Drupal

last person joined: 7 days ago 

If you work in an organization using Drupal, or you work with nonprofits using Drupal, this is the group for you. If you work in a nonprofit using Drupal, or you work with nonprofits using Drupal, this is the group for you! Stuck on something? Have a question? Drupal experts are on hand to answer questions! You don't need to be a member of NTEN to participate in the monthly calls — feel free to invite colleagues and spread the word.

Drupal as Identity Provider w/ Salesforce

  • 1.  Drupal as Identity Provider w/ Salesforce

    Posted Jul 18, 2019 13:33
    Edited by Maressa Surrett Jul 18, 2019 13:46
    Good morning -

    I'd like to hear from anyone that is using Drupal 8 as identity provider, along with Salesforce as the service provider. I'd be interested in speaking with you on your experience.

    Please also feel free to send over any modules that you are using. We are looking at https://www.drupal.org/project/externalauth

    Thank you!

    Maressa
    iste.org

    ------------------------------
    Maressa Surrett
    Director of Technology and Digital Solutions
    International Society for Technology in Education
    Portland, OR
    ------------------------------
    Tech Accelerate


  • 2.  RE: Drupal as Identity Provider w/ Salesforce

    Posted Jul 18, 2019 15:13
    Edited by Aaron Crosman Jul 18, 2019 15:33
    Salesforce can use 3rd party IDP's for login, but the times I've seen that used are generally around connecting an LDAP/Active Directory or GSuite. The documentation for those solutions is reasonably good. I've looked at having Drupal provide that but never felt it was the right solution for the client.  I have seen a few instances where the authentication was done the other direction with Salesforce serving as the IDP for Drupal.

    Typically those connections are managed using SAML with modules like SimpleSAML Auth (https://www.drupal.org/project/simplesamlphp_auth).

    External Auth is really an API module that can be leveraged for custom built solutions, and is sometimes used by other modules, but is not a complete solution itself.

    In my opinion neither Drupal nor Salesforce is an awesome IDP.  My default guidance is to suggest using a true authentication provider (like the ones above) and then have Drupal AND Salesforce consume those identities.  That's somewhat use-case dependent (mostly around who is logging into both systems and why – large communities can drive a very different set of use cases than staff logins).

    ------------------------------
    Aaron Crosman
    Attain
    ------------------------------

    Tech Accelerate