Trouble Integrating PrivacyIDEA with Salesforce During Admin Training

Hi all,

I’m currently going through Salesforce Admin Training and trying to get a better handle on authentication systems, especially multi-factor options. As part of my hands-on learning, I attempted to integrate PrivacyIDEA with a Salesforce sandbox environment, just to see how it might work in a real-world setup.

image1030×478 38 KB

The issue I’m facing is mainly around the integration itself…Salesforce doesn’t seem to directly support PrivacyIDEA, and I’m not quite sure how to bridge the two systems properly. I’ve tried exploring SAML and OAuth2 flows, but I’m still a bit stuck on how to make the connection secure and functional without overcomplicating things.

Has anyone here attempted this kind of integration or used PrivacyIDEA alongside Salesforce in any way? Even a pointer in the right direction would be super helpful. I’d really like to understand how this would work in an enterprise setup since that’s a big part of what’s being covered in my training.

Thanks in advance!
J Smiths

Hi,
we don’t have salesforce but some other saml- and oauth-applications like vcenter, prtg, fortinet, aws, topdesk,…
We use keycloak with the pi-plugin to fill the gap between pi and saml/oauth

best regards
Andreas

The concept of privacyIDEA is very modular. The privacyIDEA server itself provides a REST API for everything.

Yes, salesforce for some reasons does not consume this API. However, this is fine.

As @AAuer mentioned correctly, privacyIDEA provides Plugins for SAML IdPs and OpenID connect. So you would connect Salesforce to e.g. Keycloak and then add the Keycloak privacyIDEA Plugin and connect keycloak to privacyIDEA.

This is how privacyIDEA also handles the RADIUS protocol, Windows Login, Linux Login… by providing plugins for the corresponding protocol or stack.