Thursday, June 9, 2016

SSO on Salesforce Community to Login with Any Salesforce User


Just like the success.salesforce.com, we can make our Salesforce community portals can be logined by any Salesforce user from any Salesforce org. To enable this Single Sign On, follow below steps:

1. Create the community

          a. Go to Setup, search 'Communities' in Quick find, choose 'All Communities' and click on  'New community' button.



         
      b. Choose a community template (Here we can choose the Napili template) and enter the community name, the URL and click 'Create Community' button
 
     

      Now navigate to 'Community Management Page' for further settings.

 2. Set up Community.

        a. Profile settings  
         
           From the Community Management Page, go to 'Administration' and select Members, choose the appropriate portal profile and save the settings. Here we can choose 'Customer Community Login User profile'.


3. Single Sign On setup

       a. From  the Community Management Page, go to 'Administration' and select  'Login & Registration'

On the Login Section click on 'Auth Providers' as shown.

    


    b. From the Auth. Providers setup page create New Auth provider.

  



  c. Select the provider type as 'Salesforce' and Save.


d. Enter a name for the Auth. Provider (Eg: AllSF as below).  And click on 'Automatically create a registration handler template' to generate a new registration handler.


e. Select an user with admin privileges for executing the registration handler class,  leave other fields blank and save the changes.  

Now we can see the Auth Provider settings details. From there go to the registration handle class (Here it is AutocreatedRegHandler1465466784028).



 We have to do some changes in apex code for Registration Handler class as on below steps. 

f. Replace line no: 12 with 'return true'. 

g. For line no: 34,  we have to select a community profile for user creation. Use the same profile that we have setup in Step 2.  So change the query condition with profile name as  'Customer Community Login User' and save the class. 

h. Create an account in Salesforce with same name as in line 23. ie,  'Acme'.  Don't forget to select a role for this account owner, since its mandatory for SSO.


    




4. Configure Auth provider for Community

       Again go to Community Management Page, go to 'Administration' and select 'Login & Registration' and do the below changes.

a. On the Login section, we can see the Auth provider that we have already created in Step 3. Check on the Auth provider (here it is AllSF). 

b. On the Logout section add login.salesforce.com as logout page if needed. 

c. On the Registration section check on 'Allow external users to self-register', select the community profile and the account that we have created in previous steps and save the changes.



5. Activate the Community

       Go to 'Community Management Page', go to 'Administration' and select 'Settings' and Activate the community.

             



Here it rocks, the community is ready to login with any Salesforce user credentials.