+ Start a Discussion
kent.chenkent.chen 

What are his profiles and roles when a user reaches another site via SSO ?

What are his profiles and roles when a user reaches another site via SSO ?

 

 

#Senario1  SalesForce serves as IdP.  

      How can the service provider know this guy's profile and role? 

 

#Senario2  SalesForce serves as SP

      How can SalesForce decide this guy's profile or role?  

Scott T.Scott T.

Kent,

 

I believe that in both cases, you're likely to have the user entry already existing at both partner sites.  It's up to that partner site to decide what the user's permissions, etc. are.

 

For example -  the subject type must be either Username or Federation ID (another attribute of a user's field at SFDC).  This tells SFDC how to map the user at SFDC side.

 

For the 3rd party app - ultimately it's implementation specific how this user lookup is done, and thus the permission mapping etc.

 

Hope that helps...

 

Scott