SSO Implementation between two Salesforce Orgs in Lightning and Classic view
We can implement SSO for both Lighting and Classic view with the help of SAML. There is no difference between security protocol for both.
Requirement: When a user is in one org can get login into another org without using credentials for another org and Landing page should be Lighting home page.
Steps to follow to implement above requirement : -
- Configuration Pre-requisites
- All Orgs must be enabled with a custom hostname using 'My Domain'One Org must be selected to act as the Identity Provider
- A master list of all users
- A "Federated ID" for each user, unique for each person across users of all Orgs.
- Enable the Identity Provider in your Identity Provider Org
- Download the Self-Signed Certificate from the IDP Org
- Configure SAML in your first Service Provider Org
- Tell your Identity Provider about this Service Provider Org
- Click “Service Providers are now created via Connected Apps. Click here.” under the list of "Service Providers"
- Enter a name for your first Connected App. In this case, I put “Demo Setting”.
- Select Enable SAML under Web App Settings.
- Enter the 'My Domain' of the Service Provider Org as the "Entity ID"
- Enter the ACS URL - this is the "Salesforce.com Login URL" you made note of in Step 5.9
- Select "Federation ID"
- Hit "Save"
- Assign this SSO configuration to any Profiles of your choosing
