Single Sign On (SSO) using Okta

Single sign-on (SSO) lets users access authorized network resources with a single login. You validate usernames and passwords against your corporate user database or other client app rather than Salesforce managing separate passwords for each resource. 

• Session and User Authentication Service. 
• Allows user to access multiple applications using single?set of login credentials. 
• Secure and easy way to manage several accounts without compromising the integrities of the individual applications. 

Advantages of SSO: 

• Reduced administrative costs 
• Leverage existing investment 
• Time savings 
• Increased user adoption
• Increased security 

SAML 

• SAML (Security Assertion Mark-up Language) is an XML-based standard for exchanging authentication and authorization data between an?identity provider?(IdP) such as Okta, and a?service provider?(SP) such as Box, Salesforce, G Suite, Workday, etc. 

What is Okta? 

• Okta?connects any person with any application on any device. 
• Okta enables you to provide Single Sign On (SSO) access to cloud, on-premises, and mobile applications. 
• You sign into Okta and you can then launch any of your web apps without having to re-enter your credentials. 

Why Okta? 

Okta provides a central portal of applications which lets users to access the applications in an easy way 

• Provides secure integration 
• Multi–tenant solution 
• Time constraint because of its integrated cloud platform 

Advantages of Okta: 

• Most reliable and customizable tool for SSO 
• Can be used for all web and mobile apps
• Cost effective 
• More efficient 
• Secure employee and customer experiences 

Using Okta SSO with Salesforce: 

The most important use case for SSO in salesforce is to overcome the license limitations for users. For instance, consider a situation wherein ‘n’ number of users need access for the org, but the org consists only limited number of licenses then we cannot give access to all the users. In this case, with the help of SSO and OKTA we can just provide the okta credential to the user and once they login, user will be created in salesforce and after the user logs out, they will be deactivated. By this way we can create n number of users in salesforce irrespective of the license limitations 

Prerequisites for integrating Okta with Salesforce: 

1.Need to create Okta account using the below link, 

https://www.okta.com/free-trial/# 

2.Need to install Okta Verify app either in Apple or Android or Windows platform. 

3.Sign into Okta account using the credentials received to the email id given while sign up. 

4.Click Your Org under the User 

 5.Click Admin tab in the right corner of the page to create custom apps.

6.This will redirect to Okta verify page.

7.Click Setup and Select your device type in which Okta verify app is installed. Click Next and Enter the Verification code received in the Okta Verify app. 

OKTA Setup: [Need OKTA Admin access to create Custom App]  

Step 1:  Application ?Add applications ? Create New App 

 Step 2:  General Settings 

App Name: Enter the desired name 

 Step 3:  SAML Settings 

• Single sign on URL: https://community.cs63.force.com/samplecommunity/login [Need to replace this with the Salesforce Production Community login URL] 
• Audience URL (SP Entity ID): https://saml.salesforce.com 

 Step 4:  Feedback        

Step 5:  Get URL details and download Certificate   

• Click Application and search for created App and click the App name to view the detailed information. 
• Click [Sign On] Tab and click the button [View Setup Instruction] 
• Copy the Identity Provider Single Sign-On URL and Identity Provider Issuer URL [Provide to SF Team] 
• Download the X.509 certificate [Provide to SF Team]. 

Salesforce: SAML Single Sign-On Setup 

 The following steps are written for Lightning Experience. 

 Step 1: Setup -> Identity -> Single Sign-On Settings (Enable SAML, if not enabled already). 

 Step 2: Setup -> Identity -> Single Sign-On Settings -> SAML Single Sign-On Settings -> New 

• Name: Demo 
• API Name: Demo 
• Issuer: http://www.okta.com/exknxeot1st95AblV0h7 [OKTA team will provide the URL as shown in step 6] 

• Entity ID: https://saml.salesforce.com 
• Identity Provider Certificate: [Upload the certificate given by OKTA team. To download certificate follow Step 5] 
• Request Signature Method: RSA-SHA256 
• Assertion Decryption Certificate: Assertion not encrypted 

• SAML Identity Type: Federation ID 
• SAML Identity Location: Subject 
• Service Provider Initiated Request Binding: HTTP Redirect 
• Identity Provider Login [OKTA team will provide the URL. To get this URL follow step 5] 
• Custom Logout URL: https://samplecommunity.okta.com/ 
• User Provisioning Enabled: Enable 
• User Provisioning Type: Custom SAML JIT with Apex handler 
• SAML JIT Handler: JITHandler 
• Execute Handler As: System Admin [Current User] 

Step 4: 

• Click Setup -> All Communities -> Select Your Community -> Workspace -> Administration 
•  Login & registration tab ->Login page Setup -> In sign in option section, Select the Custom App which is created in Okta as the Single Sign on provider. 

