Azure Active Directory Seamless Single Sign-On with Salesforce

In this session we talk about how to implement Azure Active Directory Seamless Single Sign-On with Salesforce. We also cover the Delegated Authentication and Federated Authentication(SAML) SSO.

  • Single Sign On
    • Delegated Authentication
    • Federated Authentication(SAML)
  • Identity Provider(IP)
  • Service Provider(SP)

Delegated Authentication Use delegated authentication if you have mobile users in your organization, or if you want to enable single-sign on for partner portals or Customer Portals. You must request that this feature be enabled by This recipe explains delegated authentication in more detail.

Federated Authentication using SAML Federated authentication uses SAML, an industry standard for secure integrations. Investing in SAML with can be leveraged with other products or services. If you use SAML, you don’t have to expose an internal server to the Internet: the secure integration is done using the browser. In addition, never handles any passwords used by your organization. For more information, see “Configuring SAML Settings for Single Sign-On” in the online help.


Delegated authentication has a few drawbacks with respect to federated authentication.

1delegated authentication is inherently **less secure than federated authentication**. Even if encrypted, delegated authentication still sends the username and password (possibly even your network password) over the internet to Some companies have policies that preclude a third party for handling their network passwords.

2delegated authentication **requires much more work for the company implementing it**. The Web services endpoint configured for the org must be developed, hosted, exposed on the Internet, and integrated with the company’s identity store.


  • User login into Identity Provider with the credentials
  • User Click on the link for which org user want to access
  • SAML Assertion is sent to salesforce server with Federation ID or Username OR custom attribute


User experience: – The most apparent benefit is that users can move between services securely and uninterrupted without specifying their credentials each time.

Security: – The users credentials are provided directly to the central SSO server, not the actual service that the user is trying to access, and therefore the credentials cannot be cached by the service.

Resource Saving: – IT administrators can save their time and resources by utilizing the central web access management service  Application.


If you are new in Salesforce. Please check our free Salesforce Admin and Salesforce Developer training. Subscribe to the channel if you haven’t already

Salesforce Apex Hours

Amit Chaudhary

Amit Chaudhary

Amit Chaudhary is Salesforce Application & System Architect and working on Salesforce Platform since 2010. He is Salesforce MVP since 2017 and have 17 Salesforce Certificates. He is a active blogger and founder of Apex Hours.

Share this article

Leave a reply

Subscribe for Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 3,541 other subscribers

Our Supporter


Apex Hours

Apex Hours is one stop platform to learn Salesforce skills and technology

Join our Newsletter and get tips and tricks how to explore the salesforce for free!