+ Start a Discussion
ThukkaramThukkaram 

Is it possible to enable SSO for two service consumer applications(SP) with same entity id?

Say i have a salesforce service provider app connected with an IDP via standard saml 2.0 with an entity id<xyz>.
Is it possible to connect salesforce1 app with OAuth with the same entity id<xyz>?
I mean web application with standard SAML and mobile application with token based authentication using the same entity id?

Thanks in advance for your help!!!
NagaNaga (Salesforce Developers) 
Hi Thukkaram,

I dont know if its a possible option

Configure SAML in your first Service Provider Org

Login as an Administrator to the first Org you wish to configure as a Service Provider. Browse to "Setup" > "Security Controls" > "Single Sign-On Settings"

Follow these steps:

Click 'Edit' and check the 'SAML enabled' checkbox. Doing so will reveal the next set of configuration parameters.
Set your SAML version to "2.0"
Enter your Identity Provider's "Issuer" that you made note of in Step 3 into the Issuer field. In this sample: https://edyidp-developer-edition.my.salesforce.com
Click the "Choose File" button for the Identity Provider Certificate, and select the Identity Provider certificate that you downloaded to the desktop in Step 4. 
Enter the 'My Domain' URL of your Identity Provider + '/idp/endpoint/HttpPost' into the Identity Provider Login URL. In this sample you'd enter: https://edyidp-developer-edition.my.salesforce.com/idp/endpoint/HttpPost
Change "SAML User ID Type" to "Assertion contains Federation ID from the User object"
Change the Entity ID to the 'My Domain' URL for this Service Provider Org.
Hit Save.
Once complete, make note of the "Salesforce.com Login URL" You'll need it in Step 6.


Note: As of Winter 13, you must also configure your Spoke Org's Login Policy to point at your Identity Provider on the My Domain page. Browse to the Login Page Brand section on the My Domain page, and select My SAML IDP checkbox besides Authentication Service.

Step 6. Tell your Identity Provider about this Service Provider Org

Service Providers are now created via Connected Apps. Login as an Administrator to each of your Orgs, and browse to "Setup" > "Security Controls" > "Identity Provider" and follow these steps:

Click “Service Providers are now created via Connected Apps. Click here.” under the list of "Service Providers"
Enter a name for your first Connected App. In this case, I put SP1 Org.
Select Enable SAML under Web App Settings.
Enter the 'My Domain' of the Service Provider Org as the "Entity ID" 
Enter the ACS URL - this is the "Salesforce.com Login URL" you made note of in Step 5.9
Select "Federation ID" 
Hit "Save"
Assign this SSO configuration to any Profiles of your choosing

When complete, you will end up with a new Service Provider listed under your Identity Provider.

Best Regards
Naga Kiran