IT Hub

Salesforce Single-Sign-On: What You Need To Know

Reco Security Experts
May 29, 2024
May 29, 2024

Salesforce has a feature that allows you to spend less time managing passwords. It helps your employees save time by allowing them to log in without manually doing so, and it also allows them to manage access to sensitive information from one place.

It’s called the Single Sign-On (SSO) feature in Salesforce. Let’s explore this subject in more detail in this article.

What is a Single Sign-On?

You’ve probably already used the Single Sign-On (SSO) feature without knowing its name. If you’ve used your Gmail to automatically sign in to multiple applications without inputting your password or username, then you’ve used an SSO!

SSO in Salesforce is an authentication mechanism configured to give users access to multiple applications with just one set of login credentials. It is like you can access multiple rooms with one type of key. One sign-in action grants you access to multiple applications, and you need not remember numerous usernames and passwords.

How to Create a Single Sign-On in Salesforce

To enable the SSO, you need to go to the Single Sign-on Settings from the Set-Up navigation option.

Click the edit button and Enable SAML.

Next, create a new SAML Single Sign-On Setting by clicking the “New” button.

Since this setting will require an issuer, it is important that you know your service provider beforehand. For our guide, we will use https://axiomsso.herokuapp.com. This link will also be our URL.

Next, upload your Identity Provider Certificate. For our test, click SAML Identity Provider & Tester and download the certificate.

Then, you need to input your entity ID. The entity ID is simply the URL of your Salesforce Org. By the end of your configuration, your web page should look like this:

Next step is to generate a SAML response.

Next, you will be presented with a webpage like the one below, input the following details in them:

  • SAML Version: 2.0
  • Username or Federated ID: The Federation ID from the user’s Salesforce User page.
  • Issuer: https://axiomsso.herokuapp.com
  • Recipient URL: The URL from the Salesforce SAML Single Sign-On Settings page. It’s at the bottom of the page (in the Endpoints section) labeled Login URL.
  • Entity ID: The Entity ID from the Salesforce SAML Single Sign-On Settings page.

Test what you have done by clicking the “Request SAML Response” button. You should have something like this:

… and you are done!

Advantages of Salesforce Single Sign-On

  1. Single Sign-On helps the Salesforce Administrator spend less time managing passwords, thereby giving them more time to focus on more important tasks.
  2. Single Sign-On helps users save time by eliminating the need to manually log into Salesforce constantly.
  3. With the right configuration of Single Sign-On, more users can easily use Salesforce since they do not have to log in whenever a link from Salesforce is sent to them.
  4. Single Sign-Ons helps minimize the number of passwords to remember and the likelihood of users changing passwords multiple times.

Types of Salesforce Single Sign-On

  1. Inbound SSO: This type of SSO allows users to log in to another app, like an on-premise app, and then gain access to Salesforce without inputting their passwords and usernames.
  2. Outbound SSO: With this type of SSO, users can log in to Salesforce and access other services without logging into them.


Single Sign-On is one of Salesforce's easiest yet broadest topics. To excel, Salesforce Administrators should read widely and practice hands-on with multiple scenarios. Trailhead is the recommended resource for Salesforce Administrators willing to learn more about Single Sign-On.

Explore More
See more articles from our Hub