This article describes the set-up process for enabling your users to sign in to your Vanilla community using their Salesforce credentials. For this, we have a dedicated addon, Salesforce OAuth2 SSO, in the Dashboard:
After the addon is enabled and configured (as described below in Enable and configure the addon), a Sign In with Salesforce option displays on your sign-in page which, when clicked, redirects users to the Salesforce log-in page.
📝 NOTE: There a few important differences in the way that Salesforce does OAuth 2.0; these are noted in the configuration steps below.
✔️ TIP: To create an application in Salesforce for single sign-on, check out this Configuring OAuth for Salesforce video (right-click for "new tab/window" options).
Enable and configure the addon
Enable and configure the Salesforce OAuth2 SSO addon as described below.
1. Access the Dashboard.
2. Navigate to Settings > Addons > Addons.
3. Scroll down to the Salesforce OAuth2 SSO addon and slide the toggle to the right to enable the addon.
4. Click the settings icon to open to the Oauth2 SSO Settings modal.
5. In the settings modal:
- Check the box for Authorization Code in Header.
- Uncheck the box for Basic Authorization Code in Header.
- Uncheck the box for Request Profile Using the POST Method.
- For the endpoints (Register Url and Sign Out Url), consult this Salesforce OAuth Endpoints document (right-click for "new tab/window" options).
🛑 IMPORTANT: Be sure to specify the domain of your Salesforce application.
6. Scroll down and confirm or set the following:
- Request Scope = id profile email
- Email = email
- Photos = photos.thumbnail
- Display Name = display_name
- Full Name = name
- User ID = user_id
Roles can be passed in a variety of ways. In order to see how Salesforce is passing the Roles in the SSO response, you will have to look in the Event Log, which might have to be enabled in your Dashboard.
📝 NOTE: Contact Vanilla Support (firstname.lastname@example.org) and request assistance with this. Also, have Support add to your site's config file:
In order to see the sso_logging data in the Event Log for debugging purposes, the Db Logger addon (in Settings > Addons > Addons) has to be enabled, and then the site config updated.
📝 NOTE: Contact Vanilla Support (email@example.com) and request assistance with this.