question

JoelAgustin-3510 avatar image
0 Votes"
JoelAgustin-3510 asked sikumars commented

IdP Initiated Sign-on on Salesforce Enterprise Application vs Salesforce Sandbox

Need some help on configuring IdP-initiated SSO with enterprise applications, particularly with Salesforce. I cannot find any documentation that confirms the Sign On URL being a required field but the tip in the attached screenshot (Salesforce-App SSO Settings.png) is confusing. It says it's unnecessary for IdP-initiated but if I clear it, it throws an error message and I can't save the configuration.


If I create my own application (or Salesforce Sandbox) and enter the same Single Sign On Parameters, the Sign On URL is optional. And using this configuration I was able to do a real IdP-initiated sign on. Refer to attached (SalesforceSandbox-App SSO Settings.png).
194330-salesforce-app-sso-settings.png194411-salesforcetest-app-sso-settings.png


azure-active-directoryazure-ad-saml-ssoazure-ad-app-management
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@JoelAgustin-3510, Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept the answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.

0 Votes 0 ·

@JoelAgustin-3510
I'd want to check in and see if you had any other questions or if you were able to resolve this issue? If you have any other questions, please let us know. Thank you for your time and patience throughout this issue.

0 Votes 0 ·

1 Answer

sikumars avatar image
0 Votes"
sikumars answered sikumars rolled back

Hello @JoelAgustin-3510,

Thanks for reaching out.

Salesforce Sandbox supports SP and IDP initiated SSO when installed through the Azure AD gallery, whereas Salesforce only supports SP initiated SSO. Therefore, you must create custom enterprise application, as shown below for Salesforce, so that the Sign on URL field becomes optional. I hope this was helpful.

196226-image.png

196256-image.png

Reference:

Salesforce: https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/salesforce-tutorial#scenario-description
Salesforce sandbox: https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/salesforce-sandbox-tutorial#scenario-description


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.



image.png (84.9 KiB)
image.png (84.5 KiB)
image.png (96.9 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.