Integrating Salesforce SSO With Doc360 Using JWT to Avoid Email Domain Conflict- A Success Story
Managing an online community and a knowledge base simultaneously can prove to be an uphill battle. Especially when both are hosted on different platforms.
One of our customers, a leading cybersecurity organization, had developed a platform that stimulates hacker breach methods by running continuous ‘war games’ to identify breach scenarios across network systems.
They had an online community hosted on Salesforce and a knowledge base on Document360. They wanted their community users to get easy access to all knowledge in Document360, in their Salesforce community.
In this article, we will cover all about the integration process, the solution that we offered, and how it helped the customer in improving their overall operations.
How it Began
The customer wanted to shift their knowledge base to Document360 so that the community users could access it and find solutions to their queries easily. Initially, we performed a basic implementation by creating readers, but it had certain limitations in SAML.
The implementation worked seamlessly within internal domains, but would block the external users from getting view access to the available knowledge. The customers wanted their internal as well as external users to get access to all the knowledge resources, so, they recommended JWT SSO. The customer wanted a solution to combat this challenge.
What We Did
After a thorough assessment of the customer’s requirements, we offered them the following solution:
- In the event where any community user tries to access the knowledge base site, they will be redirected to the community login page.
- After successfully logging in, they will be redirected to a VF page and then to the authenticated knowledge base URL.
- Access will be allowed only when the user is authorized.
Here’s how we set up JWT SSO in Document360:
1. We went to Document360’s settings.
2. In Enterprise SSO, we clicked on JWT and enabled it.
3. Then, we copied client ID and client secret.
Here are some use cases that showcase the implementation of Document360 in Salesforce:
Create Apex Class:
- Create a method called getCode.
- Generate a basic authorization header using client ID and client secret provided by Document360.
- Create a post request and set the endpoint as “https://identity.document360.io//jwt/generateCode”
- The following payload will go inside the request body :-
{
“username” = “firstname + lastname”,
“firstName” = “firstname”,
“lastName” = “lastname”,
“emailId” = “user emailId”,
“readerGroupIds”: [“Obtain from Reader groups overview page in the Document360 portal (Optional)”],
“tokenValidity”: 15 //minutes
}
These details can be obtained from User Info.
Create VF Page:
- The controller will be the class we created above.
- Inside the VF page, add a script tag.
- As the window loads, the user will be redirected to the following endpoint:- “https://myknowledge.document360.io/jwt/authorize?code={!code}”
- Now, grant community users access to this VF Page.
Create Connected App:
- Enable SAML.
- Set the ACS URL to the VF Page URL in the community.
- Choose any value for other fields.
- Click on Save.
- Copy the IDP-Initiated Login URL under SAML login information.
- Add this connected app to the community user profile.
Document360 Setup
Finally, paste the login URL in the Login URL field under JWT basic configuration, which is under the JWT tab of the Enterprise SSO section.
After following all these steps, the customer was able to give access to all knowledge in their Salesforce community to their internal as well as external users on Document360.
If you’d like to know more about this implementation or our community-building expertise, drop us a line at [email protected], and we’ll take it from there.