Single Sign On

 SF-Core to Azure AD B2C Integration using SAML

Integrating Salesforce with Azure AD B2C using SAML allows users to log in to Salesforce using their Azure AD B2C credentials. Here is a detailed step-by-step guide to set up this integration:

Prerequisites

1. Azure AD B2C Tenant: Ensure you have an Azure AD B2C tenant set up.
2. Salesforce Admin Access: Ensure you have administrative access to your Salesforce instance.

Steps to Integrate Salesforce with Azure AD B2C using SAML

1. Configure Azure AD B2C

1. Create an Azure AD B2C Application:

   • Log in to the Azure portal (https://portal.azure.com).
   • Navigate to your Azure AD B2C tenant.
   • Go to Azure AD B2C > Applications > Add.
   • Enter a name for the application (e.g., Salesforce SSO).
   • For Redirect URI, enter the Salesforce URL where Azure AD B2C should send the authentication response (e.g., https://yourdomain.my.salesforce.com/login).

2. Create a Sign-In User Flow:

   • Navigate to Azure AD B2C > User flows.
   • Click + New user flow.
   • Select the Sign up and sign in flow.
   • Enter a name for the user flow.
   • Choose the identity providers you want to enable (e.g., Local Accounts, Social Accounts).
   • Configure the user attributes and claims you want to include in the SAML token (e.g., email, given name, surname).

3. Configure SAML in the Application:

   • Go to the application you created in Azure AD B2C.
   • Select Single sign-on.
   • Choose SAML.
   • Configure the following settings:
     • Identifier (Entity ID): This is typically the Salesforce domain URL (e.g., https://yourdomain.my.salesforce.com).
     • Reply URL (Assertion Consumer Service URL): This is typically the Salesforce ACS URL (e.g., https://yourdomain.my.salesforce.com/saml/SSO/alias/your_alias).

4. Download the Federation Metadata:

   • In the Single sign-on configuration, download the Federation Metadata XML file. This file contains the necessary SAML configuration details.

2. Configure Salesforce

1. Enable SAML Single Sign-On in Salesforce:

   • Log in to Salesforce as an administrator.
   • Go to Setup.
   • In the Quick Find box, type Single Sign-On Settings and select Single Sign-On Settings.
   • Click Edit and enable SAML Enabled.
   • Click Save.

2. Create a New SAML SSO Setting:

   • In Single Sign-On Settings, click New.
   • Enter the following details:
     • Name: A name for your SSO setting (e.g., Azure AD B2C SSO).
     • API Name: Automatically populated.
     • Issuer: The Entity ID from Azure AD B2C.
     • Entity ID: Your Salesforce domain URL (e.g., https://yourdomain.my.salesforce.com).
     • Identity Provider Certificate: Upload the certificate from the Federation Metadata XML file.
     • Identity Provider Login URL: The SAML login URL from Azure AD B2C.
     • Identity Provider Logout URL: The SAML logout URL from Azure AD B2C (if applicable).
     • Assertion Consumer Service (ACS) URL: The Salesforce ACS URL (e.g., https://yourdomain.my.salesforce.com/saml/SSO/alias/your_alias).
     • Service Provider Initiated Request Binding: Set to HTTP Redirect.
     • User Provisioning: Configure a registration handler if you want to automatically create or update users in Salesforce based on SAML assertions.
   • Click Save.

3. Configure SAML Attributes:

   • Map the SAML attributes from Azure AD B2C to Salesforce user fields. For example, map the NameID to the Salesforce username or email.
   • Ensure that required attributes such as FirstName, LastName, and Email are included in the SAML assertion.

3. Test the Integration

1. Assign Users:

   • Ensure users in Azure AD B2C are also provisioned in Salesforce, either manually or via the registration handler.

2. Test Login:

   • Log out of Salesforce.
   • Navigate to the Salesforce login page.
   • Click on the Single Sign-On (SSO) link or button (depending on your Salesforce login page customization).
   • You should be redirected to the Azure AD B2C login page.
   • Sign in with your Azure AD B2C credentials.
   • Upon successful authentication, you should be redirected back to Salesforce and logged in.

Additional Considerations

• User Attribute Mapping: Ensure that the attributes returned by Azure AD B2C are correctly mapped to Salesforce user attributes.
• Security: Use secure communication protocols (HTTPS) and handle tokens securely.
• Customization: Depending on your requirements, you might need to customize the registration handler to suit your user provisioning needs.

