[Legacy] Salesforce

This guide is for an older version of Kantega SSO Enterprise and is no longer maintained. New guides are here: https://kantega-sso.atlassian.net/l/c/rNTaTonz .

In Kantega Single Sign-on add an identity Provider of the type "Salesforce".

In the Prepare step, copy the ACS URL and Entity ID values and save them for later. Press Next.

Open the Salesforce admin console in a separate browser tab. This guide assumes you’re using the Salesforce Classic user interface.

In the upper right corner select your account and Switch to Salesforce Classic, then select Setup.

Locate Build in the left menu. Select Create, then Apps.

Under Connected apps, press New to create a new connected application.

Fill the required fields under Basic Information

Fill the required fields under Web App settings:

  • Select Enable SAML

  • Fill Entity ID copied from KSSO

  • Fill ACS URL copied from KSSO (same as Entity ID)

  • Press Save, then Manage

Give users permission. Select Manage Profiles.

  • Give users permission to log into the App (In this test we use the profile Force.com - Free User

  • Press Save

Export Identity provider metadata from Salesforce. Under SAML Login Information press "Download the metadata".

Navigate back to the Kantega SSO setup wizard and upload the downloaded file on the metadata import step.

Press Next.

On the Location step, give the IDP a descriptive name (users see this name when logging in). Press Next.

Review the imported signing certificate (this step is purely informational)

On the Users step, select whether users already exist or if you wish to have users automatically created upon login.

To automatically create users using JIT provisioning, Salesforce needs to send a Name and email claim in additiona to the user name attribute. This is not covered in this guide.

On the summary page, review the settings, then press Finish.

You can now test login through Salesforce.