Skip to main content

Glance for Salesforce - Panorama/SSO Setup

The Glance for Salesforce - Panorama/SSO Setup Guide has been created to explain Panorama and SSO.

Glance for Salesforce - Panorama/SSO Setup


This requires Glance for Salesforce version 2.49+

Latest (v2.56.2):


Note that Single-Sign-On only works with Glance Panorama for Show, View and Cobrowse or for Cobrowse in a browser without Panorama.  It does NOT work for Show/View with the Glance 2.x client  (traditional Glance for Salesforce usage). [***EFH Panorama Show/View with SSO seems to have a bug in 2.56.2, cobrowse works]



This version of G4S requires setting up user permissions for Glance or for Glance with Panorama.  If no permissions are set then you will see the Glance logo but no buttons.


There are three new Custom Permissions:

G4S.Glance for Salesforce

G4S.Glance for Salesforce - Panorama

G4S.Agent Video


These can be added to Custom Permissions on a Profile or Permission Set  

[*** Why isn’t the first one at least on Glance_Permission_Set_Admin, Glance_Permission_Set_Standard_User??]



Using Panorama

Giving a User the “G4S.Glance for Salesforce - Panorama” Custom Permission will cause the Show, View and Cobrowse buttons to all invoke the Panorama client.  This allows some subset of Users to be using Panorama while others do not.  This permission can be set on a Profile or Permission Set.


Panorama can be used without Single-Sign-On, the user should have their Glance account registered in Glance User Settings and they will need to login separately to the Panorama client.

Agent Video

Panorama Agent Video is enabled when the user has a subscription with video capability.  It can also be disabled by a Glance Administrator in My Account > Settings.  When the agent has video capability they can turn on agent video from the Panorama client using the webcam button.   


It is also possible to have agent video automatically start when a cobrowse session is joined from Salesforce.  This is enabled by giving the User the “G4S.Agent Video” permission.


Single-Sign-On uses a Glance group API Key to generate Login Keys.  [***G4S SSO does not use SAML, Glance does have an IFRAMED “Launch button” which uses SAML ].  Users must still be provisioned in Glance with a Partner User ID (PUID) that is also available in Salesforce.


Single-Sign-On cannot be set up solely by a Salesforce Administrator, there is one step that must be done by Glance from the License Management App (in Glance production org)


  1. Determine what field on the Salesforce User object will contain the PartnerUserID value.  This can be any string available in Salesforce.  It may be convenient to use the Salesforce UserID itself.  It is also common to use a value in the User FederationID field (also used for SAML).


  1. Ensure the users are provisioned in Glance with the PartnerUserId set.  This can be done via the Provisioning API, or bulk uploading a CSV file to the Partner Portal.  Existing users can have their PUID set by Glance [on Person Detail, use the “PUID” link].


  1. Find or create the Group’s API Key in their Glance My Account > Settings


  1. Set the API Key in the customer’s Salesforce org Glance Custom Settings:

    1. An admin in the customer org needs to grant login access to Glance (Setup > Personal Setup > Grant Login Access)

    2. A Glance SF admin then logs into the License Management Org (our main production org)

    3. From All Tabs choose Subscribers

    4. Search for the customer org and click it

    5. The customer user should be listed under "Login Access Granted"

    6. Click "Login" next to the name, then you'll be logged into the customer org

    7. Go to Setup > Custom Settings

    8. Next to "Credentials Key" click "Manage"

    9. Click "Edit", enter the API Key for the group


  1. In the customer org the admin can then go to Glance Company Settings, click Edit and check Enable SSO


  1. Select the User field containing the Partner User ID (see step 1)


  1. Set the SSO expiration time (in seconds).   This is the time the generate login key is valid.  The default is 60 seconds, but you may want to set this higher (e.g. 3600).   The login key is generated when the user visits the Lead, Contact or other page containing Glance buttons.  If the user stays on the page for more than the expiration time, the key will have expired and they must refresh the SF page.


How SSO works

A user can be authenticated to various Glance services, either on the web or via the clients using a Login Key.  


Authentication requires a Glance PartnerId (Group Id), a PartnerUserId to identify the User within the Group and a LoginKey.  All three are passed on a web page URL or a custom protocol URL invoking the client.


G4S generates a LoginKey using the API Key provisioned in the customer Org Custom Settings, the PartnerUserId (from the specified Salesforce User field) and the GroupId of the default admin user.


G4S then passes the LoginKey, PartnerId, PartnerUserId to Glance.


For web agents these are passed on the cobrowse join URL (See “Single sign-on” under “Joining a Session Through CRM Integration” in the Glance Cobrowse Setup Guide)


For Panorama agents, the LoginKey and other parameters are passed to the client on the glancepanorama://… protocol URL.

Flow Diagram



Detailed Flow


Agent Browser



Protocol Handler

Glance Panorama Client


Web Services


Browser requests object (Lead, Contact, Case) from SFDC

SF serves page layout with embedded G4S VF page



Browser requests G4S VF page

G4S Apex code retrieves PartnerId (GroupId) from Company Settings, PartnerUserId from specified User field and shared secret APIKey from Custom Settings.  Generates LoginKey and glancepanorama:// protocol URL.  Responds with page containing buttons, Javascript and URL



Agent clicks Glance button.  Javascript invokes protocol URL


Registered protocol handler (GlanceLauncher.exe) is opened with URL containing command and parameters,  PartnerId, PartnerUserId, LoginKey




Protocol handler exe launches Glance Panorama if not runnng, then transmits protocol URL (via ServiceModel/named pipes)

Panorama client receives and parse protocol URL




Panorama client calls Glance Web Services to authenticate, passing the PartnerId, PartnerUserId and LoginKey

Web Services uses PartnerId to retrieve secret APIKey, and validates LoginKey.  Maps PartnerUserId to a Glance user and validates access and privileges.  Returns validation, privileges and settings and for actions that start a session return a server and server key


  • Was this article helpful?