Create a Salesforce Portal integration
If you're using Salesforce portals, you can create an Okta integration to provide access to a Portal subset of the Salesforce instance, where Portal users are provisioned as external users.
When a new Portal user is provisioned, Okta creates a new contact in Salesforce associated with the Salesforce account. This new contact contains the user's name and email address. This contact is necessary because Portal users in Salesforce must be associated with a contact.
- On the Okta AdminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. Console, click Applications.
- In the search field, enter Salesforce and click Salesforce.com.
- Click the General tab and click Edit in the AppAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. Settings section.
- Complete these fields:
- User Profile & Type: Select Salesforce Portal User.
- Organization ID: Enter your Salesforce organization ID.
- Portal ID: Enter the Salesforce portal ID.
- Click Save.
Optional. Configure SAMLAn acronym for Security Assertion Markup Language, SAML is an XML-based standard for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP). The SAML standard addresses issues unique to the single sign-on (SSO) solution, and defines three roles: the end user, the IdP, and the SP. Here's how SAML works through Okta: SP-initiated flow: the end user requests (principally through a browser) a service from the SP. The SP requests and obtains an identity assertion from the IdP (in this case, Okta). On the basis of this assertion, the SP can decide whether or not to authorize or authenticate the service for the end user. IdP-initiated flow: with Okta as the IdP, an end user goes to the Okta browser and clicks on an app, sending a SAMLResponse to the configured SP. A session is established with the SP, and the end user is authenticated. 2.0 to allow Portal users to automatically log in to Salesforce:
- Click the Sign On tab and click Edit in the Settings section.
- Click View Setup Instructions, and follow the SAML setup instructions.
On the Salesforce Single Sign-On Settings page under Endpoints set the login URL to the Community Login URL for your Community.
Click the ProvisioningProvisioning is the enterprise-wide configuration, deployment, and management of multiple types of IT system resources. Specifically, provisioning provides users access to equipment, software, or services. This involves creating, maintaining and deactivating required business process automation objects and attributes in systems, directories, and applications. tab and select To App in the SETTINGS list.
- Click Edit, select the Create Users check box, and enter the ID of the Salesforce account in the Salesforce Account ID field.
- Click Save.
- Select To Okta in the SETTINGS list.
- Click Edit and select the check boxes applicable to your configuration. You can select Import "High Volume Portal" users, Import "Customer Portal User" users, Import "Customer Portal Manager" users, or Import "Partner" users.
- Click Save.