Salesforce Identity Flows

Diagrams and notes in these sections consolidate information about the various single sign on, OAuth 2.0 and security flows supported by Salesforce:

Salesforce Single Sign On Flows

General OAuth 2.0 Flows

Specialised OAuth 2.0 Flows

Salesforce Layered Flows

OAuth 2.0 Login and Consent

TLS and Salesforce

The level of detail and presentation style in official documentation varies quite a bit, so the diagrams are intended to give a consistent representation and make it easy to see key differences.

For some of the flows, for example Open ID Connect, official Salesforce documentation is very light, so the flows are based on protocol specifications, third party documentation and observations of browser traffic.

I put these together while preparing for Salesforce Technical Architect certification. The scope and detail is intentionally high level and covers significant aspects to know for the board. For detail around implementing these flows with Salesforce, the official documentation is usually best.

Authors, contributions and thanks

Many others have helped shape and improve the content in these sections.

TLS and Salesforce was co-authored with Martin Vyskocil, who suggested this to be covered and wrote the original draft. Charlie Guo and Gianluca Calcagni reviewed and contributed improvements.

Crystal Zhu recommended including information around the Client Credentials Grant flow and wrote this section.

Nicolas Vanden Bossche created the amazing Identity Flows Heroku App which describes and illustrates many of these flows in action.

Early versions of most of this content was shared with the Salesforce Architect Trailblazer community in 2019, and was improved with input from many people, including Matt Morris, Charlie Guo, Nicolas Vanden Bossche, Shrey Tyagi, Melissa Shepard, Petr Svestka, Michael Eckert and others.

Thanks to everyone who's helped out. Any feedback or suggestions for changes please get in touch!