Give Internal Users Login Access to Communities Through an External Authentication Provider

Previously, internal users accessed a community either through the community login page or by logging in to Salesforce and accessing the community through SAML single sign-on (SSO). Now internal users can access a community through an external authentication provider for apps that support the OpenID Connect protocol, such as Facebook.

Where: This change applies to all communities in Enterprise, Performance, Unlimited, and Developer editions.

How: Your Salesforce developer must update the Apex createUser(portalId, userData) registration handler method to account for both internal and external user creation during OpenID Connect SSO to communities. For example, the developer can use a unique attribute in the userData object to determine whether the newly created user is internal or external.

The remaining processes of creating external users, configuring the service provider website, and defining the authentication provider in your org remain the same.