SSO from prod to sandbox using ECA

This is the Winter26 Update for this article/how i solved this session re sandbox SSO magic: https://goravseth.com/single-sign-on-from-production-to-sandbox

Connected Apps were voted off the island, and now we have external client apps, which are great. It is possible to do the same SSO magic with an ECA, but there is currently a bug (that for some reason they will not create a KI for) that requires a funny workaround

The bug: If you set the start URL -> custom in the ECA, the app ignores whatever permissions you apply for who can access the app, and it shows up in the app menu for everyone. Those without access are currently redirected to classic and shown an ugly error…

Support acknowledged this is a bug and said its actively being worked on 2 months ago, so keep holding your breath…

The workaround: click enable oauth, set start URL to oauth, and enter the URL there. The rest of the oauth settings dont matter, as we are not using it. This causes the app to respect permissions, and only show for the people who should have it…

The rest of the steps are basically the same as for the connected app. Click enable SAML in the ECA and do the needful.

Will add some more details in the glorious future.

 
1
Kudos
 
1
Kudos

Now read this

displaying files in flow datatable with clickable link

solved an interesting question on ohana slack asking about how to display the files attached to a related record in a “legacy” approval process page. you can do this using a flow datatable, but there are some tricks required for making a... Continue →