We need to create the Connect App for Salesforce SSO. A connected app is a framework that enables an external application to integrate with salesforce using APIs and standard protocols, such as SAML, OAuth, and OpenID connect. Connected Apps use these protocols to authenticate, authorize, and provide single sign-on (SSO) for external apps.
The external apps that are integrated with Salesforce can run on the customer success platform, other platforms, devices, or SaaS subscriptions.
For example, when you log in to your Salesforce mobile app and see your data from your Salesforce org, you’re using a connected app.
By capturing metadata about an external app, a connected app tells Salesforce which protocol—SAML, OAuth, and OpenID Connect—the external app uses, and where the external app runs. Salesforce can then grant the external app access to its data, and attach policies that define access restrictions, such as when the app’s access expires. Salesforce can also audit connected app usage.
How Can My Salesforce.Org Use Connected Apps?
- Access Data with API Integration
- Integrate Service Providers with Salesforce
Access Data with API Integration:
When developers or independent software vendors (ISV) build web-based or mobile applications that need to pull data from your Salesforce org, you can use connected apps as the clients to request this data. To do so, you create a connected app that integrates with Salesforce APIs.
Integrate Service Providers with Salesforce:
When Salesforce acts as your identity provider, you can use a connected app to integrate your service provider with your org. Depending on your org’s configuration, you can use one of these methods.
Use a connected app with SAML 2.0 to integrate a service provider with your org. Salesforce supports SAML single sign-on (SSO) when the service provider or the identity provider initiates the flow.
What Role Do I Play with Connected Apps?
To put it simply, developers create and configure authorization flows for connected apps, and admins set policies and permissions to control connected app usage. But there’s much more to each role.
- Connected App Developer
- Connected App Admin
The steps to use a connected app:
There are some steps you need to follow. These steps are described below:
- 1. Domain Setup
- 2. The profile must access User Object
- 3. Connected App Setup
Domain Setup Steps:
Go to Setup -> Quick find box -> Domain Management -> Click Domains -> Create New Domain (If not exists already)
In my case domain name is : gst-idp-dev-ed
Profile Access User Object
The profile you are using for any user it can be any which has access to the User.
- For Example here is one profile “Standard User”. By clicking on this profile you can add users to this profile.
Setup -> Quick find Box -> Profiles -> Standard User profile -> Click Standard Users or any other profile.
Add external users to any profile, for example, I am working on Standard User.
- Or while you are creating a user you can assign this profile to User.
Click on Assigned Users
Click on New User and then add users
- Or you can create a new custom profile which must access user object and then use it.
Setup -> Quick find Box -> Create new User or Edit Existing User -> Assign Standard User Profile or the Custom Profile you have created.
for custom Go to:
Setup -> Quick find Box -> Profiles -> Create New Profile with Users Access Permission.
Connected App Setup Steps:
Setup -> Quick Find Box -> Manage Apps -> Connected App -> Create Connected App
In my case app label is GST_IDP you can give any name and version.
Details inside Connected App:
Consumer Key and Consumer Secret are generated by Salesforce itself.
GST System Calling API
Access your basic information (id, profile, email, address, phone)
Full access (full)
This URL will be used by GST System.
Selected OAuth Scopes:
The domain name will be replaced by site URL, using that they will access the application
1. This will return Consumer Key and Consumer Secret
2. Then we need to pass consumer key, consumer secret, and domain name to .net API as parameters.
Note: Whenever you do integration with any other site using API, you need to set the site URL in remote site settings.