Yet Another Salesforce Tech Blog

9/30/2025

Generate SAML SSO link for Experience Cloud or My Domain

If you are implementing a custom login for an Experience Cloud site and want to use SSO to authenticate users you can utilize the getSamlSsoUrl in the Auth.AuthConfiguration class using the SAML config in Salesforce

The method takes as argument

communityUrl – The URL for the Experience Cloud site or My Domain, if null is passed it defaults to the MyDomain
startUrl – the page users see after successfull login, I noticed that this can not redirect outside of Salesforce domain
samlId – The unique identifier of the SamlSsoConfig standard object. The Id is unique for each environment so it needs to be queried with SOQL for example with DeveloperName, for example like
- SELECT Id, DeveloperName FROM SamlSsoConfig WHERE DeveloperName = 'Name of SAML config'].Id
- Can also be stored in custom metadata and queried based on environment, see Environment Info

Here is an example implementation in Apex (used from LWC) to get the url which to redirect, in this example null is passed in to use the MyDomain subdomain, if the community url is used the EntityId in the SAML config needs to match the issuer in the SAML AuthRequest

    @AuraEnabled
    public static String internalLoginUrl(String startUrl) {
        return Auth.AuthConfiguration.getSamlSSoUrl(null,
                startUrl, [SELECT Id, DeveloperName FROM SamlSsoConfig WHERE DeveloperName = 'Migrated_SAML_Config'].Id);
    }

Hint! Use a SAML browser extension to see the decoded SAML asserts in the browser, for example this

Jani Ruohomaa

apex, identity

apex, Experience Cloud, SAML, SSO

Generate SAML SSO link for Experience Cloud or My Domain

Share this:

Leave a comment Cancel reply