SSO from prod to sandbox using ECA

This is the Winter26 Update for this article/how i solved this session re sandbox SSO magic: https://goravseth.com/single-sign-on-from-production-to-sandbox

Connected Apps were voted off the island, and now we have external client apps, which are great. It is possible to do the same SSO magic with an ECA, but there is currently a bug (that for some reason they will not create a KI for) that requires a funny workaround

The bug: If you set the start URL -> custom in the ECA, the app ignores whatever permissions you apply for who can access the app, and it shows up in the app menu for everyone. Those without access are currently redirected to classic and shown an ugly error…

Support acknowledged this is a bug and said its actively being worked on 2 months ago, so keep holding your breath…

The workaround: click enable oauth, set start URL to oauth, and enter the URL there. The rest of the oauth settings dont matter, as we are not using it. This causes the app to respect permissions, and only show for the people who should have it…

The rest of the steps are basically the same as for the connected app. Click enable SAML in the ECA and do the needful.

Will add some more details in the glorious future.

 
1
Kudos
 
1
Kudos

Now read this

ISCHANGED and PRIORVALUE in Before Save Flows (not for after save flows)

UPDATE - DEC 2020 : Spring21 should offer this natively, per poking in my pre-release org. Will link to release notes when they are available. Before save flows do not directly offer functions like ISCHANGED, ISNEW, and PRIORVALUE ISNEW... Continue →