Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 477
  • Last Modified:

SAML Terminology

Can I safely assume that a SAML Domain is the SAML Idp and the set of users processed by that IDP in Organization A  (While a second SAML Domain would be a separate SAML IdP and all of the users that IdP manages)

Anthony Lucia
Anthony Lucia
1 Solution
btanExec ConsultantCommented:
there is a SAML SP and SAML IdP. Yes if you refer to SAML IdP Domain as SAML Domain

Maybe below scenario can help

If you're trying to setup / use Service Provider (SP) Initiated SSO. Taking example,  Salesforce is the SP and you've configured an external IdP to provide authentication.

SP Initiated Login works on Salesforce with "My Domain". You will need to set up Salesforce for federated authentication on your IdP, by (at least in case of ADFS) importing the metadata which you export from the SSO Settings Screen in Salesforce.

You will need to set up "My Domain", where you register a custom domain for your org, and there should be a setting in "My Domain" where you choose the authentication provider as the IdP rather than the Salesforce login page.

You then need to refer to your org by the "My Domain" URL, at which point Salesforce reads this configuration and redirects to the IdP for authentication, passing through a SAML Request. (i.e. login with the custom "My Domain" URL).

Once you've entered your credentials on the IdP login page, it posts a SAML Assertion to the Salesforce Assertion Consumer Service URL, which identifies the User either by UserName or Federation Id, based on what you've set up in your SSO Settings and lets you in.

There is another example for instance below - look out for the IdP URL

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now