You basically have two types of Salesforce users:

1. Those who you grant permission to read your documentation.
2. Those who you grant permission to read, update and create documentation.

Once you have set up single sign-on with Salesforce both types of users will be able to login to the ScreenSteps website using their Salesforce credentials.

When a user logs into your ScreenSteps website for the first time via Salesforce one of two things happens:

• ScreenSteps looks to see if it has a user record that matches the email of the Salesforce user. If it finds a match then the user is logged in under that email address.
• If ScreenSteps can not find a user with that email then a new user record is created for the Salesforce user in ScreenSteps. That user will have a role of reader. They will then be added the reader group that is attached to any sites that have been attached to your authentication endpoint.

If you want a Salesforce user to be able to function as an admin or contributor then you need to do one of two things:

• If the user has already logged in and a record has been created for them in ScreenSteps then change their role from reader to admin, editor or author.
• If the user has not logged in yet, create a new record for them in ScreenSteps with the same email address that they use in Salesforce. When they login to ScreenSteps, ScreenSteps will match the two records up.