Where to specify the URL that you want users to be brought to once they are authenticated (Azure-SF SSO)?

Ricki R 1 Reputation point
2020-07-22T19:44:53.373+00:00

Hi Everyone,

Apologies for the very basic question, but I just want to ensure I am clear on what I need to do in order to achieve my business requirement. An organization I am working with is using Azure to allow for users to use SSO to access both a production org. in Salesforce, as well as a "playground" sandbox org. in Salesforce. They use their Microsoft credentials and are able to access Salesforce with this. However, when they log in, Salesforce automatically takes them to the last opened record instead of the basic homepage - which is what the organization wants.

I initially tried updating the "Sign On URL" however this did not work consistently and was not redirecting me to the homepage when I was authenticated and successfully logged into Salesforce via SSO - instead it is directing me again to the last opened record (i.e. some opportunity record or account record that I was last viewing when logging out of Salesforce last). Upon reading some documention, I realized that I needed (I think) to update the "Reply URL" however upon doing so I got an error message saying that the Reply URL needed to match the configuration in the application code - which leads me to believe I basically need to recreate the application in Azure and set the desired URL that users are taken to post-authentication from the get-go before downloading the certificate and setting it up in Salesforce.

Can anyone offer some insight on this? The domain for the application related to the "Playground" sandbox would be https://orgs-instance--playground.my.salesforce.com/ however, I want to make it so users are brought to: https://orgs-instance--playground.lightning.force.com/lightning/page/home upon successful login/authentication.

Thanks in advance for any and all help,

Ricki

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,428 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. KAREDD-MSFT 406 Reputation points Microsoft Employee
    2020-07-22T23:22:33.92+00:00

    I am assuming Salesforce is integrated with Azure AD using SAML protocol. In this scenario, Azure AD normally sends the assertion/ SAML token to the reply URL configured in Azure AD.

    SP can send a custom url to Azure AD in the SAML request as well using the attribute: AssertionConsumerServiceUrl . This has to match the reply URL field and you can have more than one Reply URL configured in Azure AD.

    For your scenario, you can check if salesforce can send the homepage URL in the request using AssertionConsumerServiceUrl attribute. If they can send it then you should be able to add this value in the Single-sign-on settings blade from Azure Portal.

    Ref: https://learn.microsoft.com/en-us/azure/active-directory/develop/single-sign-on-saml-protocol#authnrequest
    13383-image.png

    1 person found this answer helpful.
    0 comments