Salesforce as IdP – SAML

Step 1: Setup Salesforce as Identity Provider

      • Log into your Salesforce account.
      • Switch to Salesforce Classic mode from profile menu and then go to the Setup page.
      • From the left pane, select Security ControlsIdentity Provider.
      • In the Service Provider section, click on the link to create the Service Provider using Connected Apps.
        • SAML Single Sign on (SSO) using Salesforce Identity Provider, Create SP via connected apps

      • Enter Connected App Name, API Name and Contact Email.
        • SAML Single Sign on (SSO) using Salesforce Identity Provider, Fill connected apps details

      • Under the Web App Settings, check the Enable SAML checkbox and enter the following values:
        • Entity ID SP-EntityID / Issuer from Service Provider Info Tab
        ACS URL ACS (AssertionConsumerService) URL from Service Provider Info Tab
        Subject Type Username
        Name ID Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
      • Now from the left pane, under Administer section, go to Manage AppsConnected Apps. Click on the app you just created.
      • Under Profiles section click Manage Profiles button and select the profiles you want to give access to log in through this app.
      • Under SAML Login Information, click on Download Metadata.
      • Keep this metadata handy for the next steps.
        • SAML Single Sign on (SSO) using Salesforce Identity Provider, Download Identity Providers metadata