function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion

Delegated Authentication username mapping

Can someone explain how delegated authentication works / should be configured with respect to the following scenario.


Company A has a user stored in AD with username "firstname.surname".


Company A has setup delegated authentication in salesforce and mapped the Delegated Gateway url to an externally exposed web service that can authenticate users against their AD.


Since Company A cannot create a salesforce user with username firstname.surname (someone else in a different SF org is using this username) we create a salesforce username of format


User with username firstname.surname naviagtes to and types in firstname.surname as their username and types in their AD password. 


How does salesforce know that this user should be authenticated via delegation authentication? i.e. if there is a real salesforce user with username firstname.surname for an completely different org why doesn't salesforce return an invalid password error?


How can we map AD usernames to salesforce users?



Best Answer chosen by Admin (Salesforce Developers) 

It doesn't, it only knows about salesforce usernames, the user would have to type in, then when it gets to your DA listener, it would have to be able to map that back to the AD username.


you may find the newer SAML based SSO to be a better fit for you.