 Validate: 

• Copy Community login URL 
• Sign out of Salesforce and OKTA 
• Paste the URL in the address bar 
• The URL will redirect to the OKTA login page 
• After successful log in to OKTA, the user will be landed in the Salesforce Community. 

 For Community (License-Salesforce Platform) User, Account and Contact Creation SAML JIT Handler: 

1. global class JITHandler implements Auth.SamlJitHandler {
2. //JIT Handler Exception
3. private class JitException extends Exception{}
4. //Method to insert or update a user record
5. @testVisible
6. private void handleUser(boolean create, User user, Map<String, String> attributes,
7. String federationIdentifier, boolean isStandard) {
8. if(create && attributes.containsKey(‘User.Username’)) {
9. user.Username = attributes.get(‘User.Username’);
10. }
11. if(create) {
12. if(attributes.containsKey(‘User.FederationIdentifier’)) {
13. user.FederationIdentifier = attributes.get(‘User.FederationIdentifier’);
14. } else {
15. user.FederationIdentifier = federationIdentifier;
16. }
17. }
18. if(attributes.containsKey(‘User.Phone’)) {
19. user.Phone = attributes.get(‘User.Phone’);
20. }
21. if(attributes.containsKey(‘User.Email’)) {
22. user.Email = attributes.get(‘User.Email’);
23. }
24. if(attributes.containsKey(‘User.FirstName’)) {
25. user.FirstName = attributes.get(‘User.FirstName’);
26.   }
27. if(attributes.containsKey(‘User.LastName’)) {
28. user.LastName = attributes.get(‘User.LastName’);
29. }
30. if(attributes.containsKey(‘User.Title’)) {
31. user.Title = attributes.get(‘User.Title’);
32. }
33. if(attributes.containsKey(‘User.CompanyName’)) {
34. user.CompanyName = attributes.get(‘User.CompanyName’);
35. }
36. if(attributes.containsKey(‘User.AboutMe’)) {
37. user.AboutMe = attributes.get(‘User.AboutMe’);
38. }
39. if(attributes.containsKey(‘User.Street’)) {
40. user.Street = attributes.get(‘User.Street’);
41. }
42. if(attributes.containsKey(‘User.State’)) {
43. user.State = attributes.get(‘User.State’);
44. }
45. if(attributes.containsKey(‘User.City’)) {
46. user.City = attributes.get(‘User.City’);
47. }
48. if(attributes.containsKey(‘User.Zip’)) {
49.   user.PostalCode = attributes.get(‘User.Zip’);
50. }
51. if(attributes.containsKey(‘User.Country’)) {
52. user.Country = attributes.get(‘User.Country’);
53. }
54. if(attributes.containsKey(‘User.CallCenter’)) {
55. user.CallCenterId = attributes.get(‘User.CallCenter’);
56. }
57. if(attributes.containsKey(‘User.Manager’)) {
58. user.ManagerId = attributes.get(‘User.Manager’);
59. }
60. if(attributes.containsKey(‘User.MobilePhone’)) {
61. user.MobilePhone = attributes.get(‘User.MobilePhone’);
62. }
63. if(attributes.containsKey(‘User.DelegatedApproverId’)) {
64. user.DelegatedApproverId = attributes.get(‘User.DelegatedApproverId’);
65. }
66. if(attributes.containsKey(‘User.Department’)) {
67. user.Department = attributes.get(‘User.Department’);
68. }
69. if(attributes.containsKey(‘User.Division’)) {
70. user.Division = attributes.get(‘User.Division’);
71. }
72. if(attributes.containsKey(‘User.EmployeeNumber’)) {
73. user.EmployeeNumber = attributes.get(‘User.EmployeeNumber’);
74. }
75. if(attributes.containsKey(‘User.Extension’)) {
76. user.Extension = attributes.get(‘User.Extension’);
77. }
78. if(attributes.containsKey(‘User.Fax’)) {
79. user.Fax = attributes.get(‘User.Fax’);
80. }
81. if(attributes.containsKey(‘User.CommunityNickname’)) {
