+ Start a Discussion

Single sign-on with Communities as the Identity Provider

We are trying to configure Zendesk to authenticate against SalesForce Community User accounts using SSO.  So far, we've successfully configured Zendesk to authenticate against SalesForce internal user accounts, but not Community User accounts.

The current setup is relatively straightforward...
We configured a Domain per these docs: https://help.salesforce.com/apex/HTViewHelpDoc?id=service_provider_prerequisites.htm&language=en_US
Single Sign-on with SalesForce as the Identity Provider and a Connected App for Zendesk, in a similar fashion to these docs: https://developer.salesforce.com/page/Configuring-SAML-SSO-to-ZenDesk

Amongst the many things I've tried, I tried changing the "Identity Provider Login URL" on the SAML Single Sign-On Setting page to point to our Community custom login page, which at least redirects the user trying to login to Zendesk to the right login page.  However, the SAML assertion doesn't work and the user is not redirected back to Zendesk after login.

I have found no documentation or articles on using SSO authenticating against Community user accounts, so any direction from this community would be greatly appreciated!

Haven't dug deeper, and this might not help much.. but have you seen this link.. this is for portals though: https://help.salesforce.com/apex/HTViewHelpDoc?id=sso_portals.htm&language=nl (https://help.salesforce.com/apex/HTViewHelpDoc?id=sso_portals.htm&language=nl)
Parvinder SinghParvinder Singh
Go look at this http://www.youtube.com/watch?v=-jm5_PAxtSc, you will need new SSO configuration settings for your community users, this should help.
Sandi LinSandi Lin
Hi - we are trying to figure out the same issue on how Community accounts can be used to login into external applications. The documentation is unclear whether Community accounts can use SAML, OAuth, or either. Was anyone able to get this working and confirm what authentication protocols should be used?
Hi CodenameDM,

we too experiencing the same. Did you find the solution to the above. If so could you please post the procedure.
Jonathan Webb (Shure)Jonathan Webb (Shure)
Has anybody been able to confirm if this is possible?
Henry Yang 32Henry Yang 32
We are experiencing the same problem.
Anyone find the solution?

Or any tips will be much appreciated.
Thank you.
Hi, we can get this via JWT (JSON Web Tokens). Please have a look at the following article. https://support.zendesk.com/hc/en-us/articles/203663816-Setting-up-single-sign-on-with-JWT-JSON-Web-Token-
Siddharth Jain 64Siddharth Jain 64

We are trying to setup Salesforce as Identity Provider (IDP) for Community users. Currently we have linked GitHub with Salesforce for Internal users and these internal users are authenticated via salesforce and are able to login to GitHub. 

Similarly we are trying to achieve this for our Customer Community Users where they should be able to login on our GitHub as well and for this we would probably need to setup Salesforce as IDP for communities.

Any help or suggestions would be appreciated.

From the link below:
"When implementing SAML for communities, the key is to use the community URL associated with login for the single sign-on flow. Also make sure that the community URL in the SAML assertion POST includes /login"
Catherine BairdCatherine Baird
Has anyone successfully implemented SSO with a community as the identity provider, using SAML? Please advise! Thanks.