An [...] authentication provider lets your users log in to your Salesforce org using their login credentials from a third-party service provider. In other words, we can ask Google (or any other authentication provider) to confirm with Salesforce that we are who we say we are, and we can let Salesforce decide on what to do with this information.
An authentication provider needs only a little configuration. Let’s do this first by navigating to setup > Identity > Auth. Providers, clicking on ‘New’ in the authentication provider list and selecting ‘Google’. Salesforce supports most of the popular authentication providers such as Google, Apple ID Facebook, LinkedIn and Twitter. It is even possible to use your own, custom authentication provider.
Now for the authentication provider details: for our convenience, Salesforce does most of the heavy lifting, so we don’t necessarily need to fill in a lot of details. In its most basic form, we only need to provide the following information:
- Name: The name of the URL provider. This is the label that will be displayed on your community login page.
- Registration Handler: This is the small bit of code we talked about earlier. Here we will define the matching process between the data received from the authentication provider and our Salesforce user. In short: this article matches the authentication data’s email-address with the e-mail address of a user in Salesforce, and logs in as that user when found. The ‘Automatically create a registration handler template’ link can be used to generate a basic registration handler Apex class, or, you can start from the registration handler used in this article: show me the code.
- Execute Registration As: The registration handler Apex class will run in the context of the specified user, so make sure this user has the Manage Users permission!
- Icon URL: The icon that will be displayed on the community login page.