By following these steps, you can successfully integrate Salesforce with Azure AD B2C using SAML, enabling seamless authentication for users.

=====================================================================

SF-Core to Azure AD B2C Integration using Open ID Connect

Integrating Salesforce with Azure AD B2C using OpenID Connect allows users to log in to Salesforce using their Azure AD B2C credentials. Here’s a step-by-step guide to achieve this integration:

Prerequisites

1. Azure AD B2C Tenant: You should have an Azure AD B2C tenant set up.
2. Salesforce Admin Access: You should have administrative access to your Salesforce instance.

Steps to Integrate Salesforce with Azure AD B2C using OpenID Connect

1. Configure Azure AD B2C

1. Create an Application in Azure AD B2C:

   • Log in to the Azure portal (https://portal.azure.com).
   • Navigate to your Azure AD B2C tenant.
   • Go to Azure AD B2C > Applications > Add.
   • Enter a name for the application (e.g., Salesforce).
   • Set Web App / Web API as the application type.
   • For Redirect URI, enter the Salesforce URL where Azure AD B2C should send the authentication response (e.g., https://yourdomain.my.salesforce.com/services/authcallback/your_auth_provider_name).
   • Click Create to create the application.

2. Create User Flows or Custom Policies:

   • Navigate to User flows (or Identity Experience Framework if using custom policies).
   • Create a new user flow (e.g., Sign up and sign in) or configure existing policies as needed.

3. Register and Configure the Application:

   • Go to Azure AD B2C > Applications > Select the application you created.
   • Note the Application (client) ID and Client secret. You will need these values for Salesforce configuration.
   • Configure API permissions if necessary.

2. Configure Salesforce

1. Create an Auth. Provider in Salesforce:

   • Log in to Salesforce as an administrator.
   • Go to Setup.
   • In the Quick Find box, type Auth. Providers and select Auth. Providers.
   • Click New and choose OpenID Connect as the provider type.
   • Fill in the following details:
     • Provider Name: A name for your provider (e.g., Azure AD B2C).
     • Consumer Key: Enter the Application (client) ID from Azure AD B2C.
     • Consumer Secret: Enter the Client secret from Azure AD B2C.
     • Authorize Endpoint URL: https://<your_b2c_tenant>.b2clogin.com/<your_b2c_tenant>.onmicrosoft.com/<your_user_flow_or_policy>/oauth2/v2.0/authorize
     • Token Endpoint URL: https://<your_b2c_tenant>.b2clogin.com/<your_b2c_tenant>.onmicrosoft.com/<your_user_flow_or_policy>/oauth2/v2.0/token
     • User Info Endpoint URL: https://<your_b2c_tenant>.b2clogin.com/<your_b2c_tenant>.onmicrosoft.com/<your_user_flow_or_policy>/openid/userinfo
     • Default Scopes: openid profile email
     • Registration Handler: Select or create an Apex class for user provisioning. This class will handle the creation of new users in Salesforce based on the information received from Azure AD B2C.

2. Set up a Connected App in Salesforce:

   • Go to Setup.
   • In the Quick Find box, type App Manager and select App Manager.
   • Click New Connected App.
   • Fill in the required fields such as Connected App Name, API Name, and Contact Email.
   • Under Web App Settings, enable Enable SAML and Enable OAuth Settings.
   • Set Callback URL to https://login.salesforce.com/services/authcallback/your_auth_provider_name (replace your_auth_provider_name with the provider name you used earlier).
   • Select OAuth Scopes as needed.
   • Save the Connected App settings.

3. Test the Integration

1. Assign Users:

   • Ensure the users in Azure AD B2C are also provisioned in Salesforce, either manually or via the registration handler.
   • Assign the new authentication provider to users or profiles as needed.

2. Test Login:

   • Log out of Salesforce.
   • Navigate to the Salesforce login page.
   • Click on the link or button to log in with your new OpenID Connect provider (Azure AD B2C).
   • You should be redirected to the Azure AD B2C login page.
   • After successful authentication, you should be redirected back to Salesforce and logged in.

Additional Considerations

• User Attribute Mapping: Ensure that the attributes returned by Azure AD B2C are correctly mapped to Salesforce user attributes.
• Security: Use secure communication protocols (HTTPS) and handle tokens securely.
• Customization: Depending on your requirements, you might need to customize the registration handler to suit your user provisioning needs.

By following these steps, you can successfully integrate Salesforce with Azure AD B2C using OpenID Connect, allowing seamless authentication for users.