Follow

How can I configure Salesforce.com with SSO?

Method 1

AuthAnvil Single Sign On Configuration

  1. Log into the AuthAnvil Manager and Navigate to the Single Sign On tab.
  2. Select Applications - Add new Application
  3. Select Salesforce.
  4. Check the ‘Application Enabled’ checkbox. Add the application to it's appropriate role.
    Capture.PNG
  5. Select Protocol Configuration.
    Reply to URL: https://login.salesforce.com. This will need to be updated to match your unique Salesforce domain).
       Note: To gather this URL log into Salesforce > Setup > Security controls >  Endpoints > Salesforce Login URL
    Capture4.PNG
    Audience URI:  https://saml.salesforce.com
  6. Select Save changes.

 

Configuring Salesforce.com for IdP-Initiated Sign On

  1. Log into your Salesforce.com account
  2. Select Setup (Top right corner).
  3. Select Security Controls  under Administration Setup in the left hand column, then “Single Sign-On Settings”.
  4. Select Edit to edit the Single Sign On Settings.
  5. Configure the Single Sign On Settings as follows:
    • SAML Enabled: Checked
    • SAML Version: 2.0
    • Issuer: This is the Issuer URI value you copied to your clipboard earlier
      Note: Log into the AuthAnvil Manager > Single Sign On > Server Settings > Token Issuer Name.
      Capture2.PNG
    • User Provisioning Enabled:  (It is your preference to enable this feature or not.)
    • Identity Provider Login URL: https://<yourAuthAnvilServer>/SSO/Logon.aspx
    • Entity: https://saml.salesforce.com
    • SAML User ID Type: Assertion contains User’s salesforce.com username
    • SAML User ID Location: User ID is in the NameIdentifier element of the Subject statement
  6. Upload the Identity provider certificate from the AuthAnvil Single Sign On server.
    Note: To gather this certificate log into the AuthAnvil Manager > Single Sign On > Server Settings > Download the certificate.
    Capture3.PNG

  7. Click Save Changes.

Verifying Functionality

Once the installation is complete, you should test that everything is working as expected. This can be accomplished by logging into the SSO web site using a user that is configured for SSO to Salesforce and attempting to log on to Salesforce.

  1. Log out of all existing Salesforce sessions
  2. Log into the SSO Portal at https://(Your Domain)/sso/ using a user that is configured to use SSO for Salesforce.
  3. Click on the Salesforce icon, a new window will open and attempt to Single Sign On into Salesforce.
  4. If the SSO login succeeds, you will be left at the Salesforce dashboard. If the login fails, double-check your configuration against this guide.

 

Method 2

Note: This method is not tested with the most recent release of Salesforce as of Mar. 2015.

Configuring Salesforce.com for SP-Initiated Sign On

Configuring Salesforce.com to use SP-Initiated sign on is a bit more complicated. You must first configure a Salesforce ‘My Domain’. For more information on creating a My Domain in Salesforcetake a look here.

To configure SP-Initiated sign on:

  1. Log into the AuthAnvil Manager and Navigate to the Single Sign On tab.
  2. Click the Applications panel and click “Salesforce”.
  3. Check the ‘Application Enabled’ checkbox.
  4. Expand the Protocol Configuration section and change the protocol type to SP-Init.
  5. Scroll down to the Certificate Authority section and download a copy of the signing certificate.
  6. Save the changes to the application.
  7. Add the Salesforce application to the appropriate roles as well as add the appropriate users to the roles.
  8. Navigate to the Server Settings section and copy the Issuer URI to your clipboard.

Next log into Salesforce.com with an administrator account and navigate to the Single Sign On settings section.

  1. Configure the Single Sign On Settings as follows:
    • SAML Enabled: Checked
    • SAML Version: 2.0
    • Issuer: This is the Issuer URI value you copied to your clipboard earlier
    • User Provisioning Enabled: <User Preference>
    • Identity Provider Login URL:https://<yourAuthAnvilServer>/SSO/federation/passive/Saml2SpInit
    • SAML User ID Type: Assertion contains User’s salesforce.com username
    • SAML User ID Location: User ID is in the NameIdentifier element of the Subject statement
    • Service Provider Initiated Request Binding: HTTP Redirect
  2. Upload the Identity provider certificate from the AuthAnvil Single Sign On server.

Once Salesforce.com has been configured for Single Sign-On, try logging in via you’re my Domain, e.g. https://customer.my.salesforce.com.

This should redirect you to AuthAnvil Single Sign On, prompt for your Two Factor Auth credential, and redirect back into Salesforce.

For more information on how to use Rich Clients like Salesforce Chatter with Single Sign On take a look at the Developerforce article: Single Sign-On for Desktop and Mobile Applications using SAML and OAuth. You will find the pertinent configuration details under the A Detailed Examplesection.

 

Questions?

If you have any questions or need some help, we would be happy to assist. Open a case at help.scorpionsoft.com or send an email to support@scorpionsoft.com.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk