Best Practices

Below are some best practices to follow when onboarding customers:

  • Check for any time skews that may lead to inconsistent timeout/session creation issues. Salesforce.com allows a maximum of three minutes for clock skew with your IDP server so ensure your server's clock is up-to-date.

  • Perform periodic testing to make sure that the time skew is within a couple of minutes.

  • A quick process can be written to fetch times from the IdP and SF (getServerTimeStamp() ) and get the difference to make sure it is within limits.

  • Periodically ensure that server certificates are not expired.

Example questions to ask when setting up SSO:

  • Who is their Identity Provider?

  • What method of SSO would they like to implement (e.g., SAML 1.1 or 2.0?

  • Do they want their users to login exclusively through SSO, or do they also want a username/password option?

  • What security requirements do they have around SSO?

  • Would they like to support an identity provider initiated flow, a service provider initiated flow, or both?

  • When does their campaign launch?

Mobile ApplicationsTroubleshooting