Delegated authentication is a feature that allows Salesforce to delegate the authentication process to an external service of your choice1. When implementing delegated authentication, you shouldconsider the following aspects2:
The authentication web service can include custom attributes, such as user roles or permissions, in the response to Salesforce. These attributes can be used to update user records or trigger workflows in Salesforce2.
Delegated authentication can be used to authenticate API clients and mobile apps that use the SOAP API or REST API login() methods. However,it does not support OAuth 2.0 flows or other authentication methods2.
Delegated authentication does not require trusted IP ranges at the User Profile level. However, you can use them to restrict access to Salesforce from specific IP addresses orranges2.
Salesforce servers receive but do not validate a user’s credentials. Instead, they pass the credentials to the external authentication service, which validates them and returns a response to Salesforce2.
Just-in-time provisioning can be configured for new users who log in with delegated authentication. This feature allows Salesforce to create or update user accounts based on the information provided bythe external authentication service3.
[References:, Delegated Authentication, Delegated Authentication Single Sign-On, Just-in-Time Provisioning for Delegated Authentication, , ]
Submit