82. user.CommunityNickname = attributes.get(‘User.CommunityNickname’);
83. }
84. if(attributes.containsKey(‘User.ReceivesAdminInfoEmails’)) {
85. String ReceivesAdminInfoEmailsVal = attributes.get(‘User.ReceivesAdminInfoEmails’);
86. user.ReceivesAdminInfoEmails = ‘1’.equals(ReceivesAdminInfoEmailsVal) ||                            Boolean.valueOf(ReceivesAdminInfoEmailsVal);
87. }
88. if(attributes.containsKey(‘User.ReceivesInfoEmails’)) {
89. String ReceivesInfoEmailsVal = attributes.get(‘User.ReceivesInfoEmails’);
90. user.ReceivesInfoEmails = ‘1’.equals(ReceivesInfoEmailsVal) ||                                  Boolean.valueOf(ReceivesInfoEmailsVal);
91. }
92. List<Single_Sign_on__mdt>  singleSignProfileSettings = [SELECT id,Profile_Name__c,
93. LocaleSidKey__c,TimeZoneSidKey__c,EmailEncodingKey__c,
94. LanguageLocaleKey__c FROM Single_Sign_on__mdt
95. WHERE Profile_Name__c = ‘Profile  Name’];
97. List<Profile> profileIds = [SELECT Id, Name FROM Profile
98. WHERE Name =: singleSignProfileSettings[0].Profile_Name__c];
100. if(attributes.containsKey(‘User.LocaleSidKey’)) {
101. user.LocaleSidKey = attributes.get(‘User.LocaleSidKey’);
102. } else if(create) {
103. user.LocaleSidKey = singleSignProfileSettings[0].LocaleSidKey__c;
104. }
105. if(attributes.containsKey(‘User.LanguageLocaleKey’)) {
106. user.LanguageLocaleKey = attributes.get(‘User.LanguageLocaleKey’);
107. } else if(create) {
108. user.LanguageLocaleKey = singleSignProfileSettings[0].LanguageLocaleKey__c;
109. }
110. if( attributes.containsKey(‘User.Alias’) && attributes.get(‘User.Alias’) != ”
111. && attributes.get(‘User.Alias’) != null ) {
112. user.Alias = attributes.get(‘User.Alias’);
113. } else if(create) {
114. String alias = ”;
115. if(user.FirstName == null) {
116. alias = user.LastName;
117. } else {
118. alias = user.FirstName.charAt(0) + user.LastName;
119. }
120. if(alias.length() > 5) {
121. alias = alias.substring(0, 5);
122. }
123. user.Alias = alias;
124. }
125. if(attributes.containsKey(‘User.TimeZoneSidKey’)) {
126. user.TimeZoneSidKey = attributes.get(‘User.TimeZoneSidKey’);
127. } else if(create) {
128. user.TimeZoneSidKey = singleSignProfileSettings[0].TimeZoneSidKey__c;
129. }
130. if(attributes.containsKey(‘User.EmailEncodingKey’)) {
131. user.EmailEncodingKey = attributes.get(‘User.EmailEncodingKey’);
132. } else if(create) {
133. user.EmailEncodingKey = singleSignProfileSettings[0].EmailEncodingKey__c;
134. }
136. /*
137. * If you are updating Contact or Account object fields, you cannot update the following User fields at the same time.
138. * If your identity provider sends these User fields as attributes along with Contact
139. * or Account fields, you must modify the logic in this class to update either these
140. * User fields or the Contact and Account fields. */
142. if(attributes.containsKey(‘User.IsActive’)) {
143.   String IsActiveVal = attributes.get(‘User.IsActive’);
144. user.IsActive = ‘1’.equals(IsActiveVal) || Boolean.valueOf(IsActiveVal);
145. }else if(create){
146. user.IsActive = true;
147. }else if (!create){
148.      List<User> userList = [SELECT isActive,username,Profile.Name,FederationIdentifier
149. FROM User
150. WHERE (FederationIdentifier = :federationIdentifier OR
151.            username =:federationIdentifier) AND isActive = false ];
152. if(userList.size() > 0){
153. user.ProfileId = profileIds[0].Id;
154. user.IsActive = true;
155. }
