Hello,

We're planning to enable Azure AD single sign on for our domain, and before doing that I need to confirm some questions. Would you please help me with below questions?

1. How many different domains are supported for Salesforce SSO? 
2. If we enable SSO for our domain, will external domain users still be able to login using their external domain Email address? Can we create users from other domains for example test.com and they login without single sign on?
3.For SSO does it use the primary Email address or 365 login (UPN)? 
4. Will all the user profile settings\history remain there as long as 365 UPNs match the current users Email addresses in Salesforce? Technically our users won't lose anything, correct?
5.If a user Salesforce login doesn't match the Azure AD associated Email address, can we change the email first on Salesforce and then enable Single sign on? Will it keep all the history? 
6.Worst scenario if it doesn’t work, can we just remove the integration and user use their Broadvoice Email with their current salesforce password to login? 


Thanks in advance!

Hi Pros, 

I've had some questions regarding enabling single sign on with my AzureAD. I'd appreciate if someone helps me out.

1. If we enable it and use salesforce as an app within our AzureAD, and start adding users from there, what would happen to the current users we already have created on salesforce? Is there a way to link them with our users on AzureAD so they can keep their settings and history?

2. After we enable the single sign on, will we be able to login with built-in created users on salesforce as well? Like our developers accounts? In another word, can we have both method of authentication? One from our AzureAD and the other one built-in Salesforce users?

3. If we deploy a custom domain within our salesforce, can we still use the links we are using in our codes and APIs or we would need to update all of them with the custom domain name?something like ourcompany.salesforce.com ? I think that's a necessary part of enabling single sign on. 

I'll be looking forward to hearing from you.

Best, 

Hello,

We're planning to enable Azure AD single sign on for our domain, and before doing that I need to confirm some questions. Would you please help me with below questions?

1. How many different domains are supported for Salesforce SSO? 
2. If we enable SSO for our domain, will external domain users still be able to login using their external domain Email address? Can we create users from other domains for example test.com and they login without single sign on?
3.For SSO does it use the primary Email address or 365 login (UPN)? 
4. Will all the user profile settings\history remain there as long as 365 UPNs match the current users Email addresses in Salesforce? Technically our users won't lose anything, correct?
5.If a user Salesforce login doesn't match the Azure AD associated Email address, can we change the email first on Salesforce and then enable Single sign on? Will it keep all the history? 
6.Worst scenario if it doesn’t work, can we just remove the integration and user use their Broadvoice Email with their current salesforce password to login? 


Thanks in advance!

Hello,

We're planning to enable Azure AD single sign on for our domain, and before doing that I need to confirm some questions. Would you please help me with below questions?

1. How many different domains are supported for Salesforce SSO? 
2. If we enable SSO for our domain, will external domain users still be able to login using their external domain Email address? Can we create users from other domains for example test.com and they login without single sign on?
3.For SSO does it use the primary Email address or 365 login (UPN)? 
4. Will all the user profile settings\history remain there as long as 365 UPNs match the current users Email addresses in Salesforce? Technically our users won't lose anything, correct?
5.If a user Salesforce login doesn't match the Azure AD associated Email address, can we change the email first on Salesforce and then enable Single sign on? Will it keep all the history? 
6.Worst scenario if it doesn’t work, can we just remove the integration and user use their Broadvoice Email with their current salesforce password to login? 


Thanks in advance!