We have a website running on Kentico and we want all the users who are coming to kentico and doing login can automatically login to salesforce community after clicking a tab in kentico website .
I got few suggestions related to SSO but it seems there is no specific way in kentico cms for doing or configuring single sign on for other domains .
Let me know if you guys have any thoughts .
Thanks !!!
Not knowing much about Salesforce Community, I'll answer based on what we've done in the past in other situations which are similar.
In this case it seems like Salesforce will be your true source of the "user" data because there are license restrictions with users in Salesforce and NOT in Kentico. Some of the user data (username, first, last, etc.) will be stored in Kentico to help with functionality. In this case you'd:
Place the login webpart on a page and configure it (simple).
Create a Global Event Handler for the Authenticate event.
In the global event handler, attempt to log them into Salesforce with given username and password.
If a user exists or the login is successful, allow them to log into Kentico and possibly sync some of their profile/user data to Kentico, if not, cancel the event.
Related
I am trying to set up a working example of linking accounts to my sample app. I am currently using the react example found here as my base. I have looked over the docs and the example of linking an account with Lock, but I'm not sure how to apply that to the react example I am working with. I have also looked at the API for linking a user account here.
Here are the use cases I am trying to work around:
There would be a user who creates a new account on my site using Google. Then they decide they want to add another social login via GitHub to that same account. They clicks a button that allows them to login via GitHub and then it redirects back to their account page and they can now login to the one account with either their Google login or GitHub.
There would be a user who creates a new account on my site using Google. Another day they create another new account on my site using GitHub. Later they realize that they mistakenly made two accounts and want to merge them. They login to either account then click a button that allows them to login to the other account and then they are redirected back to their now merged account.
I think the API would be my best option, but I'm not sure how to obtain the SECONDARY_ACCOUNT_JWT OR THE SECONDARY_ACCOUNT_USER_ID. How do I get the user to log in to their other account? When I try to redirect to the login page when a user is already logged in it just redirects back to the page I have set to redirect after login.
Hey there Camiblanch!
You could link the accounts together if they share the same email through a rule. Attached is an example that may help you in your quest. Thanks!
https://auth0.com/rules/link-users-by-email
I am currently using joomla 3. I have a scenario where by content has to go through approval before it is published. Has anyone ever implemented the same in joomla 3
For content Approval you simply need to make default publishing to unpublished when you create a menu item for Content creation at Frontend. The image below will help you.
So when a user submits it will be unpublished by default and either a super admin or anyone authorised to approve like administrator, manager, publisher can approve the same either through frontend or backend.
We have a website running on Kentico. When a user logs in there will be a link available for the user to navigate to a Salesforce Community. When the user clicks the link I would like to automatically log the user into the Salesforce Community. My Kentico Users as in sync with the Salesforce contacts/external users.
Has anyone implemented this? If so, can you share how you achieved? It seems like a SAML Assertion needs to be generated and posted but I am not familiar with how to do this.
Thanks in advance!
Since Kentico should not be used as the authentication provider for other applications, it will be easier for you to find out can SF Community provide some authentication API which then you can setup custom external authentication (through SF) in Kentico.
You can also consider using something like OpenID which is supported by both SF and Kentico. (https://help.salesforce.com/articleView?id=networks_authentication_options.htm&type=0)
We would like to connect a salesforce user to another salesforce user in another org without any user intervention from a service.
We have tried SAML Bearer Flow (using Remote Access Application) to connect to salesforce to retreive Access Token for one of our product. We are referring to the follwoing article.
http://help.salesforce.com/help/doc/en/remoteaccess_oauth_SAML_bearer_flow.htm
As referred by the SF article for this flow, it uses a previous user authorization to connect and retreive Token. In case the user (for whom Token is requested) has not already authorized the App, SF takes you to the Authorization page first and app will get the access token once app is authorized. This is working fine too. However it has this painful step of users authorizing the app before we can use this flow for the product. It would be good and simplified if this step can be done once for an org and the article does mentions that either User or Admin can authorize the app. However I am not able to find how an Admin can authorize the remote access application.
Does anyone knows and can guide how can an Admin authorize an App or is thre any other way we can achieve our requirement. Any thoughts will be really appreciated.
OAuth1 and OAuth2 require user intervention by design. Anything you do to defeat this would be circumspect and not best practice. You could make it easy on the user, but you will always have the initial "Authorize this app" message.
If you are trying to make it easy for the user to login to either org, then you may want to consider a hub-and-spoke SSO solution. See this doc.
If you are trying to pass information between two Salesforce instances, then you may want to consider Salesforce2Salesforce, or outbound workflow. However, this is done at system context, not user context.
If you want to maintain user context and security, you should consider the new Salesforce Canvas API. Canvas allows you to call an outbound service, and pass credentials to the service so that it can communicate back. There is no reason the foreign service could not be a Salesforce instance.
We are trying to build one simple website using force.com sites.Here User logged into website and need to perform different actions by moving to different VF pages.
We are facing a Problem to maintaine Session of particular user. We need help regarding how to maintaine session for particular user.
Kindly give your help. Please provide any sample code.
Thanks.
You can't ;)
Think about it, you can store usernames/passwords in your data objects and if they allow you to login and maintain a session for that user and use it to walk around apex pages and builtin forms why would you buy a salesforce license? You could operate a 1000 employees rig with just one administrative license and a site URL. For that reason salesforce does not allow you session control, it grants you one when you buy and expense a license.
For sites, you have to purchase either Customer Portal license or volume-based High Volume Customer Portal set and then use those to "promote" a contact into a login user with the above license. Then, when that user logs into site it has its own session.
This document http://wiki.developerforce.com/index.php/Authenticating_Users_on_Force.com_Sites might be of great help.
This tutorial shows you how to authenticate users on Force.com Sites. It provides a description of Customer Portal, which is needed for the authentication, and shows you how to set up such a site and process to allow site visitors to become authenticated users.
The points on customer portal are correct, and you have to pay for these licences. If you build your own auth on Force.com Sites and salesforce.com finds out they'll be very unhappy. That said you can still do it using cookies (http://www.salesforce.com/us/developer/docs/apexcode/Content/apex_classes_sites_cookie.htm) but it's not perfect because it's client-side.
I highly recommend that you steer clear of this approach though. You're better off building your UI layer on another platform (Google App Engine or Heroku) and using web services created on the Force.com platform through that UI.