In this session we talk about how to implement Azure Active Directory Seamless Single Sign-On with Salesforce. We also cover the delegated Authentication and Federated Authentication(SAML) SSO.
What is Azure Active Directory?
Azure Active Directory is Microsoft’s multi-tenant, cloud-based directory and identity management service. Let see how Azure Active Directory single sign-on (SSO) integration with Salesforce.
Different way to implement Single Sign-on in Salesforce
There are three mechanisms which can be used to achieve this in Salesforce.
- Delegated authentication
- Federated Authentication
- SP-Initiated SAML
- IDP-Initiated SAML
- OpenID Connect
Learn more about Single Sign on Between Two Salesforce Org.
IDP INITIATED FLOW
- User login into Identity Provider with the credentials
- User Click on the link for which org user want to access
- SAML Assertion is sent to salesforce server with Federation ID or Username OR custom attribute
SP INITIATED FLOW
User experience: – The most apparent benefit is that users can move between services securely and uninterrupted without specifying their credentials each time.
Security: – The users credentials are provided directly to the central SSO server, not the actual service that the user is trying to access, and therefore the credentials cannot be cached by the service.
Resource Saving: – IT administrators can save their time and resources by utilizing the central web access management service Application.
Prerequisites for Azure AD SSO
- An Azure AD subscription. Get a free account.
- Salesforce Org with SSO enabled.
Salesforce SSO with Azure Active Directory Video
Check below video for step by step process and a complete guide.
You can refer this guide for blog post.
Check Configure an Azure AD Authentication Provider for OpenId Connect flow.