156. }
157. if(attributes.containsKey(‘User.ProfileId’)) {
158. String userProfileId = attributes.get(‘User.ProfileId’);
159. Profile profileId = [SELECT Id FROM Profile WHERE Id =: userProfileId];
160. user.ProfileId = profileId.Id;
161. } else if(create){
162. user.ProfileId = profileIds[0].Id;
163. }
164. if(attributes.containsKey(‘User.UserRoleId’)) {
165. String userRole = attributes.get(‘User.UserRoleId’);
166. UserRole role = [SELECT Id FROM UserRole WHERE Id=:userRole];
167. user.UserRoleId = role.Id;
168. }
169. if(create)
170. {
171. insert user;
172. }else {
173. update user;
174. }
175. }
176. //Method to insert or update a Contact record
178. @TestVisible
179. private void handleContact(boolean create, String accountId, User user,
180. Map<String, String> attributes) {
181. Contact contactIns;
182. boolean newContact = false;
183. if(create) {
184. if(attributes.containsKey(‘User.Contact’)) {
185. String contact = attributes.get(‘User.Contact’);
186. contactIns = [SELECT Id, AccountId FROM Contact WHERE Id=:contact];
187. user.ContactId = contact;
188. } else {
189. contactIns = new Contact();
190. newContact = true;
191. }
192. }
193. else{
194. List<Contact> contactList = [SELECT Id,User__c,Email,AccountId FROM Contact
195. WHERE User__c=:user.Id ];
196. if(contactList.size() > 0)
197. contactIns = contactList[0];
198. }
199. List<User> userInfo = [SELECT id,FirstName,LastName,Email FROM User WHERE Id =: user.Id];
200. if(attributes.containsKey(‘Contact.Email’)) {
201. contactIns.Email = attributes.get(‘Contact.Email’);
202. }else{
203. //if contact Email id not in map attribute
204. if(userInfo.size() > 0)
205. contactIns.Email = userInfo[0].Email;
206. }
207. if(attributes.containsKey(‘Contact.FirstName’)) {
208. contactIns.FirstName = attributes.get(‘Contact.FirstName’);
209. }else{
210. //if contact FirstName id not in map attribute
211. if(userInfo.size() > 0)
212. contactIns.FirstName = userInfo[0].FirstName;
213. }
214. if(attributes.containsKey(‘Contact.LastName’)) {
215. contactIns.LastName = attributes.get(‘Contact.LastName’);
216. }else{
217. //if contact LastName id not in map attribute
218. if(userInfo.size() > 0)
219. contactIns.LastName =userInfo[0].LastName;
220. }
221. if(attributes.containsKey(‘Contact.Phone’)) {
222. contactIns.Phone = attributes.get(‘Contact.Phone’);
223. }
224. if(attributes.containsKey(‘Contact.MailingStreet’)) {
225. contactIns.MailingStreet = attributes.get(‘Contact.MailingStreet’);
226. }
227. if(attributes.containsKey(‘Contact.MailingCity’)) {
228. contactIns.MailingCity = attributes.get(‘Contact.MailingCity’);
229. }
230. if(attributes.containsKey(‘Contact.MailingState’)) {
231. contactIns.MailingState = attributes.get(‘Contact.MailingState’);
232. }
233. if(attributes.containsKey(‘Contact.MailingCountry’)) {
234. contactIns.MailingCountry = attributes.get(‘Contact.MailingCountry’);
235. }
236. if(attributes.containsKey(‘Contact.MailingPostalCode’)) {
237. contactIns.MailingPostalCode = attributes.get(‘Contact.MailingPostalCode’);
238. }
239. if(attributes.containsKey(‘Contact.OtherStreet’)) {
240. contactIns.OtherStreet = attributes.get(‘Contact.OtherStreet’);
241. }
242. if(attributes.containsKey(‘Contact.OtherCity’)) {
243. contactIns.OtherCity = attributes.get(‘Contact.OtherCity’);
244. }
245. if(attributes.containsKey(‘Contact.OtherState’)) {
246. contactIns.OtherState = attributes.get(‘Contact.OtherState’);
