sales force documentation it is mentioned that for sales force for outlook SSO is not supported in case of online identity management server :
https://login.salesforce.com/help/doc/en/outlookcrm_sys_req.htm
So can we use ping in this senerio .
2.) In below document we have two use cases , secondary use case include outlook case. But in the configuration set up which includes outlook case they provided only delegated authentication only (below is the document from ping identity): Page No : 6-8
https://documentation.pingidentity.com/download/attachments/6755157/Salesforce_Quick_Connection_Guide.pdf?version=1&modificationDate=1307041290700
Can we use federated for outlook sso integration ?
Hello,
Ans1. Yes you can use any other identity provider like Ping.
Ans2. Yes you can use federated for outlook sso integration. Salesforce.com supports both delegated authentication and Security Assertion Markup Language (SAML) requirements for Salesforce for Outlook. When using delegated authentication, users need to log into Salesforce the first time they use Salesforce for Outlook. When using SAML for Salesforce for Outlook, My Domain is required.
You can also refer: http://developer.force.com/cookbook/recipe/implementing-single-sign-on-for-clients
>we are using ping identity provider for SSO . it would be great if you can answer some of >my question :
Thanks for your help !!
Regards,
Neha
We want our user to logged in into salesforce from inside or outside of network . In this senerio which Profile will be used .
Our customer wants (owners of a license in SFDC application) to access seamlessly CRM application from:
What is the concept of Kerberos . Do we have to set up this also ?
For outlook integration do we need to set up delegated authentication(web service at SFDC side) or it would be automaticaly use delegated authentication ?
Regards,
Neha