SSO with SalesForce.com

Question

We want to do SSO with Salesforce.com. From their documentation, we found this option 'Delegated authentication' to suit our needs. Basically, when given a user name and password, Salesforce.com would initiate a web service call to the original organization to get it validated.

We are thinking of implementing this the following way - Our users would log in into our system with user id and password, we would get them authenticated. Then when they have to access Salesforce.com, we would supply the username and the cookie(that we got from the authentication) to Salesforce.com which would then pass these in the web service call to our organization and we would be able to validate the user using this cookie.

Has anyone tried/heard of this approach? Are there any known limitations. Any help would be appreciated.

Answer 1

Well yes, it is a common approach when you're using delegated auth, the main issue is if your DA listener accepts only authentication cookie, logging into Salesforce via applications rather than a website isn't possible. Your DA listener can be written to accept either an auth cookie or a password and work that way or look into a newer SAML-based SSO features which several apps support now.

To learn in-depth about Salesforce, sign up for an industry-based Salesforce Certification!