• Rohan B
  • 0 Points
  • Member since 2012

  • Chatter
  • 0
    Best Answers
  • 0
    Likes Received
  • 0
    Likes Given
  • 0
  • 3

Hi Salesforce experts,



I have implemented Federated SSO in salesforce. i have tested login from sso login url using my ADS user  id and password and i am successful.


I tried to logging in from login.salesforce.com using my salesforce user id and password. i am successful to login from this too.


if a user is able to login throug login.salesforce.com after implementing federated sso in salesforce, there is no meaning at all for this implementation.  because SSO gives company admin to control access to all applications but here admin can not control salesforce user even after sso implementation.


I tried emplyoing a trigger on user account which changes the password everytime time user record is being updated as below so that users will not be known what is their salesforce password as shown below


trigger testtrigger on User ( before update )
       Double ran=Math.random();
       system.debug(' forgot   '+'asdfqwer'+ran);



This trigger is getting executed when ever the user record changes but the problem is when user clicks on forgot password and he reset the password , this trigger is not getting called.


at this moment, i dont have any option to enforce the users to login from sso login page.


Can anybody solve this problem.



  • June 23, 2012
  • Like
  • 0



We are considering introducing SSO for our Salesforce.com implementation. Once this has been done it would be good if we can disable the options for users to reset their passwords within SFDC  (The passwords will be controlled externally to SFDC by our SSO identity provider.)


Do you know if it is posible to remove the possibility for a profile or user to change their passwords?


I note in the configuration settings for profiles there are 2 password options which can be activated/deactivated.


- "Password Never Expires"

- "Reset User Passwords and Unlock Users"


I presume option 2 above applies to all users who are assigned to the profile & not just the an indibidual user. Therefore if activated the profile user could reset every users password who is assigned to the profile?


On a User record it just displays the last date the password was changed "Last Password Change or Reset". There is an option for the user to go to "Personal Setup > My Personal Information > Change My Password" but I'd like to disable this.


Any help on this would be great.