247. }
248. if(attributes.containsKey(‘Contact.OtherCountry’)) {
249. contactIns.OtherCountry = attributes.get(‘Contact.OtherCountry’);
250. }
251. if(attributes.containsKey(‘Contact.OtherPostalCode’)) {
252. contactIns.OtherPostalCode = attributes.get(‘Contact.OtherPostalCode’);
253. }
254. if(attributes.containsKey(‘Contact.AssistantPhone’)) {
255. contactIns.AssistantPhone = attributes.get(‘Contact.AssistantPhone’);
256. }
257. if(attributes.containsKey(‘Contact.Department’)) {
258. contactIns.Department = attributes.get(‘Contact.Department’);
259. }
260. if(attributes.containsKey(‘Contact.Description’)) {
261. contactIns.Description = attributes.get(‘Contact.Description’);
262. }
263. if(attributes.containsKey(‘Contact.Fax’)) {
264. contactIns.Fax = attributes.get(‘Contact.Fax’);
265. }
266. if(attributes.containsKey(‘Contact.HomePhone’)) {
267. contactIns.HomePhone = attributes.get(‘Contact.HomePhone’);
268. }
269. if(attributes.containsKey(‘Contact.MobilePhone’)) {
270. contactIns.MobilePhone = attributes.get(‘Contact.MobilePhone’);
271. }
272. if(attributes.containsKey(‘Contact.OtherPhone’)) {
273. contactIns.OtherPhone = attributes.get(‘Contact.OtherPhone’);
274. }
275.   if(attributes.containsKey(‘Contact.Title’)) {
276. contactIns.Title = attributes.get(‘Contact.Title’);
277. }
278. if(attributes.containsKey(‘Contact.Salutation’)) {
279. contactIns.Salutation = attributes.get(‘Contact.Salutation’);
280. }
281. if(attributes.containsKey(‘Contact.LeadSource’)) {
282. contactIns.LeadSource = attributes.get(‘Contact.LeadSource’);
283. }
284. if(attributes.containsKey(‘Contact.DoNotCall’)) {
285.       String DoNotCallVal = attributes.get(‘Contact.DoNotCall’);
286. contactIns.DoNotCall = ‘1’.equals(DoNotCallVal) || Boolean.valueOf(DoNotCallVal);
287. }
288. if(attributes.containsKey(‘Contact.HasOptedOutOfEmail’)) {
289. String HasOptedOutOfEmailVal = attributes.get(‘Contact.HasOptedOutOfEmail’);
290. contactIns.HasOptedOutOfEmail = ‘1’.equals(HasOptedOutOfEmailVal) ||                                Boolean.valueOf(HasOptedOutOfEmailVal);
291. }
292. if(attributes.containsKey(‘Contact.HasOptedOutOfFax’)) {
293. String HasOptedOutOfFaxVal = attributes.get(‘Contact.HasOptedOutOfFax’);
294. contactIns.HasOptedOutOfFax = ‘1’.equals(HasOptedOutOfFaxVal) ||                                    Boolean.valueOf(HasOptedOutOfFaxVal);
295. }
296. if(attributes.containsKey(‘Contact.Owner’)) {
297. contactIns.OwnerId = attributes.get(‘Contact.Owner’);
298. }
299. if(attributes.containsKey(‘Contact.AssistantName’)) {
300. contactIns.AssistantName = attributes.get(‘Contact.AssistantName’);
301. }
302. if(attributes.containsKey(‘Contact.Birthdate’)) {
303. contactIns.Birthdate = Date.valueOf(attributes.get(‘Contact.Birthdate’));
304. }
305. contactIns.AccountId = accountId;
306. contactIns.User__c = user.Id;
307. if(newContact) {
308. Database.DMLOptions dml = new Database.DMLOptions();
309. dml.DuplicateRuleHeader.allowSave = true;
310. dml.DuplicateRuleHeader.runAsCurrentUser = true;
311. Database.SaveResult sr = Database.insert(contactIns, dml);
312. } else {
313. update(contactIns);
314. }
315. }
316. //Method to insert or update a Account record
318. @testVisible
319. private String handleAccount(boolean create, User user, Map<String, String> attributes) {
320. Account accIns;
321. boolean newAccount = false;
322. if(create) {
