Single Sign-On · Philanthropy Cloud

SSO allows users to access authorized resources with one login. Usernames and passwords are validated against your corporate user database or other client app rather than Salesforce managing separate passwords for each resource.

Security Assertion Markup Language (SAML) is an XML-based standard for user authentication on the Web that allows the exchange of authorization data between two domains. You can use SAML-based SSO to provide your users with a seamless authentication flow and leverage Salesforce as an identity provider or as a service provider. SAML SSO enables you to give your users automatic authentication via SAML and authentication into Salesforce via the signed request.

Federated authentication using SAML lets you send authentication and authorization data between affiliated but unrelated web services. You can log in to Salesforce from a client app. Salesforce enables federated authentication for your organization automatically.

Federated Authentication - SAML

SAML - Security Assertion Markup Language
OASIS standard
XML based standard to exchanging authentication data
Supported versions 1.1, 2.0

For differences, refer to https://wiki.shibboleth.net/confluence/display/SHIB/SAMLDiffs

SAML for Philanthropy Cloud

Philanthropy Cloud binds users between our application and your Identity Provider using a Federation Id. All SSO users of Philanthropy Cloud must be uploaded via the Employee Upload File and contain a unique Federation Id. We recommend using a work email address for the Federation Id to assure uniqueness within Philanthropy Cloud. The Federation Id is case sensitive in Philanthropy Cloud. Thus, the Federation Id in Philanthropy Cloud must match the email address exactly (with the same case convention) from your Identity Provider.