With everyone and everything more connected than ever before, it has become common to use a social media account as a means to register and log in to other platforms. The goal of this article is to demonstrate how you can configure a Salesforce Community to support Social Sign On and enable users to access your Community with their social media account.
Hurray, no coding skills are required
Although one section covers some code, the reader is not assumed to have any programming knowledge. If needed, you can always ask your friendly neighborhood IT-guy to write that pesky code for you! Now, without further ado, let’s see what Social Sign On has in store for us.
An [...] authentication provider lets your users log in to your Salesforce org using their login credentials from a third-party service provider. So basically, an authentication provider provides authentication, shocking! In other words, we can ask e.g. Google (or any other authentication provider) to tell Salesforce that we are who we say we are, and we can then let Salesforce decide on what to do with this information.
An authentication provider needs just a little configuration. Let’s do this first by navigating to setup > Identity > Auth. Providers, clicking on ‘new’ on the authentication provider list and selecting ‘Google’ . Salesforce supports most of the popular authentication providers such as Google, Facebook, LinkedIn and Twitter by default. With the Winter ‘20 release, Apple ID will also be added to the list. It is even possible to use your own, custom authentication provider, but we would need a whole new blog post to cover that so we’ll leave it for another occasion.
Now for the authentication provider details: for our convenience, Salesforce does most of the heavy lifting by default so we don’t necessarily need to fill in a lot of details. In its most basic form, we only need to provide the following information:
- Name: The name of the url provider. This is the label that will be displayed on your community login page.
- Registration Handler: This is the small bit of code I talked about earlier. Here we will define the matching process between the data received from the authentication provider and our Salesforce user. To keep it simple, this article matches the authentication data’s email-address with the e-mail address of a user in Salesforce, and logs in as that user when found. The ‘Automatically create a registration handler template’ link can be used to generate a basic registration handler Apex class, or, you can start from the registration handler used in this article: show me the code.
- Execute Registration As: The registration handler Apex class will run in the context of the specified user, so make sure this user has the Manage Users permission!
- Icon URL: The icon that will be displayed on the community login page.
The authentication provider then looks something like this:
Let's match those users!
As already said, the registration handler takes care of the matching process between a Salesforce user and the authentication data received from the authentication provider. As this Apex class must implement the Auth.RegistrationHandler interface, we must implement two methods:
- createUser: Here, we do the matching. We can decide on which fields to look for a corresponding user in Salesforce and we can even create a new user when we can’t find a match!
- updateUser: Updates the specified user’s information. This method is called if the user has logged in before with the authorization provider and then logs in again. This method can be empty if we don’t want to update the user’s information with the received authentication information.
The authentication information that we receive depends on the authentication provider but most common fields such as an e-mail address are nearly always there. The Apex class used in this article can be found right here.
Enabling Social Sign On as a login option
Sweet, we’re almost there! The last piece of the puzzle is to enable your freshly made authentication provider as a login option in your community. This can be done by navigating to the community’s ‘Administration’ section (Setup > Communities > All Communities > Workspace > Administration) and checking the authentication provider’s box under the ‘Login and registration’ tab, as demonstrated hereunder.
Tadaa, logging in got a bit more social!
Finally, when a user now tries to log in to your community, he or she will have the option to log in with a social media account, just like all the other cool kids!
Confetti and champagne of course! You may now showboat your Social Sign On configuration skills in the community of your own or your customers! Hooray!
Do you have any questions about the topics discussed in this blogpost? We would love to hear from you! Contact us via firstname.lastname@example.org