OpenID Connect in Salesforce
Written ByApex Hours
Join us to learn how to configure the OpenID Connect authentication provider to allow users to authenticate at Google/ Gmail to access a Salesforce environment.
What is OpenID Connect?
OpenID Connect is a simple identity layer on top of the OAuth 2.0 protocol. It allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User.
Check OpenID Connect (OIDC) Flow in Salesforce here for more details.
OpenID Connect Flow
Difference between OpenID and OAuth
| OAuth 2.0 | OpenID Connect |
| Granting access to your API | Logging the user in |
| Getting access to user data in other systems | Making your accounts available in other systems |
| This is primarily used for Authorization | This is primarily used for Authentication |
Difference between OpenID and SAML
- In SAML the user is redirected from the Service Provider(SP) to the Identity Provider(IP) for sign in. In OpenID Connect the user is redirected from Relying Party to the Open ID Provider for sign in.
- In OpenID connect we get an id_token which is a signed JSON token that contains the subject, issuer and other user information. However in SAML we have a concept of assertion.
Integration between Google and Salesforce
Check below recording to learn about how to integrate Salesforce with google.
Agenda
- What is OpenID Connect?
- Difference between OpenID and OAuth 2.0
- Difference between OpenID and SAML
- Explore the Salesforce Open Id playground
- Integration between Google and Salesforce (walkthrough with demo)
