05 July 2019

Using Single Sign-on with Trailhead

In March, Trailhead introduced a new identity service called Trailblazer ID (TBID). This innovation enables Salesforce to create a foundation for unifying community properties such as Trailhead and the Trailblazer Community. But under the covers, there are a number of incredible innovations, one of which I'm asked about at least once per week -

"Can I single sign-on (SSO) and deep link to content on Trailhead without having my users login to Salesforce first and navigate through the site?" 

The short answer is, YES!

There is one important caveat, of the four login types including Salesforce, Google, LinkedIn, and Email, this solution will only work with your Salesforce login.

Trailblazer ID Login Options

As a result, you need to link your Trailhead account using a Salesforce org login to make SSO work. This is because it gives TBID enough information about who you are to log you in correctly using our SSO solution.

The following excerpt is customized from the myTrailhead Help & Training docs (I can't take credit for that writing - the myTrailhead doc writer deserves all the credit) that describes how to create an SSO deep link to content on myTrailhead. However, with one small change described in this blog post, it works for Trailhead as well.

myTrailhead Help & Training Docs

The second section of this blog post describes how you can apply that deep link using a simple formula customization built on top of Trail Tracker to make it 'button click' easy to access content on Trailhead as a logged in user.

Let's say you work at the Pacifica company, and you want to single sign-on an Administrator to the Advanced Formulas module on Trailhead. You can build a link that initiates the necessary relays to confirm that a user is authenticated and then takes the user to the module.

For example, this SSO link leads to the Advanced Formulas module on Trailhead.

https://trailblazer.me/relay?community=trailhead&mydomain=pacificalearning&path=/content/learn/modules/advanced_formulas/

Follow this process to build the link.

Navigate to the Trailhead content that you want to link to, such as the Advanced Formulas module.

Keep the page open in a browser so that you can refer to it. The URL contains some of the details required to create the SSO link.

Example: https://trailhead.salesforce.com/content/learn/modules/advanced_formulas/

Advanced Formulas Module - Logged In User

This URL contains the following information for building an SSO link.

Trailblazer ID Communitytrailhead
Namespace namelearn
Content typemodules
Content API nameadvanced_formulas
Name the online location of the relay servicetrailblazer.me

Example: https://trailblazer.me

Add the relay prompt that initiates SSO authentication: /relay?.

Example: https://trailblazer.me/relay?

Now tell the relay where to go by adding community=trailhead.

Example: https://trailblazer.me/relay?community=trailhead

Add an ampersand (&) and one of the following, depending on whether My Domain is set up in your Salesforce org.

If My Domain is set up in your Salesforce org, add mydomain= and your My Domain name, such as pacificalearning.

If My Domain is not set up in your Salesforce org, add instance= and the instance where your Salesforce org is located, such as na57.

Example:

With My Domain:

https://trailblazer.me/relay?community=trailhead&mydomain=pacificalearning

Without My Domain:

https://trailblazer.me/relay?community=trailhead&instance=na57

NOTE To determine if My Domain is set up in your Salesforce org, navigate to Setup > My Domain. If your org uses My Domain, the domain name is on that page. To determine the instance where your Salesforce org is located, in your org, navigate to Setup > Company Information.
You’ve built the part of the link that confirms whether the user is authenticated through SSO. Now add the path to the content where you want to take your users.

Add &path=/content/.

Example:

With My Domain:

https://trailblazer.me/relay?community=trailhead&mydomain=pacificalearning&path=/content/

Without My Domain:

https://trailblazer.me/relay?community=trailhead&instance=na57&path=/content/

To add the path to the content, refer to the URL that you navigated to in step 1. Add:
The content type, such as modules/ or trails/.
Your namespace name, such as pacificalearning/
The content API name, such as advanced_formulas

Example:

With My Domain:

https://trailblazer.me/relay?community=trailhead&mydomain=pacificalearning&path=/content/learn/modules/advanced_formulas/

Without My Domain:

https://trailblazer.me/relay?community=trailhead&instance=na57&path=/content/learn/modules/advanced_formulas/

Now you’ve created the SSO authentication link that you can send to your users!

But how would you use this in the real world?

You could use this to generate links using an Excel formula and sending the links out via branded emails as invitations to complete Trailhead badges. The downside of this solution is that if you haven't logged into your organization yet, you'll have to first login since we don't have enough information from your email alone to log you into Trailhead.

Another way you could auto-generate these SSO deep links to Trailhead content is to build a formula field in your org with Trail Tracker. I like this approach over email because it guarantees that you're already logged into your Salesforce organization.

Button Click using Single Sign-on to a Trailhead Module

The flow is pretty straight forward: when you view a badge record, you can click on a custom field, in this case called Single Sign-on URL, it will login you into Trailhead automatically and navigate to the Advanced Formulas module. And if you haven't already registered as a Trailhead user, don't worry, TBID will take you through the progressive profile to create a new user and then return you to the Advanced Formulas module when you're done.

To create the field, you just need to go to Setup as an Administrator and under the Badge object, create a new formula field called Single Sign-on URL.

Badge Formula Field

The following formula is a starting point for trying this out in your org. It checks the type of badge (If Module, Then Project, Then Superbadge, Else "None") and then constructs the SSO URL by parsing the standard trailheadapp__URL__c field that comes with the Trail Tracker App.

Formula:

IF (ISPICKVAL(trailheadapp__Type__c, 'Module'), HYPERLINK('https://trailblazer.me/relay?community=trailhead&mydomain=pacificalearning&path=/content/learn/modules/'&IF(BEGINS( trailheadapp__URL__c , "https://"), MID( trailheadapp__URL__c , FIND('https://',  trailheadapp__URL__c , 1)+50, (LEN( trailheadapp__URL__c ) - FIND('https://',  trailheadapp__URL__c , 1)+50)),  trailheadapp__URL__c  ),  Name  , '_blank'),IF (ISPICKVAL(trailheadapp__Type__c, 'Project'), HYPERLINK('https://trailblazer.me/relay?community=trailhead&mydomain=pacificalearning&path=/content/learn/projects/'&IF(BEGINS( trailheadapp__URL__c , "https://"), MID( trailheadapp__URL__c , FIND('https://',  trailheadapp__URL__c , 1)+50, (LEN( trailheadapp__URL__c ) - FIND('https://',  trailheadapp__URL__c , 1)+50)),  trailheadapp__URL__c  ),  Name  , '_blank'),IF (ISPICKVAL(trailheadapp__Type__c, 'Superbadge'), HYPERLINK('https://trailblazer.me/relay?community=trailhead&mydomain=pacificalearning&path=/content/learn/superbadges/'&IF(BEGINS( trailheadapp__URL__c , "https://"), MID( trailheadapp__URL__c , FIND('https://',  trailheadapp__URL__c , 1)+56, (LEN( trailheadapp__URL__c ) - FIND('https://',  trailheadapp__URL__c , 1)+56)),  trailheadapp__URL__c  ),  Name  , '_blank'), "none")))

That's the power of the Salesforce platform. From there, you can introduce this link in Login Flows, Workflows, Notifications, Reports, and pretty much anywhere the formula can be presented to a user.

Single Sign-on to Trailhead from your Salesforce organization is possible to help you ramp your team on Salesforce.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.