You need to sign in to do that
Don't have an account?
Chris Toews 9
Monitor SAML SSO logins
I'm looking for a way to monitor whether SAML logins are being used
background:
I'm supporting multiple orgs, each org having its own people administering Salesforce.
I'm looking for a way to monitor that SAML logins are being used in these orgs. I want to make sure that the admins don't turn off the SSO, and that the users don't bypass SSO by going to login.salesforce.com (which i can shutoff, but the admins can uncheck), or by going to https://mydomain.my.salesforce.com/?login (which bypasses SSO restrictions)
I know there are reports that can be run to look at logins, but it will be impractical for me to log into each org to run reports to look at logins. I need a method to automatically look at multiple orgs and notify me of offending logins.
What I currently have setup:
I have Heroku setup with Heroku Connect pulling Salesforce data into a postgres database.
I am syncing two tables for this purpose: authsession, and user.
After some testing, I found that when a user logs in with SSO, the logintype ="SAML Sfdc Initiated SSO".
If the user was using Salesforce1, the logintype = "Remote Access 2.0" and the sessiontype = "Oauth2"
If the user logged in with login.salesforce.com (what i want to monitor) logintype = "Application" and sessiontype = "UI"
So to find the offending logins, where SSO was not used I ran the following query:
Thanks,
Chris Toews
background:
I'm supporting multiple orgs, each org having its own people administering Salesforce.
I'm looking for a way to monitor that SAML logins are being used in these orgs. I want to make sure that the admins don't turn off the SSO, and that the users don't bypass SSO by going to login.salesforce.com (which i can shutoff, but the admins can uncheck), or by going to https://mydomain.my.salesforce.com/?login (which bypasses SSO restrictions)
I know there are reports that can be run to look at logins, but it will be impractical for me to log into each org to run reports to look at logins. I need a method to automatically look at multiple orgs and notify me of offending logins.
What I currently have setup:
I have Heroku setup with Heroku Connect pulling Salesforce data into a postgres database.
I am syncing two tables for this purpose: authsession, and user.
After some testing, I found that when a user logs in with SSO, the logintype ="SAML Sfdc Initiated SSO".
If the user was using Salesforce1, the logintype = "Remote Access 2.0" and the sessiontype = "Oauth2"
If the user logged in with login.salesforce.com (what i want to monitor) logintype = "Application" and sessiontype = "UI"
So to find the offending logins, where SSO was not used I ran the following query:
select usr.username, usr.federationidentifier, auth.logintype, auth.sessiontype, auth.createddate, auth.lastmodifieddate from myschema.authsession auth left join myschema.user usr on auth.usersid = usr.sfid where auth.parentid is null and auth.logintype = 'Application' and auth.sessiontype = 'UI' order by auth.createddate descI'm wondering i this is going to catch all logins that don't use SSO, and if there is an easier way to do what I'm trying to do.
Thanks,
Chris Toews
If you want to list down the users not using the SSO, then filter your query with the logintype !="SAML Sfdc Initiated SSO". Using that list just compare with the orginal user table to get the user name and other details. You can able to get the browser, application, IP address and other information related to login in the Login History object
Check this link for more details about the LoginHistory Object - https://developer.salesforce.com/docs/atlas.en-us.api.meta/api/sforce_api_objects_loginhistory.htm