+ Start a Discussion
Always ThinkinAlways Thinkin 

oAuth, SSO or POST to sign Sf Users into Self-Serv Portal

I run multiple orgs and am centralized support in one org for the users of all the other orgs. Rather than burden them with signing into the Self-Service Portal to view their Cases, I'm considering how best to link them to it seamelessly after they have already signed into their home org. SSO is out, we have no network. oAuth might work if the SSP could sign them in using their User credentials, however I'm most inclined to pass their credentials via POST from within Salesforce.


Any better ideas? Any stringent objections?

Pat McQueenPat McQueen

Interesting use case ... You can use salesforce.com as an IDP from one org to another.  But that does not get you into the portal.  Do you want users to be able to submit cases or Submit and list them?  If it is just submit you could use web-2-case hosted in each org.

Always ThinkinAlways Thinkin

I want users to be able to view and submit cases. I experimented with Salesforce-to-Salesforce but it does not sync emails, only comments, so you get a very distored view of the progress on a case, not to mention the chaos of two case numbers, two ref IDs, User/Owner vs Case Contact. Finally figured it would be easiest to design some means of automatically authenticating the users from one org into the other org. It's all internal staff, so I'm not concerned about it going public.

Pat McQueenPat McQueen

The choices seem to be ....


  1. Use Sites/customer portal but those all have a per user charge.  Sites supports SAML so you can do authenticated Login.  Customer Portal will support SAML in the future.
  2. Use Salesforce-2-Salesforce but that does not move everything you want.
  3. Build a really small Heroku app that validates the users (takes a session ID from the current org and validates it) and then calls the source org with the cases and displays a list of cases.  It could also allow for the submission of cases.  You may able to do this as an un-authenitcated site but you would still have the problem ot secuely logging to see "your" cases.


Do any of these work?




Always ThinkinAlways Thinkin

Oooh, I like the idea of using Heroku to handle the authentication. I heard a couple developer acquaintances discussing that recently. I don't know how to do it myself, but I bet I can find someone who can...


I'll post back if it works out!


Looking for a similar solution, did your Heroku experiment work out?