Implementing Social Sign-On with Google Authentication in Salesforce: A Technical Walkthrough

Identity
Written By Steve Simpson

Introduction

In this blog post, we provide a step-by-step guide to implementing social sign-on using Google as an authentication provider into Salesforce. This secure authentication method is not configured for communities but is set up to permit access into Salesforce using Google credentials.

Getting Started

Setup in Salesforce Sandbox

Initialize Setup: In a new Salesforce Sandbox, initiate the setup process to integrate Google authentication.

Creating an Authentication Provider

Navigate to Auth Providers: Go to Auth Providers in your Salesforce Sandbox.

Create New Auth Provider: Set up a new authentication provider by assigning a name (e.g., Google). Choose Google as the authentication provider.

Setting Up Registration Handler

A Registration Handler is crucial for this setup. Below is an example of a basic Registration Handler.

global class STA_SocialRegistrationHandler implements Auth.RegistrationHandler 
{
    //---Method to Update a User
    global void updateUser(Id userId, Id portalId, Auth.UserData data)
    {
        //---Read the user
        User user = new User(id=userId);
           
        if(data.email != null && data.email != '') user.Email = data.email;
        if(data.lastName != null && data.lastName != '') user.lastName = data.lastName;
        if(data.firstName != null && data.firstName != '') user.firstName = data.firstName;
           
        update user;
    }
    
    //---Method to create a new User
    global User createUser(Id portalId, Auth.UserData data)
    {
        //---Create a new User
        User user = new User();

        //---Get the Profile Id
        Profile profile = [SELECT Id FROM profile WHERE name = 'Standard User'];

        //---Set the Profile
        user.profileId = profile.Id;

        //---Create a random Username
        Integer rand = Math.round(Math.random()*100000000);
        String username = data.firstName + '.' + rand + '@test.com';  

        //---Set the Alias
        String alias = data.firstName;
        if(alias.length() > 8) alias = alias.substring(0, 8);   

        user.username = username;
        user.email = data.email;
        user.lastName = data.lastName;
        user.firstName = data.firstName;
        user.alias = alias;
        user.languagelocalekey = UserInfo.getLocale();
        user.localesidkey = UserInfo.getLocale();
        user.emailEncodingKey = 'UTF-8';
        user.timeZoneSidKey = 'America/Los_Angeles';

        return user;
    }
}

Code a Registration Handler: Create a SocialRegistrationHandler class that overrides two methods: updateUser and createUser.

updateUser Method: This method pulls a user by their User ID and updates the user’s email, last name, and first name with data from the authenticated user.

createUser Method: This method creates a new Salesforce user with a standard user profile. The method sets a random number for the user and populates essential fields like alias, language, locale, email encoding, and time zone.

These are preliminary steps, and this is not a comprehensive solution.

Select Registration Handler: Choose the SocialRegistrationHandler class as the Registration Handler for your Auth Provider.

My Domain Settings Configuration

Access My Domain Settings: Go to the My Domain settings in Salesforce.

Edit Authentication Configuration: Under Authentication Configuration, add Google to your login screen.

With these steps, users now see the option to log in with Google on the Salesforce login screen.

User Login Process

User Access: Users can access Salesforce by entering the organization's base URL in a new incognito window.

Google Login Option: Users will see the Salesforce login screen with the added “Log in with Google” option.

Google Authentication: Upon selecting Google authentication, users will be directed to the Google login screen where they can enter their credentials.

Two-Step Verification

For accounts with two-step verification, users will need to complete this step to access Salesforce. Once authenticated, users will automatically log into Salesforce with the information from their Google account.

Final Thoughts

Further Configurations Needed:

User Creation Limitation: The current setup allows automatic new user creation, so you need to implement restrictions on user creation through your code.

Adding More Security Checks: Implement additional security checks and balances, including profile selection, license checking, and more, to ensure secure access.

Conclusion

This guide provides the essential steps to set up Google as an authentication provider in Salesforce. While this offers a foundation, further configurations and security checks are necessary for a complete and secure social sign-on solution.

Next Steps

To deepen your understanding and skills, continue following our technical series on secure authentication and other related topics. Stay tuned for more insightful guides and tutorials to enhance your Salesforce experience! For video guides and tutorials, please subscribe and join me on my YouTube channel.

Stay Tuned

Embark on your Salesforce Identity journey with confidence! For more insights and tips, stay tuned here on www.SteveTechArc.com and to the @SteveTechArc YouTube channel. Subscribe and enhance your understanding of Salesforce Identity.

Helping change the world by sharing integration info with fellow Architects and those on their Architect Journey!

Transcript aided by AI

STA 3.8

Steve Simpson
Previous

Understanding Salesforce Security & Identity: When to Use Single Sign-On & OAuth Introduction
Next

Keeping User Data Updated Automatically With Salesforce SAML JIT