Delegated Authentication Single Sign-On in Salesforce. How to achieve this with Okta?

Delegated Authentication Single Sign-On in Salesforce. How to achieve this with Okta?

Delegated Authentication Single Sign-On – 

  • We can configure our Salesforce org with any authentication method of our choice using this feature of salesforce.
  • We can integrate with the LDAP server – Lightweight Directory Access Protocol or authenticate with the access token rather with the password.
  • We can also manage authentication at the permission level which gives us more flexibility.
  • With the above feature, we can set delegated authentication for particular users rest will use their salesforce credentials for login.
  • If user tries to login through online or API, Salesforce checks permission settings and access settings after validating the username.
  • If user has enabled the Single Sign On permission setting then salesforce doesn’t validates the login credentials. Rather it makes an web service call to org for validating the login credentials. 
  • When above permission setting is enabled then salesforce no longer manages the password policies for example – password must be of required minimum length. 
  • Then delegated authentication comes into action, the endpoint’s service enforces the policies for password.
  • Note – In this case salesforce doesn’t store or view the password. It dispose the password when process get completed.
  • With this delegated authentication feature, user will  experience a delay than normal while logging.

How to achieve Delegated Authentication with Okta’s satandard apps? 

  • Open your Okta’s standard app detail page and click on Sign On tab.
  • Click on View Setup Instructions button and go to Delegated Authentication section of that page.
  • Copy the URL under Delegated Gateway URL heading.
  • Now go to your salesforce org’s profile detail page and select the profile you want to use for delegate authentication, for now I am doing with my System Admin profile.
  • This will open your profile detail page, go to Is Single Sign-On Enabled checkbox and enable it.
  • So now System admin users will never able to login through normal salesforce process.
  • Now go to Single Sign On settings in your org, and click Edit button. Paste the URL you have copied earlier in Delegated Gateway URL.
  • Click Save.
  • System Administrator users will only able to login through that Okta’s app gateway endpoint, now Okta manages the password policies for those salesforce users.

Leave a Reply


We're not around right now. But you can send us an email and we'll get back to you, asap.


About Us

Forcetalks is a Salesforce collaboration platform for coders & developers, geeks & nerds, consultants & business heads, admins & architects, managers & marketers and of course the business owners. A community where you can learn from, where you can contribute to. For you. For Salesforce. Read More...

Copyright 2019 Forcetalks. All Right Reserved.

Log in with your credentials


Forgot your details?