What are Auth. Providers used for?

Auth. Providers is the Setup page for registering external identity providers (Google, Microsoft, Apple, custom OIDC) so users can sign in with those credentials.

What is the registration handler?

The registration handler is an Apex class that runs on first login through an Auth. Provider, typically to create or link the Salesforce User record.

Which of these is NOT a built-in supported provider?

Oracle databases are not identity providers. Google, Facebook, and custom OIDC providers are all supported Auth. Provider types.

Auth. Providers

Administration🟡 Intermediate

Definition

Auth. Providers (Authentication Providers) is a Setup page where administrators configure external identity providers that Salesforce can use for single sign-on (SSO) and social sign-on authentication. Supported providers include Google, Facebook, LinkedIn, Twitter, Apple, Microsoft, and custom OpenID Connect providers. Auth. Providers enable users to log in to Salesforce or Experience Cloud sites using their existing credentials from these external services.

Real-World Example

When a Salesforce administrator at Coastal Health needs to streamline operations, they turn to Auth. Providers to maintain data quality and enforce organizational policies across the platform. By properly setting up Auth. Providers, they prevent common data entry errors and ensure that users follow established business processes, which saves the support team hours of cleanup work each week.

Why Auth. Providers Matters

Auth. Providers (short for Authentication Providers) is a Salesforce Setup page where administrators register external identity providers for single sign-on (SSO) and social sign-on. Supported providers include Google, Facebook, LinkedIn, Twitter, Apple, Microsoft, Salesforce itself (for cross-org SSO), and any custom OpenID Connect provider. Once configured, users can log in to Salesforce or Experience Cloud sites using their credentials from these external services rather than maintaining a separate Salesforce password.

Each Auth. Provider configuration includes the external provider's client ID, client secret, endpoint URLs, and a registration handler (an Apex class that decides what to do when a new user logs in for the first time). The registration handler is the glue between the external identity and the Salesforce User record, and it's typically where you map attributes from the external provider (like name, email, or group membership) onto Salesforce fields. Auth. Providers are especially common on Experience Cloud sites where customer-facing login should use familiar consumer identity providers rather than a Salesforce username.

How Organizations Use Auth. Providers

•Coastal Health — Configured Google Auth. Provider for an Experience Cloud patient portal so patients can log in with their existing Google account. This dramatically reduced password reset support tickets from the portal user base.
•BrightEdge Solutions — Uses Microsoft Auth. Provider for internal SSO, so Salesforce users sign in with their corporate Azure AD credentials. Deprovisioning a user in Azure AD immediately revokes their Salesforce access as well.
•Vertex Global — Built a custom OpenID Connect Auth. Provider to integrate with their proprietary identity system. The registration handler maps user attributes from the identity system onto Salesforce User fields on first login.