Just a couple notes for those who are trying this from scratch that were not shown here. - At the very beginning after you enable SF as an Identity Provider, you may need to create the certificate that you will use before you go to the screen shown here at 6:50, pretty simple - When you enter the "Metadata URL" and click Create, you may get an error about Remote Sites. You'll just have to create a Remote Site with the appropriate page details before you can "Create" from the SSO from Metadata URL. But you'd probably figure it out anyway, as most people seem to have. Just thought I'd mention it. Thank you Jennifer and Gorav!
Before you start implementing it please make sure to check if your certificate is not expired. I haven`t checked and it broke our Single Sign On, users couldn`t log in until I have found valid certificate and updated it.
This is awesome! I can't tell you how many QA sessions have been cut short or overlooked because of the hassle of getting less technical users logged into a new environment. We're currently in a refresh freeze until Summer '22 goes GA. Any thoughts on how to make this connection persist through a sandbox refresh? SSO settings would surely have to be re-built. Will all of the URLs and Ids also change, or is it just a matter of "reconnecting" the connected app to identical default settings?
Is it still possible to do this if you don't use SF as the Identity Provider? We have SSO setup with Microsoft ADFS in our production environment but I would not be able to setup sandboxes using it
Worked like a charm. AWESOME!!!! We were going to try and create a whole different profile for [BETA Users] now we do not have to. :) :( One concern is the error message on log-out. "We are unable to log you out. Please contact your administrator for more information" from address bar _nc_external/identity/logout/SingleLogoutError is this because a there is no log-out URL?
Same as the folks before me and after me that watch this video .. WOW... user and MFA requirement just got alot easier. THANK for such a step by step explanation!
I had a question about encrypting the certificate, I went to Gorav's site and he explained it, however, what was not clear is if the cert should be a "Create Self Signed Cert" or a "Create CA signed Cert" Does anyone know?