Creating Single Sign-On(SSO) for Communities

  If you want to setup the SSO for Salesforce community portal, please follow the below steps. 

1. Create a community. Just create it don't add more configuration or customisation 

2. Most of the client would like to have a custom domain for community so please follow this link to setup the domain and link it to community site.

3. As per the below document Azure team has to setup the SSO configuration on Azure. 

https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/salesforce-tutorial#configure-azure-ad-sso

    To do the steps as a Salesforce developer you have provide the few set of information. Those I have attached in the below screen-shot.

Input For Azure Step 1:

Name: You can give your own name

On this step Reply URL should be your site domain URL. 


Input For Azure Step 2:

On the Identifier, Reply URL and Sign-on URL need to be give as site domain URL by appending /login.

Referencelink: https://help.salesforce.com/s/articleView?id=sf.networks_auth_configure_saml.htm&type=5


Note: On the both screenshot column A values are from Azure page.

4. As a Salesforce developer now you will receive the metadata file from the Azure team. This is the file downloaded from Azure portal after the configuration.

5. Login to Salesforce and go to Setup --> Single Sign-On Settings. On this page if the 'SAML Enable' is not enabled please click Edit and Enable it.
6. To configure SAML Single Sign-On Settings, click 'New from Metadata File' and choose the file and finally Save it.

7. No you are on the edit page of the SSO setting. On this page please update the information as per below.
        On the SAML Single Sign-On Settings page, fields populate automatically, if you want to use SAML JIT, select the User Provisioning Enabled and select SAML Identity Type as Assertion contains the Federation ID from the User object otherwise, unselect the User Provisioning Enabled and select SAML Identity Type as Assertion contains the User's Salesforce username. Click Save.

Note: While saving this if you get an error on Issuer as below please change it to any name. This is causing because on this org you have the SSO for internal org.

Great, you are now completed the configuration for SSO. New We need to add this login to Community login page. 

Once this is added external user can login with SSO. I hope this article is helpful. Please let me know your thoughts in comments. 
- No comments:

Date Format From Zapier to Salesforce

    Hope everyone knows that Zapier is a product that allows end users to integrate the web applications they use and automate workflows. Here we are going to look about what is the default format that needs to be passed from the Zapier to Salesforce

    Once you receive the date from any application to Zapier then we have to use the component 'Date / Time Formatter' any convert the date value to YYYY-MM-DDThh:mm:ss+hh:mm which is acceptable format by Salesforce.

    Please refer the below screenshot.





Please leave your thoughts in comments.

- No comments:

FormAssembly + Salesforce Community + Domain Certificate

    In my recent Experience Cloud implementation project I want to have the FormAssembly Form on the Community Pages. For the Salesforce community if you have the custom domain you should have uploaded the CA Singed Certificate. To know more about adding the custom domain please go through my previous blog by clicking here

    Generally when we add the domain we just add the default standard certificate provided by the authority. If you have this standard certificate then when you try to open the FormAssembly Form page on Community you will be redirected back to the login page. This is because of the SSL certificate issue.

    To know the SSL issue please run the SSL Server Test for the domain you registered on the Salesforce https://www.ssllabs.com/ssltest/analyze.html.  Once you ran the test you will see the chain issue as shown in the below screenshot.


Below is resolution from FormAssembly Support:
"SSL Labs shows that the server’s certificate chain is incomplete. This prevents our server from connecting and validating the user session (hence redirect to login page). In our other cases, it was necessary to reinstall the SSL Certificate."    

    To resolve this issue go the existing certificate linked against the domain on Salesforce and then click on Download Certificate Signing Request. Please pass this file to the certificate authority and ask them to create the new single PEM Encoded certificate by re uploading this CSR(Certificate Signing Request) file. Most of them misunderstand that this is should be .pem certificate but its not instead it has to be a .crt file. This certificate contain the information as mentioned in the below screenshot.
    Upload this new certificate on the existing Salesforce certificate by clicking 'Update Signed Certificate'. Once you uploaded, as per the Salesforce documentation allow minimum 1 hour for this new certificate to propagate on Salesforce infrastructure.
      
    Now if you re run the SSL server test for salesforce domain then you won't see the chain issue as None and the FormAssembly Form will be accessible on the community portal without redirecting back to the login page. 

    If you still have issue opening the FormAssembly Form on the community, please contact the FormAssembly.

I hope this information is helpful to you. Please leave your comment.   

     


- No comments:
Subscribe to: Posts (Atom)