Skip to main content
This guide explains how to use Salesforce as an Identity Provider to allow single sign-on (SSO) into your ngrok dashboard. This should not be confused with securing your ngrok edge to allow your application users to log in using Salesforce.

What you’ll need

  • Admin access to create new applications in Salesforce.
  • Admin access to edit your ngrok account settings.
  • An ngrok Enterprise account or an SSO/Account Governance license.
The OIDC flow is initiated from your Applications login page. (OIDC Service Provider flow is not supported.)

1. Configure Salesforce

Create a new External Client App in Salesforce, then configure it as follows. In the Policies tab:
  • Go to App Policies.
  • Set Start Page to Custom.
  • Set Custom Start URL to https://dashboard.ngrok.com/login/sso.
In the Settings tab:
  • Go to Basic Information and set the External Client App Name.
  • Go to OAuth Settings > App Settings and set:
    • OAuth Scopes: Access the Identity URL Service (id, profile, email, address, phone), Access unique identifiers (openid), Access custom permissions (custom_permissions)
    • Configure ID Token: Set ID Token Audience to https://idp.ngrok.com, Include Standard Claims, and Custom Attributes
    • Flow Enablement: Enable Authorization Code and Credentials Flow
    • Security: Require Secret for Web Server Flow and Require Secret for Refresh Token Flow
Note your Client ID (Consumer Key) and Secret from OAuth Settings > App Settings.

2. Configure ngrok

  • Log into your ngrok dashboard and navigate to Settings > Account.
  • Click + New Identity Provider and select New OpenID Connect Provider.
  • Add a description and set the following details:
    • Issuer URL, in the format [yourdomain]-dev-ed.develop.lightning.force.com
    • Client ID (from Salesforce)
    • Client Secret (from Salesforce)
You can now log into your ngrok account using Salesforce. By default, users can log into ngrok with their existing credentials as well as through Salesforce (“Mixed Mode”). After you verify that the integration works, enable SSO Enforced in the ngrok dashboard to require all new users to log in through Salesforce.