Thanks for the demo and explanation. This is very helpful . i am trying to do a POC using my org as Identity Provider which will connect to an external app on ruby on rails .
Hi everyone, I faced an error while testing/logging in from both the 'Identity Provider-Initiated SAML Flow' and 'Service Provider-Initiated SAML Flow,' as demonstrated in the tutorial. I resolved the error by going to the connected app that I just created, then clicking on 'Manage' and, in the Profiles section, clicking the 'Manage Profiles' button. I assigned the profiles I want to give access to log in through this app and saved the changes."
The Federation ID could be the same in uat and production org? Or we have to add if the partial org label is "UAT" add ".uat" after the last caracter of the Federation ID?
Can we use same method to login from one salesforce community site to another salesforce community site. Directly without providing login cred. Ex: SiteA has SiteB url on hompage . User will login to SiteA and click on that link and directly landed to SiteB. Is that possible with this method?
i am creating a connected app through metadataapi in salesforce.Connected app is being created fine but when i am trying to add single logout url under saml config its not working. I'm looking for guidance on configuring the Single Logout URL correctly via Metadata API
If i want to set up multiple service providers (sandboxes) so i need to setup connected app for each sandbox in the identity provider org (production/Full sandbox)? My goal is allowing all system admins to login to all lower sandboxes, and they should be able to login using their FED ID, however, I just want to confirm if for each lower sandbox org i need a corresponding connected app on the identity provider org, or can i get away with one connected app which served all sandboxes?
Is it possible to get OAUTH token of our service org by using same approach. As we can see SSO page of Service org also showing endpoints for fetching OAUTH tokens??
Thanks for the presentation. I was wondering, why do you need MyDomain enabled in IdP org? MyDomain is required in SP org for SAML configuration because it need to have unique URL. Please let me know if my understanding is correct. But for Idp, why do we need MyDomain enabled?
For me it is showing that error that Insufficient Privileges You do not have the level of access necessary to perform the operation you requested. Please contact the owner of the record or your administrator if access is necessary. For more information, see Insufficient Privileges Errors. How to resolve it
Thanks for the video is really good and easy to understand! I just have a question.. This would work same way for two Salesforce production instances? thanks!
great content man..am very new to salesforce and I have been given a task of creating a SSO implementation for one of the dashboard page..I wanna know if the same thing work fine if I just paste the login url in the dashboard UI page after doing all the pre-requisites that you have shown?
It would help if the instructor takes the effort of creating everything new instead of using orgs where everything is already setup especially when the setup required is not too complex and time consuming. Watching the video gives me a headache from constant tab shuttling alone. The content is informative but the presentation could be a lot better. Please note this is a constructive feedback and holds no ill will.
Just in case you are looking for step by step process. I hope this will help amitsalesforce.blogspot.com/2019/05/single-sign-on-between-two-salesforce-org-SAML-SSO.html
100% is clear about your explanation. Thanks. Keep up with good work
Thanks and welcome
Very nicely explained and everything is worked as expected. Thanks a lot to Apex Hours and Deburan sengutpta
Excellent presentation. Thanks for the detailed explanation.
Glad you enjoyed it!
Thanks for this demo and knowledge sharing.
Glad it was helpful!
Great video and demo. Thanks for sharing 👍
Thanks for watching!
Great Demo!! Thanks for posting this. :)
My pleasure!
AT 24:49 you mentioned the login/logout URLs are your IDP URLs? Did you mean that they are entity URLs which need to be accessed from IDP?
Thanks for the demo and explanation. This is very helpful . i am trying to do a POC using my org as Identity Provider which will connect to an external app on ruby on rails .
Glad it was helpful! Best of luck. Thanks AMIT CHAUDHARY
Excellent Explanation
Glad you liked it
Hi everyone, I faced an error while testing/logging in from both the 'Identity Provider-Initiated SAML Flow' and 'Service Provider-Initiated SAML Flow,' as demonstrated in the tutorial. I resolved the error by going to the connected app that I just created, then clicking on 'Manage' and, in the Profiles section, clicking the 'Manage Profiles' button. I assigned the profiles I want to give access to log in through this app and saved the changes."
The Federation ID could be the same in uat and production org? Or we have to add if the partial org label is "UAT" add ".uat" after the last caracter of the Federation ID?
Can we use same method to login from one salesforce community site to another salesforce community site. Directly without providing login cred.
Ex: SiteA has SiteB url on hompage . User will login to SiteA and click on that link and directly landed to SiteB.
Is that possible with this method?
i am creating a connected app through metadataapi in salesforce.Connected app is being created fine but when i am trying to add single logout url under saml config its not working.
I'm looking for guidance on configuring the Single Logout URL correctly via Metadata API
If i want to set up multiple service providers (sandboxes) so i need to setup connected app for each sandbox in the identity provider org (production/Full sandbox)?
My goal is allowing all system admins to login to all lower sandboxes, and they should be able to login using their FED ID, however, I just want to confirm if for each lower sandbox org i need a corresponding connected app on the identity provider org, or can i get away with one connected app which served all sandboxes?
How do you enable the metadata search (Select metadata) below Quick find/search available on the left side of the screen in your org ?
Is this possible if my Servce Provider is not a salesforce app? If it's possible, is there a documentation I could follow for this?
Very good explanation!!! Can you explain what's SAML assertion? This term is frequently used. Theoretical explanation also ok for us.
Check apex hours website for all Theoretical explanation
Is it possible to get OAUTH token of our service org by using same approach. As we can see SSO page of Service org also showing endpoints for fetching OAUTH tokens??
Thanks for the presentation. I was wondering, why do you need MyDomain enabled in IdP org? MyDomain is required in SP org for SAML configuration because it need to have unique URL. Please let me know if my understanding is correct. But for Idp, why do we need MyDomain enabled?
For me it is showing that error that Insufficient Privileges
You do not have the level of access necessary to perform the operation you requested. Please contact the owner of the record or your administrator if access is necessary. For more information, see Insufficient Privileges Errors.
How to resolve it
Thanks for the video is really good and easy to understand! I just have a question.. This would work same way for two Salesforce production instances? thanks!
just wonder the similar situation. when we have an external identity provider, does it work for all sandbox environments with the same settings?
Thank you apex hours and Deburan sengutpta
Hi I have a question. Can we add our SSO link to our email templates in salesforce?
My domain is not mandatory in idp initiated sso. Please correct that as its a common exam question which people tend to get wrong!
YES YOU ARE CORRECT
great content man..am very new to salesforce and I have been given a task of creating a SSO implementation for one of the dashboard page..I wanna know if the same thing work fine if I just paste the login url in the dashboard UI page after doing all the pre-requisites that you have shown?
Good video. I want to be a CTA.
Best of luck!
thanks a lot!
You're welcome!
It would help if the instructor takes the effort of creating everything new instead of using orgs where everything is already setup especially when the setup required is not too complex and time consuming. Watching the video gives me a headache from constant tab shuttling alone.
The content is informative but the presentation could be a lot better.
Please note this is a constructive feedback and holds no ill will.
Thank you so much for feedback and we will take care in future.
Just in case you are looking for step by step process. I hope this will help amitsalesforce.blogspot.com/2019/05/single-sign-on-between-two-salesforce-org-SAML-SSO.html
Excellent Explanation
Glad it was helpful!