Use Salesforce as an Identity Provider

I’m hoping someone can point me in the right direction to figure out how I can use Salesforce as an Identity Provider (IDP) with my app being a Service Provider (SP).

I was able to figure out how to authenticate using OAuth2 from Bubble into Salesforce which solves half of my problem. The other half is figuring out how to use Salesforce as the trusted service to authenticate the user.

Would OpenID or SAML be an option? There are services like PathFix and Auth0 but they don’t quite fit this common use case, starting with neither of them supports Salesforce for authentication.

I am exploring ways to integrate with Salesforce as well and came across your question. I reposted the question to Chat GPT and this is what it said:

To use Salesforce as an Identity Provider (IDP) with your app being a Service Provider (SP), you will need to set up and configure Salesforce to support the SAML 2.0 protocol for single sign-on (SSO). This will allow users to authenticate with Salesforce and access your app without having to enter their login credentials separately.

Here are the general steps you can follow to set up Salesforce as an IDP for your app:

  1. In Salesforce, go to the Setup menu and search for “Single Sign-On Settings” in the Quick Find box.
  2. In the Single Sign-On Settings page, click on the “Edit” button and select the “SAML Enabled” checkbox.
  3. In the SAML Single Sign-On Settings section, enter the following information:
  • Entity ID: a unique identifier for your app
  • ACS URL: the URL of your app where Salesforce will send the SAML response
  • Name ID Format: the format of the user’s identifier that will be sent in the SAML response
  • SAML Issuer: the name or identifier of your app
  1. In the Identity Provider Certificates section, click on the “Upload Certificate” button and select the certificate file that was generated for your app. This certificate will be used to sign the SAML messages sent by Salesforce.
  2. In the Identity Provider Login URL field, enter the URL of your app where users will be redirected to log in to Salesforce.
  3. In the Service Provider Initiated Request Binding field, select the binding method that will be used to send the SAML request from your app to Salesforce. This will typically be the HTTP-POST binding.
  4. Save the settings and test the SSO setup by logging in to your app and verifying that you are able to authenticate with Salesforce and access your app.

Note that this is a general outline of the steps you can follow to set up Salesforce as an IDP for your app. The specific details and implementation will depend on your specific requirements and the configuration of your Salesforce and environments. You may need to consult the Salesforce documentation and the API reference for more detailed instructions and guidance.

Hi @renelonngren
This is partially correct, it describes how to setup salesforce as an IDP for any app (I think you would first need to set up a connected app like described here

From the Bubble side you would need to setup your application as an SP, I created a plugin that allows you to do it. Here are the full instructions: How To Setup SAML 2.0 SSO In Bubble)


1 Like