SSO from prod to sandbox using ECA

This is the Winter26 Update for this article/how i solved this session re sandbox SSO magic: https://goravseth.com/single-sign-on-from-production-to-sandbox

Connected Apps were voted off the island, and now we have external client apps, which are great. It is possible to do the same SSO magic with an ECA, but there is currently a bug (that for some reason they will not create a KI for) that requires a funny workaround

The bug: If you set the start URL -> custom in the ECA, the app ignores whatever permissions you apply for who can access the app, and it shows up in the app menu for everyone. Those without access are currently redirected to classic and shown an ugly error…

Support acknowledged this is a bug and said its actively being worked on 2 months ago, so keep holding your breath…

The workaround: click enable oauth, set start URL to oauth, and enter the URL there. The rest of the oauth settings dont matter, as we are not using it. This causes the app to respect permissions, and only show for the people who should have it…

The rest of the steps are basically the same as for the connected app. Click enable SAML in the ECA and do the needful.

Will add some more details in the glorious future.

 
0
Kudos
 
0
Kudos

Now read this

The Magic of Actions in Process Builder and Flow

The ability to use quick actions in process builder / flow has been around for a few years, but i’ve never seen a reason to use them. I figured some out this weekend. Here are the use cases I see. a) standardization : if you will do the... Continue →