Note

 

This documentation supports the 20.19.01 version of Remedyforce.

To view the latest or an earlier version, select the version from the Product version menu.

Frequently Asked Questions

This topic contains a list of the most frequently asked questions.

General

The following are the types of SSO:

  • Federated authentication using SAML
  • Delegated authentication by integrating Salesforce with an authentication method

For more information, see Types of Single Sign-On.

The password reset option is disabled for the SSO users that implement delegated authentication. In delegated authentication, Salesforce does not manage the user passwords. Users who want to reset the passwords in Salesforce are directed to the Salesforce administrator.

For delegated authentication, if you are enabled with View All Data permission:

  • Navigate to Delegated Authentication Error history and view the logs

OR

  • Navigate to Login history for a user

If you do not have View All Data permission, contact your Administrator.

For federated authentication, to view logs for SSO errors:

      1.      Navigate to the Single Sign-On Settings section. 

      2.      Click SAML Validation.

Yes. You can log in by appending the following parameter to the login URL: ?login.

For example: https://login.salesforce.com/?login or https://testinfo-developer-edition.my.salesforce.com/?login

Yes.

Navigate to Setup > Manage Users > Users  > Select username > Login history.

 Yes, you can configure the login, logout, and error pages as required. You can do so, using SAML 1.1 or SAML 2.0 in SSO Configuration.

To enable the Single Sign-On permission:

      1.      In the System Permissions section, navigate to Setup > Manage Users > Profile > User profile 

      2.      Edit the required profile and select Is Single Sign on Enabled.  

      3.      Save the profile.

When you click on a Salesforce link that points to a specific Salesforce record, you are prompted for credentials in case you are not already logged in to Salesforce. If you are already logged in to Salesforce then it will redirect you to the appropriate record page.

If you are not redirected to your Salesforce org’s instead of intended Salesforce record page then you might need to configure Relay State for ADFS which serves as your Identity Provider. You may see  ADFS 2.0 Relay State section in this document for Relay State configuration.

 

Note

If you are already authenticated by Identity Provider and logged into to your Salesforce org then you will be redirected to intended page on clicking the link. (For example, an account page or a specific page in your org).


Delegated Authentication

These questions are categorized into two types.

Based on Service Provider

You need to contact Salesforce to enable delegated authentication.

To contact Salesforce:

  1. Navigate to Help > Contact Support > Open a case.
  2. Enter appropriate information in the fields given in the table below:

    Field

    Description

    Problem Type

    From the drop-down list, select Feature Activation.

    Problem Area

    From the drop-down list, select Login and Feature Activation.

    Subject

    Enter Enable Delegated Authentication.

    Description

    Enter an appropriate description.

    Security Level 

    From the drop-down list, select Medium.

  3. Click Next.

To configure delegated SSO in Salesforce:

      1.      Navigate to Setup > Administration Setup > Security Controls > Single Sign-On Settings.
      2.      Click Edit and enter the Delegated Gateway URL.
      3.      Navigate to Setup > Administration Setup > Manage Users > Profile.
      4.      Edit the required profile and select Is Single Sign-On Enabled to enable user permission for your user’s profile.

Yes, delegated authentication supports SAML tokens as well as passwords.

If the Is Single Sign-On Enabled permission is enabled for a user, then the user credentials are authenticated through delegated authentication.

Salesforce does not store any password. Credentials are disposed of once the authentication process is complete.

Yes.

If Force Delegated Authentication Callout is selected, then Salesforce forces a callout to the gateway URL, even after a failure due to restrictions set in the profile such as IP range restrictions.

Navigate to Setup > Administration Setup > Manage Users > Delegated Authentication Error History. You will see error logs related to delegated authentication.

Request gets timed out after 10 seconds. Please see https://developer.salesforce.com/docs/atlas.en-us.sso.meta/sso/sso_tips.htm for more information.

Based On Identity Provider

Once the user credentials are verified, the Identity Provider sends any one of the following authentication status:

  • TRUE: If the user credentials are valid
  • FALSE: If the user credentials are invalid

Was this page helpful? Yes No Submitting... Thank you

Comments