Note

 

This documentation supports the 20.19.01 version of Remedyforce.

To view the latest or an earlier version, select the version from the Product version menu.

Frequently Asked Questions

This topic contains a list of the most frequently asked questions.

General

 What are the different types of SSO?

The following are the types of SSO:

  • Federated authentication using SAML
  • Delegated authentication by integrating Salesforce with an authentication method

For more information, see Types of Single Sign-On.

 Are passwords reset when SSO is implemented?

The password reset option is disabled for the SSO users that implement delegated authentication. In delegated authentication, Salesforce does not manage the user passwords. Users who want to reset the passwords in Salesforce are directed to the Salesforce administrator.

 Where can I view logs for SSO errors?

For delegated authentication, if you are enabled with View All Data permission:

  • Navigate to Delegated Authentication Error history and view the logs

OR

  • Navigate to Login history for a user

If you do not have View All Data permission, contact your Administrator.

For federated authentication, to view logs for SSO errors:

      1.      Navigate to the Single Sign-On Settings section. 

      2.      Click SAML Validation.

 Is there any alternative, if I am not able to login through SSO?
Yes. You can log in by appending the following parameter to the login URL: ?login.

For example: https://login.salesforce.com/?login or https://testinfo-developer-edition.my.salesforce.com/?login

 Does SSO work outside my corporate firewall?

Yes.

 Where can I find the login history of a particular user?

Navigate to Setup > Manage Users > Users  > Select username > Login history.

 Is it possible to configure the login page and logout page specific to an organization?

 Yes, you can configure the login, logout, and error pages as required. You can do so, using SAML 1.1 or SAML 2.0 in SSO Configuration.

 How do I enable the Single Sign-On permission?

To enable the Single Sign-On permission:

      1.      In the System Permissions section, navigate to Setup > Manage Users > Profile > User profile 

      2.      Edit the required profile and select Is Single Sign on Enabled.  

      3.      Save the profile.

 What happens when I click a link in an email which points to a specific salesforce record?

When you click on a Salesforce link that points to a specific Salesforce record, you are prompted for credentials in case you are not already logged in to Salesforce. If you are already logged in to Salesforce then it will redirect you to the appropriate record page.

If you are not redirected to your Salesforce org’s instead of intended Salesforce record page then you might need to configure Relay State for ADFS which serves as your Identity Provider. You may see  ADFS 2.0 Relay State section in this document for Relay State configuration.

 

Note

If you are already authenticated by Identity Provider and logged into to your Salesforce org then you will be redirected to intended page on clicking the link. (For example, an account page or a specific page in your org).


Delegated Authentication

These questions are categorized into two types.

Based on Service Provider

 How do I enable delegated authentication for my organization?

You need to contact Salesforce to enable delegated authentication.

To contact Salesforce:

  1. Navigate to Help > Contact Support > Open a case.
  2. Enter appropriate information in the fields given in the table below:

    Field

    Description

    Problem Type

    From the drop-down list, select Feature Activation.

    Problem Area

    From the drop-down list, select Login and Feature Activation.

    Subject

    Enter Enable Delegated Authentication.

    Description

    Enter an appropriate description.

    Security Level 

    From the drop-down list, select Medium.

  3. Click Next.

 How do I configure delegated SSO in Salesforce?
To configure delegated SSO in Salesforce:

      1.      Navigate to Setup > Administration Setup > Security Controls > Single Sign-On Settings.
      2.      Click Edit and enter the Delegated Gateway URL.
      3.      Navigate to Setup > Administration Setup > Manage Users > Profile.
      4.      Edit the required profile and select Is Single Sign-On Enabled to enable user permission for your user’s profile.

 Does Delegated Authentication support SAML Tokens?

Yes, delegated authentication supports SAML tokens as well as passwords.

 How does Salesforce identify that user credentials are to be authenticated through delegated authentication?

If the Is Single Sign-On Enabled permission is enabled for a user, then the user credentials are authenticated through delegated authentication.

 Does Salesforce store user credentials in case of delegated authentication?

Salesforce does not store any password. Credentials are disposed of once the authentication process is complete.

 Does delegated authentication work with Salesforce1?

Yes.

 What is the purpose of Force Delegated Authentication Callout in Delegated Single Sign-On settings?

If Force Delegated Authentication Callout is selected, then Salesforce forces a callout to the gateway URL, even after a failure due to restrictions set in the profile such as IP range restrictions.

 Where can I view logs related to Delegated Authentication?

Navigate to Setup > Administration Setup > Manage Users > Delegated Authentication Error History. You will see error logs related to delegated authentication.

 What is timeout set when Salesforce tries to connect to Delegated Authentication service?

Request gets timed out after 10 seconds. Please see https://developer.salesforce.com/docs/atlas.en-us.sso.meta/sso/sso_tips.htm for more information.

 Does delegated authentication work with Portals?

Based On Identity Provider

 What does the Identity Provider return on authenticating user credentials in case of delegated authentication?

Once the user credentials are verified, the Identity Provider sends any one of the following authentication status:

  • TRUE: If the user credentials are valid
  • FALSE: If the user credentials are invalid
 What are the prerequisites for IDP for configuring delegated authentication?

Was this page helpful? Yes No Submitting... Thank you

Comments