Salesforce | SAML

1. Display name

Choose a name for your identity provider. This is the user-facing name, so choose a name your users will recognize. This can be changed later.

2. Prepare IDP

Copy and save the Callback URL for later. You will need this when configuring Salesforce

Configure Salesforce

EXTERNAL

If you are using SCIM with your provider, make sure to check out the documentation for configuring this before proceeding. It might be that you need to configure this first or at the same time as setting up SAML.

Login to your Salesforce admin console({your-org}.my.salesforce.com) in a separate browser tab.

If you have not activated the salesforce identity provider earlier, you need to do this first:

Go to Setup via the cog menu in the upper right corner

 

Go to SETTINGS → Identity → Identity Provider in the left hand menu. Click the Enable Identity Provider button.

 

When Salesforce IDP is enabled, you can continue with the rest of the guide

The rest of this guide assumes you’re using the Salesforce Classic user interface.

In the upper right corner select your account and Switch to Salesforce Classic, then select Setup.

Locate Build in the left menu. Select Create, then Apps.

Under Connected apps, press New to create a new connected application.

Fill the required fields under Basic Information

Select Enable SAML.

Paste the Callback URL you kept from the KSSO Setup wizard into both the Entity ID and the ACS URL fields.

When done, click the Save button.

Click the Manage button.

 

Give users permission. Select Manage Profiles.

  • Give users permission to log into the App (In this test we use the profile Force.com - Free User

  • Press Save

Go back to the Connected App Detail page.

Export Identity provider metadata from Salesforce by clicking the Download metadata under SAML Login Information.

 

Go back to the Kantega SSO setup wizard.

3. Metadata

Choose Upload metadata XML filr.

Browse an upload the SAML metadata file you downloaded from Salesforce.

4. Redirect URL

No need to do anything. The Redirect URL is automatically fetched from the metadata you imported in the previous step.

5. Certificate

This step shows the certificate used to validate the SAML messages.

6. Summary

Check that everything looks good and submit your setup

Test

Test that the log in with Salesforce works as expected. This will help identify if there are any issues with the configuration. Follow the steps to perform the login test.