Question:

Are THIRD_PARTY_AUTH_URL and THIRD_PARTY_APPLIESTO_URL required when using SSO login in CRM?

Answer:

It depends on the customer using Delegated Authentication with a Security Token Service(STS) or standard Delegated Authentication.

If a Security Token Service(STS) is being used:

• It is necessary to configure the THIRD_PARTY_AUTH_URL and THIRD_PARTY_APPLIESTO_URL Veeva Messages with the appropriate URLs
• On iPad, enable the Third Party Authentication Under Settings --> Veeva CRM
• Admins can use Mobile Device Management (MDM) or package IPA with Plist with the above mentioned keys and values to config these third-party authentication endpoints

If the standard SFDC Delegated Authentication is being used:

• THIRD_PARTY_AUTH_URL and THIRD_PARTY_APPLIESTO_URL are not used. It is necessary to configure SFDC Delegated Authentication and enable SSO for the desired users, but no additional configuration on the app is required. 
• On iPad, be sure Third Party Authentication is not enabled under Settings -> Veeva CRM.  Then, users are able to login in with the desired Delegated Authentication credentials.

Related Documentation:

CRM Help Documentation: 

• Delegated Authentication for Veeva CRM
• Delegated Authentication for Veeva CRM via MDM