Product Q&As
ForgeRock Identity Cloud

Does Identity Cloud support Single Sign-On (SSO) with Salesforce?

Last updated Jan 23, 2023

You can set up your Salesforce® organization to trust ForgeRock Identity Cloud to authenticate your users. With this SSO integration, Identity Cloud is the identity provider (IdP) and Salesforce is the service provider (SP).


Identity Cloud single sign-on (SSO) integration with Salesforce lets your users quickly access the resources in your Salesforce organization with a single login. This means that instead of requiring separate usernames and passwords for different Salesforce resources, usernames and passwords are validated in one place - Identity Cloud. 

When logging in to Salesforce, users are given the option to log in with Identity Cloud. They are then presented with the ForgeRock Sign In screen to authenticate before being redirected back to Salesforce. 

If user provisioning is enabled, users who do not already exist in your Salesforce domain are automatically provisioned when they first log in. 

Integration options


SSO is available in both Salesforce Classic (not available in all orgs) and Lightning Experience. See Single Sign-on for further information.

Identity Cloud supports both OpenID Connect (OIDC) and SAML integrations with Salesforce. For detailed information on how to configure each of these integrations, see:

With both integration types, you'll need a Salesforce developer edition account. See Salesforce Developers for further information.

See Also

Single Sign-On Integrations for Identity Cloud

Salesforce SSO integration with Identity Cloud as OIDC identity provider

Salesforce SSO integration with Identity Cloud as SAML identity provider

Copyright and Trademarks Copyright © 2023 ForgeRock, all rights reserved.