323. if(attributes.containsKey(‘User.Account’)) {
324. String account = attributes.get(‘User.Account’);
325. accIns = [SELECT Id FROM Account WHERE Id=:account];
326. } else {
327. if(attributes.containsKey(‘User.Contact’)) {
328. String contact = attributes.get(‘User.Contact’);
329. Contact con = [SELECT Id, AccountId FROM Contact WHERE Id =: contact];
330. String account = con.AccountId;
331. accIns = [SELECT Id FROM Account WHERE Id=:account];
332. } else {
333. accIns  = new Account();
334. newAccount = true;
335. }
336. }
337. } else {
338. if(attributes.containsKey(‘User.Account’)) {
339. String account = attributes.get(‘User.Account’);
340. accIns = [SELECT Id FROM Account WHERE Id=:account];
341. }
342. else {
343. if(attributes.containsKey(‘User.Contact’)) {
344. String contact = attributes.get(‘User.Contact’);
345. Contact con = [SELECT Id, AccountId FROM Contact WHERE Id=:contact];
346. String account = con.AccountId;
347. accIns = [SELECT Id FROM Account WHERE Id=:account];
348. } else{
349. List<Contact> con = [SELECT Id,User__c,Email, AccountId FROM Contact
350. WHERE  User__c =: user.Id];
351. If(con.Size() > 0){
352.      String account = con[0].AccountId;
353. accIns = [SELECT Id,Name FROM Account WHERE Id=:account];
354. }
355. }
356. }
357. }
358. List<User> userInfo = [SELECT id,FirstName,LastName,Email FROM User WHERE Id =: user.Id];
359. if(attributes.containsKey(‘Account.Name’)) {
360. accIns.Name = attributes.get(‘Account.Name’);
361. }else{
362. if(userInfo.size() > 0)
363. {
364. if(userInfo[0].FirstName != null)
365. {
366. accIns.Name = userInfo[0].FirstName +’ ‘+ userInfo[0].LastName;
367. }
368. }
369.     else
370. accIns.Name = user.Email;
371. }
372. if(attributes.containsKey(‘Account.AccountNumber’)) {
373. accIns.AccountNumber = attributes.get(‘Account.AccountNumber’);
374. }
375. if(attributes.containsKey(‘Account.Owner’)) {
376. accIns.OwnerId = attributes.get(‘Account.Owner’);
377. }
378. if(attributes.containsKey(‘Account.BillingStreet’)) {
379. accIns.BillingStreet = attributes.get(‘Account.BillingStreet’);
380. }
381. if(attributes.containsKey(‘Account.BillingCity’)) {
382. accIns.BillingCity = attributes.get(‘Account.BillingCity’);
383. }
384. if(attributes.containsKey(‘Account.BillingState’)) {
385. accIns.BillingState = attributes.get(‘Account.BillingState’);
386. }
387. if(attributes.containsKey(‘Account.BillingCountry’)) {
388. accIns.BillingCountry = attributes.get(‘Account.BillingCountry’);
389. }
390. if(attributes.containsKey(‘Account.BillingPostalCode’)) {
391. accIns.BillingPostalCode = attributes.get(‘Account.BillingPostalCode’);
392. }
393. if(attributes.containsKey(‘Account.AnnualRevenue’)) {
394. accIns.AnnualRevenue = Integer.valueOf(attributes.get(‘Account.AnnualRevenue’));
395. }
396. if(attributes.containsKey(‘Account.Description’)) {
397. accIns.Description = attributes.get(‘Account.Description’);
398. }
399. if(attributes.containsKey(‘Account.Fax’)) {
400. accIns.Fax = attributes.get(‘Account.Fax’);
401. }
402. if(attributes.containsKey(‘Account.NumberOfEmployees’)) {
403. accIns.NumberOfEmployees = Integer.valueOf(attributes.get(‘Account.NumberOfEmployees’));
404. }
405. if(attributes.containsKey(‘Account.Phone’)) {
406. accIns.Phone = attributes.get(‘Account.Phone’);
407. }
408. if(attributes.containsKey(‘Account.ShippingStreet’)) {
409. accIns.ShippingStreet = attributes.get(‘Account.ShippingStreet’);
