How to Setup Social Single Sign On in Salesforce

On this tutorial. I’ll walk through to the steps needed to setup Social Single Sign On with LinkedIn to Salesforce.

Do the following Salesforce steps first then we run over next LinkedIn steps.

Login to Salesforce and go to Setup and search for Auth Provider

When creating an Auth Provider – you can have Salesforce auto manage the values for a Auth Provider.

    • Select the Provider and Provide Name and URL Suffix
    • On the Registration Handler section click on Automatically create a registration handler template – you would need to edit this later
    • Hit Save.
    • Create an Account, then make sure the Account Owner has a role assigned
    • Next, let’s edit the AccountHandler auto generated for us.
    • You can grab the code from github and replace the handler – https://github.com/olopsman/salesforce-identity-registration-handler/blob/master/RegistrationHandlerTemplate
    • Update the following Constants to match your org and Community Profile name

private static final String ORG_SUFFIX = '.sso.dang.org';
private static final String DEFAULT_ACCOUNTNAME = 'Dang Channel';
private static final String EXTERNAL_USER_PROFILE = 'Customer Community User';

  • Next go to Communities Setup and for members grant the profile access to the community
  • Next to to Login and Registration and enable the LinkedIn or social sign on platform you want to configure.
  • Then finally copy the community URL

 

Next would be to create an application in your Social account LinkedIn. The steps would be similar for other like Google, Twitter and Facebook. Go developer.linkedin.com and create an App.

Give your name and app and fill in the required fields. Paste the community URL to the website URL so after authentication it knows where to redirect the page.

 

Note: you will notice that creating an app also creates a consumer key and secret, since we left these values blank in Salesforce as this was auto managed for us. You can copy the consumer key and secret to the Auth Provider section if you want to override this.

Go to your community URL and you should see LinkedIn option to login. Click on that to login to LinkedIn and authorize Salesforce to access your info. After authorization you would be redirected back to the community logged in. And bedind the scenes you have been created as a contact and user in Salesforce.

Notes on Provisioning Communities Users in Salesforce

I learned the different methods to provision external users in Salesforce.

* You can create Customers and Partners

* depending on account type you can create certain users
* personaccount and contact – customers
* account – partner/customer
* Account owner must have a role
* You can manually create contact and enable as customer or partner
* Partners have roles when enabled
* You can self register

* assign the profile in setup or
* assign in the selfregister code this overrides the setup
* assign the role
* assign the account
* You can sign up via API using the following methods

* createPortalUser
* createPersonAccountPortalUser
* Social sign on to provision a user –
* You can Just in time provision using SAML

* combine saml with more attributes and SSO to provision a user
* SAML Subject NameId as the Federation ID
* does not work for PersonAccount
* Contact email must be unique accross all even none external users
* account name and number must be unique or causes duplicate error
* Data loader
* Bulk Provisioning via API

* use same api methods – can you pass bulk here? api limits apply
* Identity Connect with Active Directory

https://developer.salesforce.com/blogs/developer-relations/2014/06/how-to-provision-salesforce-communities-users.html

Share and Learn Something New Everyday – Single Sign On with Mobile SDK and Salesforce Identity

So I’m putting this post out there to motivate myself to share something everyday till 2019. Teach something that I know or have learned with regards to Salesforce development, web development or stuffs related to technology in general, big, small or  just my study notes.
I’m prepping up to seat down the Identity and Access Management Designer for Salesforce so I have quite a bit to share.
To start I learned yesterday how easy to implement single on on mobile application on the Salesforce Identity.
  • Enable My Domain and deploy to your users
  • Create a New Single Sign-On Settings
  • Exchange metadata with an Identity Provider
    • Get the Issuer URL
    • Load the Certificate
    • SAML Identity Type as Federated ID
    • Identity Login URL
    • Entity Id
  • Enabled Single Sign On
  • Edit My Domain to Edit the Login Settings and select the new Authentication Service
  • Go back to the App and edit the Policy for users who will have access to this app
  • Use profiles or permissions set to assign this app
Go to your my domain and on the Salesforce Login screen you should see the new Authentication Service.
I also learned how easy to use the Salesforce Mobile SDK.
  • Configure an App to give you the consumer key and secret, set a callback url
  • On the command line type forceios create
  • Select native, hybrid, hybrid_local
  • Note the package name
  • Add the connect app consumer key and secret
  • To enable the Single sign-on
  • Edit the plist on the Supporting Files
  • Update SFDCOAuthLoginHost to the custom my domain url
  • Launch the simulator and you be prompted to login your IDP
  • You get redirected back to Salesforce after successfully logging in
  • That easy to setup Single Sign-on
Next to Publish the app
  • On Xcode to Product > Archive to generate the .ipa
  • Select Export and choose Adhoc
  • Next make sure to match the xcode settings to the connected app settings for mobile
  • Select the private app to upload the .ipa file
Get the Private AppExchange from AppExchange
  • Create a listing for the new application
  • Then using your mobile device grab the app from the listing to install it
Watch the dreamforce session here. https://www.youtube.com/watch?v=W3okdu8nJHY
That’s it for the first share.  Watch out for my next post.

First Architect Certification. My Tips and Takeaways from the Integration Architecture Designer Examination

I’ve been holding off taking the Architect exams until I got the Platform Devoper II done and dusted which I did last month. This is my first ever Architect certificate. I’ve set out a journey to be a Certified Technical Architect #journeyToCTA,  the pinnacle of Salesforce Certification.  I have a lined up my certification goals for the coming months.

