You are here

Salesforce Identity Provider

Salesforce can be configured as a SAML Identity Provider, allowing users to then authenticate to SpringCM and other SAML Service Providers with their Salesforce credentials.

Setting Up Salesforce as an Identity Provider for SpringCM

To configure Salesforce as an Identity Provider for SpringCM, follow the steps as outlined in the article How to configure SSO from Salesforce to SpringCM.  

Configure your Salesforce users with Federation Ids

SpringCM uses a user's email address as their login id. At the time of this writing, Salesforce cannot be configured to use a user's email address as the login id as part of a SAML Response. If by convention, your Salesforce usernames are also the email address used to log into SpringCM, then you can configure your SpringCM service provider configuration to pass the username, and you are done. If not, then you must use the Federation ID. This is a free form property on a user that must be populated with the user's email address that they use to log into SpringCM. This can be done manually for each of your user's in Salesforce, however it may become tedious to always have to keep them in sync manually. Fortunately, Salesforce triggers can be used to automatically copy a user's email address to their Federation ID every time a new user is created or their email address changed as shown in the following sample Apex code. Full discussion of creating Salesforce triggers is outside the scope of this document, consult Salesforce's online help and tutorials for more information.

Sync Email to Federation ID Apex:

trigger CopyEmailToFederationId on User (before insert,before update) { 
    for (User newUser: Trigger.new) { 
        User oldUser = null; 
        if(Trigger.oldMap!=null) { 
            oldUser = Trigger.oldMap.get(newUser.Id); 
        } 
        if (oldUser==null || oldUser.Email!= newUser.Email) { 
            newUser.FederationIdentifier = newUser.Email; 
        } 
    } 
}