Lower customer service costs when you share knowledge in Salesforce Community. You’ll also increase adoption and self-service. I’ll roadmap 3 options for seamless Single Sign On (SSO) from your SaaS application to Salesforce Community.
Sync Password Databases
Your SaaS application already has a single database of users and passwords, so it’d be easy to sync that with Salesforce. But that would need to happen in real-time with passwords matching two different security policies. Salesforce also follows strict security best practices, and never exposes a plaintext password to external systems. Let’s look at another idea:
Salesforce Identity extends Salesforce to be a SAML Identity Provider (IDP). Each app or Service Provider (SDP) securely redirects users to a Salesforce login. That login produces a secure token, so passwords are never shared. This is great for new internal initiatives, but we’d have to ask all your external customers to change their passwords. We’d also introduce a new login flow to their paid production app. Sounds like a big change management risk!
SaaS Identity Provider
Let’s flip that and use your existing SaaS app as the Identity Provider. Your customers will keep the same login screen, usernames, and passwords. When they access your Salesforce Community, they’ll login to your app and be securely redirected. Your internal team still needs to implement SAML in your app, but with much less change for your customers. We have a winner!
Considering these 3 options show the value of a technical roadmap. Each option has technical complexities and business impacts. Spending a day discussing them and educating my client on best practices led me to a recommendation that everyone understood. By designing the right Single Sign On solution, their customers will continue buying their app and become fast self-service adopters of their new Salesforce Community.