Delegated Authentication Single Sign-On in Salesforce. How to achieve this with Okta?
Delegated Authentication Single Sign-On –
- We can configure our Salesforce org with any authentication method of our choice using this feature of salesforce.
- We can integrate with the LDAP server – Lightweight Directory Access Protocol or authenticate with the access token rather with the password.
- We can also manage authentication at the permission level which gives us more flexibility.
- With the above feature, we can set delegated authentication for particular users rest will use their salesforce credentials for login.
- If user tries to login through online or API, Salesforce checks permission settings and access settings after validating the username.
- If user has enabled the Single Sign On permission setting then salesforce doesn’t validates the login credentials. Rather it makes an web service call to org for validating the login credentials.
- When above permission setting is enabled then salesforce no longer manages the password policies for example – password must be of required minimum length.
- Then delegated authentication comes into action, the endpoint’s service enforces the policies for password.
- Note – In this case salesforce doesn’t store or view the password. It dispose the password when process get completed.
- With this delegated authentication feature, user will experience a delay than normal while logging.
How to achieve Delegated Authentication with Okta’s satandard apps?
- Open your Okta’s standard app detail page and click on Sign On tab.
- Click on View Setup Instructions button and go to Delegated Authentication section of that page.
- Copy the URL under Delegated Gateway URL heading.
- Now go to your salesforce org’s profile detail page and select the profile you want to use for delegate authentication, for now I am doing with my System Admin profile.
- This will open your profile detail page, go to Is Single Sign-On Enabled checkbox and enable it.
- So now System admin users will never able to login through normal salesforce process.
- Now go to Single Sign On settings in your org, and click Edit button. Paste the URL you have copied earlier in Delegated Gateway URL.
- Click Save.
- System Administrator users will only able to login through that Okta’s app gateway endpoint, now Okta manages the password policies for those salesforce users.