1. Overview

The “Salesforce Authentication SPI” is a provider that allows you access DNN resources using Salesforce user credentials. Communication between DNN and Salesforce is set up at the top of the SAML (Security Assertion Markup Language) protocol.

SPI (Service Provider Initiated) means user is redirected to Salesforce page to enter credentials, therefore Salesforce credentials never leaves Salesforce company.

1.1. Benefits

The biggest benefit that you get is a Single Sign-on (SSO), that allows access Salesforce and DNN (and possible other resources) without having to log in separately to each of it. User credentials are entred only on the Salesforce login page and never leaves your Salesforce org. This can be a great help for your users: instead of having to remember many username/passwords, they will only have to remember one.

Additionally “Salesforce Authentication SPI” can offer following advantages for your organization:

  1. Increased User Adoption due to the convenience of not having to log in, users are more likely to use DNN on a regular basis. For example, users can send email messages that contain links to information in DNN website such as user profile, forum or blog post. When the recipients of the email message click the links, the corresponding DNN website protected page opens automatically.
  2. User who leave the company automatically lose access to company data after their departure. In just a one click, you can block access to Salesforce website and all connected with Salesforce resources, in this case DNN website.
  3. Time Savings because on average, a user takes five to 20 seconds to log in to an online application; longer if they mistype their username or password and are prompted to reenter them. With Single Sign-on in place, the need to manually log in to Salesforce is avoided. These saved seconds add up to increased productivity.
  4. Reduced Administrative Costs because with Single Sign-on, users only need to memorize a single password to access DNN website, Salesforce website and other resources. With fewer passwords to manage, system administrators receive fewer requests to reset forgotten passwords.
  5. Single Log-out (SLO) where users can log out from a Salesforcee website and be automatically logged out from DNN website (same as all other connected apps). SLO can be initiated from the DNN or Salesforce website. Because users are logged out from Salesforce and DNN, SLO can improve security and usability, it also saves time and reduces user frustration.

1.2. SP-initiated SSO

Service Provider (SP) - in our case it’s a Dotnetnuke website.

Identity Provider (IdP) - in our case it’s Salesforce website.

In “SP-initiated SSO”, the user starts at the SP and instead of logging in at the SP site, SSO is initiated with the IdP. The following figure outlines the “SP-initiated SSO” flow.

_images/overview-flow_01.png

(Note: diagram was teken from Component Space website)