function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion

SSO - Using Salesforce as the IDP

There is lots of good information on about SSO and Salesforce as the service provider but I can't find any information on using Salesforce as the identity provider to another service. I would like to be able to use my salesforce user and contact objects as my identity store for an outside application. Can it be done? Do I have to role my own SAML SSO service within Salesforce to get the job done? What kind of license agreement issues would I have to deal with?


Any thoughts?


I am also searching for information about having Salesforce serve as the federated SAML Identity Provider for external web applications.  I would like to know if this is even an option so I can present it to my team at our upcoming planning meeting.


If I find anything, I'll post it back here.




Hello Tim,


Ping Identity allows you to use as the IdP for SAML secure Internet SSO.  I am happy to discuss this with you further, please give me a call at my direct line below. as IdP for SSO


See what Ping Identity Customers are saying about PingFederate!


Kyle Meinhold  |  Sales Associate
PingIdentity  |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
O: 720.317.2083  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -



Connect with Ping
Twitter: @pingidentity
LinkedIn Group: Ping's Identity Cloud 

Connect with me




Salesforce cannot currently generate Federation standards therefore cannot act as a sole IDP. You need a robust service that can authenticate your users, be your IDP, then give access to the all the applications, SP's like SFDC,  that users are accessing on a daily basis. myOneLogin offers Strong Authentication and access to both Federated and Non-Federated applications. Let me know if you have time early next week to discuss this further.






Rory J. Quick

Manager of Security Development

TriCipher, Inc.

750 University Ave. Suite 260

Los Gatos, CA  95032

Direct Line +1-650-376-8326

Cell + 1-408-472-9444

YAHOO rory.quick

Follow me on Twitter: myonelogin

Become a Fan on Facebook: myOneLogin


The closest you can get to Salesforce being the IdP is to login to a Single Sign-On service with your username and password, then get direct access to not only, but many other SaaS applications without the need to enter more credentials. This is what's possible with Symplified's Cloud Access Management product using Identity Vault Please contact if you'd like to discuss further. Thanks.


Hey Tim / Carlln,


Were you able to figure out a means to do this, please post your comments. Greatly appreciate you time.


Thank you.


hey kvin-


My understanding from Chuck is that IdP support is in beta -- it may be included in the winter release.




Can anyone confirm SFDC's capabilities as an IdP? This appears to have been implemented as part of the current (Winter '11) release; however, much of the existing SFDC documentation relates to using an external IdP and setting up SFDC as an SP.


Echoing swestenzweig's query... is there support for Salesforce playing the role of identity provider?  If so, can you provide a link to the documentation?





Never mind... found it.


Hello Franklyn,


Here is a link to some documentation you may find helpful. I am happy to discuss further. 


SSO using as the IDP


Best Regards,


Kyle Meinhold

Sales Associate

Ping Identity





I am trying to Implement salesforce as Identity provider and external website as service provider .

My requirement is to enable login to salesforce as well as private area of external website using salesforce credentials at external website and that credentials should validate against the database of salesforce using IDP feature of salesforce.

I have setup all the details inside the salesforce but not able to bring the login page to send request inside salesforce from external website to validate credentials.

Please help me regarding salesforce as Identity provider.


Hello Pragya,


I am happy to discuss this with you further. If you would like I can be reached at 720-317-2083. 


Best Regards,


Kyle Meinhold

Sales Associate

Ping Identity


Yaa I would like to dicuss this with you , please let me know when I can call you tommorow



I am available 8:30am-5:30pm (MDT), Monday thru Friday. Please feel free to give me a call at your earliest convenience.



Office: 720-317-2083


Hi Tim -


Yes, Symplified can help you easily leverage as an store.  I can provide you a more detailed explanation.  At what number can I contact you?  I can be reached at (303) 318-4165.  Cheers - Ken


Hi Pragya - Symplified can certainly help with this.   We have a unique appproach to helping companies like yours solve this problem.  At what number can I contact you to provide you more details?  I can be reached at 303.318.4165.  Cheers - Ken


Hi Franklyn,


Would you mind sharing the link with us too?







just curious: Where did you find this info?


Hi I have been following this discusssion board and searching for Salesforce as idp and pentaho Business intelligence with CAS as Service provider is possible?


I looked for different blogs but couldn't find the exactly whether this is feasible or not. I am basically trying to achieve if I login for salesforce then it shouldn't ask me for authentication when I go for Pentaho BI.


Was there any progress on this topic ?


HI All...


Please can anyone provide me the step to defince SSO Circle as Identity provider and where as Salesforce as a service Provider....


Thanks.. in advance....