After knowing how does the SSO work in Part 1 and Part 2, let's gear up to know how we can set up Salesforce as an Identity Provider and define Service Provider with Salesforce.
Enabling Salesforce as an Identity provider
- Set up a My domain
- From Setup, click , and then click Enable Identity Provider
- Select the certificate: If you haven't created a self-signed certificate, one is automatically generated for you and assigned as the certificate for your identity provider.
Note:
- Salesforce is automatically enabled as an identity provider for domains created in Winter ‘14 or later.
- After you enable Salesforce as an identity provider, you can define service providers.
Defining Service Providers as SAML-Enabled Connected Apps
Prerequisites
- Enabling Salesforce as an Identity Provider
- Give your service provider information about your configuration of Salesforce as an identity provider.
- From Setup, click , then click Download Certificate or Download Metadata.
- Get the following information from your service provider
- Assertion consumer service (ACS) URL: The ACS URL comes from the SAML service provider.
- Entity ID: This value comes from the service provider.
- Subject type: specifies if the subject for the SAML response from Salesforce (as an identity provider) is a Salesforce user name or a federation ID
- Issuer: your organization’s My Domain
- Start URL: Directs users to a specific location when they run the application
To authorize users for this SAML application
- From Setup click Manage Apps | Connected Apps and then click the name of the application.
- Select the profiles and/or permission sets that can access the application.
No comments:
Post a Comment
Thank you for visiting. Your comments are highly appreciated.