In this video, ProofID consultant Ben Andrews demonstrates how quickly single sign-on (SSO) to Salesforce can be implemented using PingFederate.  SSO provides a distinct advantage as users can access multiple resources using a single username and password.

The demo shows a federated trust established between the PingFederate identity provider (IdP) and Salesforce, the service provider (SP).  Metadata is exchanged between the two parties, creating the trust.  Federated SSO can then occur as Salesforce delegates authentication to PingFederate.  SSO is accomplished using SAML (Security Assertion Markup Language), an XML-based standard that facilitates the transfer of information between PingFederate and Salesforce.

To break down the steps involved during SSO:

  1. The user browses to Salesforce
  2. Salesforce uses the custom domain that was accessed to identify the organisation the user originates from
  3. Salesforce redirects the user to PingFederate, sending a SAML request
  4. The user authenticates, and PingFederate validates the credentials against the local user store
  5. If authentication is successful, the user is redirected back to Salesforce, along with a SAML response
  6. The user is logged into Salesforce using the claims provided in the SAML assertion from PingFederate

In addition to the user only requiring a single set of credentials, SSO provides several other advantages.

About ProofID

ProofID is a specialist Identity as a Managed Service provider headquartered in the UK.  We help customers every day in securing enterprise data, manage hybrid cloud environments, secure mobile apps, and provide access to services by partners and customers.  All successfully delivered through our methodology driven managed service. Daily we manage 750,000 identities and deliver services to 73 countries.  For more information, call +44 (0)161 906 1002 email or visit