410. }
411. if(attributes.containsKey(‘Account.ShippingCity’)) {
412. accIns.ShippingCity = attributes.get(‘Account.ShippingCity’);
413. }
414. if(attributes.containsKey(‘Account.ShippingState’)) {
415. accIns.ShippingState = attributes.get(‘Account.ShippingState’);
416. }
417. if(attributes.containsKey(‘Account.ShippingCountry’)) {
418. accIns.ShippingCountry = attributes.get(‘Account.ShippingCountry’);
419. }
420. if(attributes.containsKey(‘Account.ShippingPostalCode’)) {
421. accIns.ShippingPostalCode = attributes.get(‘Account.ShippingPostalCode’);
422. }
423. if(attributes.containsKey(‘Account.Sic’)) {
424. accIns.Sic = attributes.get(‘Account.Sic’);
425. }
426. if(attributes.containsKey(‘Account.TickerSymbol’)) {
427. accIns.TickerSymbol = attributes.get(‘Account.TickerSymbol’);
428. }
429. if(attributes.containsKey(‘Account.Website’)) {
430. accIns.Website = attributes.get(‘Account.Website’);
431. }
432. if(attributes.containsKey(‘Account.Industry’)) {
433. accIns.Industry = attributes.get(‘Account.Industry’);
434. }
435. if(attributes.containsKey(‘Account.Ownership’)) {
436. accIns.Ownership = attributes.get(‘Account.Ownership’);
437. }
438. if(attributes.containsKey(‘Account.Rating’)) {
439. accIns.Rating = attributes.get(‘Account.Rating’);
440. }
441. if(newAccount) {
442. Database.DMLOptions dml = new Database.DMLOptions();
443. dml.DuplicateRuleHeader.allowSave = true;
444. dml.DuplicateRuleHeader.runAsCurrentUser = true;
445. Database.SaveResult sr = Database.insert(accIns, dml);
446. } else {
447. update(accIns);
448. }
449. return accIns.Id;
450. }
451. //This method is called if the user has logged in before with SAML single sign-on and then logs in again
453. private void handleJit(boolean create, User user, Id samlSsoProviderId, Id communityId,
454. Id portalId, String federationIdentifier, Map<String, String> attributes, String assertion) {
455. if(communityId != null || portalId != null) {
456. handleUser(create, user, attributes, federationIdentifier, false);
457.      String account = handleAccount(create, user, attributes);
458. handleContact(create, account, user, attributes);
459. } else {
460. handleUser(create, user, attributes, federationIdentifier, true);
461. }
462. }
463. /*Returns a User object using the specified Federation ID.
464. * The User object corresponds to the user information and may be a new user that hasn’t t been inserted in the database
465. * or may represent an existingser record in the database. */
466. global User createUser(Id samlSsoProviderId, Id communityId, Id portalId,
467. String federationIdentifier,Map<String, String> attributes, String assertion) {
469. User userIns = new User();
470. handleJit(true, userIns, samlSsoProviderId, communityId, portalId, federationIdentifier,
471. attributes, assertion);
472. return userIns;
473. }
475. /*Updates the specified user’s information.
476. * This method is called if the user has logged in before with SAML single sign-on and then logs in again*/
478. global void updateUser(Id userId, Id samlSsoProviderId, Id communityId, Id portalId,
479. String federationIdentifier,
480. Map<String, String> attributes, String assertion) {
482. User user = [SELECT Id, FirstName, ContactId FROM User WHERE Id =:userId];
483. handleJit(false, user, samlSsoProviderId, communityId, portalId,federationIdentifier,
484. attributes, assertion);
485. }
486. }