> ## Documentation Index
> Fetch the complete documentation index at: https://ngrok.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Salesforce Dashboard Single Sign-On (SSO) Using OIDC

> Use Salesforce's managed applications to add single sign-on (SSO) for your ngrok dashboard using the OIDC integration.

This guide explains how to use Salesforce as an Identity Provider to allow single sign-on (SSO) into your ngrok dashboard.
This should not be confused with securing your ngrok edge to allow your application users to log in using Salesforce.

## What you'll need

* Admin access to create new applications in Salesforce.
* Admin access to edit your ngrok account settings.
* An [ngrok Pay-as-you-go account](https://ngrok.com/pricing) or an SSO/Account Governance license.

<Note>
  The OIDC flow is initiated from your Applications login page.
  (OIDC Service Provider flow is not supported.)
</Note>

## 1. Configure Salesforce

Create a new External Client App in Salesforce, then configure it as follows.

In the **Policies** tab:

* Go to **App Policies**.
* Set **Start Page** to **Custom**.
* Set **Custom Start URL** to `https://dashboard.ngrok.com/login/sso`.

In the **Settings** tab:

* Go to **Basic Information** and set the External Client App Name.
* Go to **OAuth Settings > App Settings** and set:
  * OAuth Scopes: Access the Identity URL Service (id, profile, email, address, phone), Access unique identifiers (openid), Access custom permissions (custom\_permissions)
  * **Configure ID Token**: Set **ID Token Audience** to `https://idp.ngrok.com`, **Include Standard Claims**, and **Custom Attributes**
  * Flow Enablement: **Enable Authorization Code and Credentials Flow**
  * Security: **Require Secret for Web Server Flow** and **Require Secret for Refresh Token Flow**

Note your Client ID (Consumer Key) and Secret from **OAuth Settings > App Settings**.

## 2. Configure ngrok

* Log into your ngrok dashboard and navigate to **Settings > Account**.
* Click **+ New Identity Provider** and select **New OpenID Connect Provider**.
* Add a description and set the following details:
  * Issuer URL, in the format `[yourdomain]-dev-ed.develop.lightning.force.com`
  * Client ID (from Salesforce)
  * Client Secret (from Salesforce)

You can now log into your ngrok account using Salesforce.

By default, users can log into ngrok with their existing credentials as well as through Salesforce ("Mixed Mode").
After you verify that the integration works, enable **SSO Enforced** in the ngrok dashboard to require all new users to log in through Salesforce.
