+ Start a Discussion

Salesforce Org - Both as SP and IDP

I have this follwoing scenario . Can someone please help?

50% of employees in my org have active salesforce licenses. They log into the org via SSO through Active Directory . So in this case :

My Salesforce org is an SP (with SSO settings enabled)


AD is my Idp

Also, I have another Web Based app called "Booking Portal". I want all my Salesforce users to seamlessly log into my Booking Portal app.


How can I do this?


Can I add Booking portal as my canvas app and enable SAML ? In this case Salesforce will be my IdP . Is this doable?

There are two ways to achieve this
1. Salesforce as IDP - It will work. But you have to control Canvas App visibility to the users in Salesforce.
2. AD as IDP - It will work. AD Group can easily control who can access the app.
Both the cases will work. My personal recommendation is two so that AD Group can control the app.

Magulan Duraipandian