I recommend having implemented at least a data integration or system integration project before sitting down this exam. Same with other exams its 60 + 5 extra questions.. 105 minutes allotted and passing score of 67%.  Questions are 80+% scenario based, take your time reading through them, I only had 12 mins spare.

Here is how I prepared for the Integration Architecture Designer exam.

  • Grab Certification Exam Guide
  • Download the Integration Architecture Resource Guide
  • Focus on the following
    • Do the Data Integration Superbadge
    • Outbound Messaging (features, limitations, use of callbacks)
    • SOAP API (When to use, contract-first, limits, Enterprise and Partner WSDL, getting deltas, data replication, limits)
    • REST API
    • Bulk API (lots of questions, LDV, parallel, serial)
    • Streaming API
    • Metadata API
    • Integration Patterns (lots of scenarios)
      • Remote Call Invocation – Request and Reply
      • Remote Call Invocation – Fire and Forget
      • UI Update on Data Change
      • Batch Synchronization
    • Continuation and Long Running Calls
    • Visualforce
    • Canvas Apps
    • Apex Web Services
    • Apex REST API
    • Named Credentials ( Per User)
    • Concurrent Requests
    • API Limits
    • Middleware (lots of questions, orchestration, when to recommend, change data capture, ETL, MDM)
    • Security ( TLS, Certificates, Base64 encoding)
    • Einstein Analytics(Dataflow, data source)
    • Mock Test Classes (Static resource)
    • UAT, Testing and Perfomance
    • Authentication (Session ids, OAuth)
    • Matching and Duplications Rules
    • Lightning Connect (as per Summer 18, some features are already possible eg. write)
    • Enterprise Architecture(Queueing, Messaging, ESB)

Links and Resources

https://trailhead.salesforce.com/en/superbadges/superbadge_integration

https://trailhead.salesforce.com/users/00550000006yDdKAAU/trailmixes/architect-integration-architecture

https://secure2.sfdcstatic.com/assets/pdf/misc/sfu-certification-guide.pdf

https://developer.salesforce.com/page/Integrating_with_the_Force.com_Platform

https://developer.salesforce.com/docs/atlas.en-us.integration_patterns_and_practices.meta/integration_patterns_and_practices/integ_pat_intro_overview.htm

https://en.wikipedia.org/wiki/Message-oriented_middleware

https://blog.semarchy.com/etl-vs-mdm

https://help.salesforce.com/articleView?id=integrate_what_is_api.htm&type=0

https://developer.salesforce.com/blogs/engineering/2013/05/extreme-force-com-data-loading-part-3-suspending-events-that-fire-on-insert.html

https://help.salesforce.com/articleView?id=000007225&type=1

https://help.salesforce.com/articleView?id=security_keys_about.htm&type=0

Prepare for Salesforce ‘Integration Architecture Designer’ Exam

https://corycowgill.blogspot.com/2016/05/passing-salesforce-certified.html

http://santanuboral.blogspot.com/2017/12/IADesiner.html

https://martinfowler.com/articles/enterprisePatterns.html

https://help.salesforce.com/articleView?id=000181277&type=1

https://developer.salesforce.com/blogs/engineering/2015/03/use-pk-chunking-extract-large-data-sets-salesforce.html

Finally! Salesforce Platform Developer II Certification Completed

The journey to get this certificate was the longest, hardest and most cherished one for me. I had to get past several challenges professionally and emotionally.

Back then it was called Advanced Developer (501). The exam is broken down into three parts. Multiple choice examination, a programming assignment, and an essay. My advanced developer journey spanned several years, let me break down the timelines.

Jan 2013, with 3 years of experience working on the platform I took the multiple choice certification and miserably failed.

April 2013, I regrouped myself and studied harder re-took the examination and passed, that was one of the happiest feelings.

April 2014, a year later I was able to get a schedule for the programming assignment. The scheduling was only twice a year and slots gets full in just a matter of minutes of being open.

June 2014, got the programming assignment. I wasn’t prepared and felt it was the hardest challenge ever. I failed the assignment.

2015, couldn’t get into any schedule as slots are already full.

Jan 2016, finally got in and received the new programming assignment.

Feb 2016, the hardest month of my life as my mom past away and I couldn’t get myself to finish the assignment and I decided to cancel/forfeit the assignment.

Jan 2017, Salesforce transitioned the certification to Platform Developer II. Took the transition exam and passed. No programming assignments slots being offered anymore.

mid-2017, Salesforce released a new superbadge called Advanced Apex Specialist in Trailhead. This turns out to be the replacement to the programming assignment.

March 2018, I made it a goal to finish what I started and get this certification done. Started Trailhead and went through all the pre-requisite superbadges (Apex Specialist, Data Integration Specialist, and Lightning Component Framework Specialist)

June 2018, the Advanced Apex Specialist was a tough cookie, but I have more experience now and mentally ready. Got the superbadge and after a week received an email with my certification. I finally got the most coveted Platform Developer II certification, approximately 5 years since I started.

platformdeveloperII

What a ride it has been. I’m glad it’s done, motivated now to keep pushing forward. I’m moving up to my next goal which is the Journey to CTA(Certified Technical Architect)