SSO from prod to sandbox using ECA

This is the Winter26 Update for this article/how i solved this session re sandbox SSO magic: https://goravseth.com/single-sign-on-from-production-to-sandbox

Connected Apps were voted off the island, and now we have external client apps, which are great. It is possible to do the same SSO magic with an ECA, but there is currently a bug (that for some reason they will not create a KI for) that requires a funny workaround

The bug: If you set the start URL -> custom in the ECA, the app ignores whatever permissions you apply for who can access the app, and it shows up in the app menu for everyone. Those without access are currently redirected to classic and shown an ugly error…

Support acknowledged this is a bug and said its actively being worked on 2 months ago, so keep holding your breath…

The workaround: click enable oauth, set start URL to oauth, and enter the URL there. The rest of the oauth settings dont matter, as we are not using it. This causes the app to respect permissions, and only show for the people who should have it…

The rest of the steps are basically the same as for the connected app. Click enable SAML in the ECA and do the needful.

Will add some more details in the glorious future.

 
2
Kudos
 
2
Kudos

Now read this

Checking for blank in Flow

A few days ago I asked am i the only person who is still confused about equals globalconstant.emptystring vs isnull = true in flows? i swear i used to use equals gces all the time and it was fine or was i delusional. seems like isnull =... Continue →