1. Overview

The “Salesforce Authentication SPI” is a provider that allows you access DNN resources using Salesforce user credentials. Communication between DNN and Salesforce is set up at the top of the SAML (Security Assertion Markup Language) protocol.

SPI (Service Provider Initiated) means user is redirected to Salesforce page to enter credentials, therefore Salesforce credentials never leaves Salesforce company.

1.1. Benefits

The biggest benefit that you have is a Single Sign On, because it allows access Salesforce and DNN (and possible other resources) without having to log in separately to each of it. This can be a great help to your users: instead of having to remember many username/passwords, they will only have to remember one. Additionally “Salesforce Authentication SPI” can offer following advantages for your organization:

  1. Increased User Adoption due to the convenience of not having to log in, users are more likely to use DNN on a regular basis. For example, users can send email messages that contain links to information in DNN website such as user profile, forum or blog post. When the recipients of the email message click the links, the corresponding DNN website protected page opens automatically.
  2. User who leave the company automatically lose access to company data after their departure. In just a one click, you can block access to Salesforce website and all connected with Salesforce resources, in this case DNN website.
  3. Time Savings because on average, a user takes five to 20 seconds to log in to an online application; longer if they mistype their username or password and are prompted to reenter them. With Single Sign On in place, the need to manually log in to Salesforce is avoided. These saved seconds add up to increased productivity.
  4. Reduced Administrative Costs because with Single Sign On, users only need to memorize a single password to access DNN website, Salesforce website and other resources. With fewer passwords to manage, system administrators receive fewer requests to reset forgotten passwords.

1.2. SP-initiated SSO

Service Provider (SP) - in our case is a Dotnetnuke website.

Identity Provider (IdP) - in our case it’s Salesforce website.

In “SP-initiated SSO”, the user starts at the SP and instead of logging in at the SP site, SSO is initiated with the IdP. The following figure outlines the “SP-initiated SSO” flow.

_images/overview-flow_01.png

(Note: diagram was teken from Component Space website)