If you're using Salesforce Communities, you can create a Salesforce Community integration to provide access to a Community subset of the Salesforce instance and provision Community users as external users.
When a new Community user is provisioned, Okta creates a new contact in Salesforce associated with the Salesforce account. This new contact contains the user's name and email address. This contact is necessary because Community users in Salesforce must be associated with a contact.
Secure Web Authentication (SWA) login is not supported for communities.
In the Admin Console, go to Applications > Applications.
- In the search field, enter Salesforce and click Salesforce.com.
- Click the General tab, click Edit and then select Salesforce Community User from the User Profile & Type drop-down.
Optional. Edit other settings and click Save.
Configure SAML 2.0 to allow Community users to automatically log in to Salesforce:
- Click the Sign On tab and click Edit in the Settings section.
- Click View Setup Instructions, and follow the SAML setup instructions.
On the Salesforce Single Sign-On Settings page under Endpoints set the login URL to the Community Login URL for your Community.
Click the Provisioning tab and select To App in the SETTINGS list.
- Click Edit, select the Create Users check box, and enter the ID of the Salesforce account in the Salesforce Account ID field.
- Click Save.
- Select To Okta in the SETTINGS list.
- Click Edit and select either the Import "Customer" users or the Import "Partner" users check boxes or both.
- Click Save.