Additional integration and instance types

Create a Salesforce Community integration

You may want to create a Salesforce Community integration if you have a Community within Salesforce. This integration uses the Portal setup to provide access to a Community subset of the Salesforce instance, where Community users are provisioned as external users.

To create a Salesforce Community integration:

  1. From Okta, go to Applications > Applications and select Salesforce.com.
  2. From the General tab in Salesforce, click Edit and then select Salesforce Community User from the User Profile & Type drop-down.
  3. Complete other settings as desired.

  4. Optionally, configure SAMLAn acronym for Security Assertion Markup Language, SAML is an XML-based standard for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP). The SAML standard addresses issues unique to the single sign-on (SSO) solution, and defines three roles: the end user, the IdP, and the SP. Here's how SAML works through Okta: SP-initiated flow: the end user requests (principally through a browser) a service from the SP. The SP requests and obtains an identity assertion from the IdP (in this case, Okta). On the basis of this assertion, the SP can decide whether or not to authorize or authenticate the service for the end user. IdP-initiated flow: with Okta as the IdP, an end user goes to the Okta browser and clicks on an app, sending a SAMLResponse to the configured SP. A session is established with the SP, and the end user is authenticated. 2.0.

    You can configure SAML 2.0 settings to allow Community users to automatically log in to Salesforce. Unlike the existing Salesforce Customer Portal appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in., a separate SAML configuration is used.

    1. Click View Setup Instructions and follow the SAML setup instructions.
    2. Set the login URL to the Community Login URL for your Community.

      See the Salesforce Single Sign-On Settings page under Endpoints.

      Secure Web AuthenticationAuthentication is distinct from authorization, which is the process of giving individuals access to system objects based on their identity. Authentication merely ensures that the individual is who he or she claims to be, but says nothing about the access rights of the individual. Authentication methods and protocols include direct auth, delegated auth, SAML, SWA, WS-Fed, and OpenID Connect. (SWAAn acronym for Secure Web Authentication. SWA is a SSO system developed by Okta to provide single sign-on for apps that don't support proprietary federated sign-on methods or SAML. Users can enter their credentials for these apps on their homepage. These credentials are stored such that users can access their apps without entering their credentials each time. When users first sign-in to a SWA app from their homepage, they see a pop-up message asking if they were able to sign-in successfully.) login is not supported for communities.

  5. From the ProvisioningProvisioning is the enterprise-wide configuration, deployment, and management of multiple types of IT system resources. Specifically, provisioning provides users access to equipment, software, or services. This involves creating, maintaining and deactivating required business process automation objects and attributes in systems, directories, and applications. tab, specify the Salesforce account ID for provisioned users and the type of Community users to import.

    As part of provisioning a new Community user, Okta creates a new contact in Salesforce associated with the Salesforce account. This new contact contains the user's name and email address. This contact is necessary because Community users in Salesforce must be associated with a contact.

    1. Go to SETTINGS > To App and with the Create Users provisioning option enabled, complete the Salesforce Account ID field with the Community user's contact that will be associated with Salesforce.

    2. Go to SETTINGS > To Okta and select Import "Customer" users or Import "Partner" users, or both, and then click Save.

  6. Complete the application setup as desired.

Create a Salesforce Portal integration

You may want to create a Salesforce Portal integration if you're using a portal in Salesforce. This integration uses the Portal setup to provide access to a Portal subset of the Salesforce instance, where Portal users are provisioned as external users.

To create a Salesforce Portal integration:

  1. From Okta, go to Applications > Applications and select Salesforce.com.
  2. From the General tab in Salesforce, click Edit and then select Salesforce Portal User from the User Profile & Type drop-down.
  3. Enter your Salesforce organization ID, portal ID, and optionally the site URL.
  4. Complete other settings as desired.

  5. Optionally, configure SAML 2.0.

    You can configure SAML 2.0 settings to allow Community users to automatically login to Salesforce. Unlike the existing Salesforce Customer Portal app, a separate SAML configuration is used.

    1. Click View Setup Instructions and follow the SAML setup instructions.
    2. Set the login URL to the Salesforce Login URL.

      See the Salesforce Single Sign-On Settings page under Endpoints.

      Secure Web Authentication (SWA) login is not supported for communities.

  6. From the Provisioning tab, specify the Salesforce account ID for provisioned users and the type of Portal users to import.

    As part of provisioning a new Portal user, Okta creates a new contact in Salesforce associated with the Salesforce account. This new contact contains the user's name and email address. This contact is necessary because Portal users in Salesforce must be associated with a contact.

    1. Go to SETTINGS > To App and with the Create Users provisioning option enabled, complete the Salesforce Account ID field with the Portal user's contact that will be associated with Salesforce.

    2. Go to SETTINGS > To Okta and select the user types you want to import.

  7. Complete the application setup as desired.

Enable the Salesforce Government Cloud feature

The Salesforce Government Cloud feature enables you to create instances of Salesforce that can integrate with Salesforce Government Cloud.

To enable the Salesforce Government Cloud feature:

  1. From Okta, go to Applications > Applications and open the Salesforce app.
  2. Click the General tab and then Edit.
  3. From the InstanceAn instance, or computer instance, is a virtual machine (VM) or individual physical computer, used to host a software appliance. Type drop-down, select Government.

  4. Specify your custom domainA domain is an attribute of an Okta organization. Okta uses a fully-qualified domain name, meaning it always includes the top-level domain (.com, .eu, etc.), but does not include the protocol (https). in the Custom Domain field.

    A Salesforce instance can have a custom domain, and an Okta integration with Salesforce can be setup to use that custom domain. But a Salesforce instance does not require a custom domain.

    In order for the government instance type to work with Okta Provisioning, you must configure a custom domain for the Salesforce instance.

Top