Salesforce began with the vision of reinventing Customer Relationship Management (CRM). Since then salesforce has changed the way enterprise software is delivered and used, changing the industry forever. All Salesforce products run entirely in the cloud so there are no expensive setup costs, no maintenance, and employees can work from any device with an internet connection – smartphone, tablet or laptop.
Salesforce makes CRM easy to use for small businesses and large-scale enterprises. The platform also enables you to manage all interactions with your customers and prospects, so your organization can grow and succeed.
Salesforce as IdP (Identity Provider)
Salesforce can act as a single sign-on (SSO) identity provider to service providers, allowing end users to easily and securely access many web and mobile applications with one login. When using SAML for federated authentication, enable Salesforce as an identity provider and then set up connected apps. However, the OpenID Connect protocol for SSO authentication doesn’t require enabling Salesforce as an identity provider.
Salesforce as IdP can also be used for configuring multiple community users.
Follow step by step guide for Salesforce as IdP for Community Users
Step 1: Create domain in salesforce
- Under Administrator click on Domain Management » Domains.
- Click on Create New View
- Enter domain credentials. View Name and View Unique Name is required.
Step 2: Enable salesforce as IdP
- Under Administrator, click on Security Controls.
- Select Identity Provider
- Click on Enable Identity Provider button.
Step 3: Login to salesforce and create an app.
- Log into salesforce and go to Setup.
- From the left pane, select App Setup » Create » Apps.
- Under Connected Apps, select New.
Step 4: Configure the app.
- Enter Connected App Name, API Name and Contact Email to configure the app.
Step 5: Under Web App Settings, check the Enable SAML checkbox and enter the following values.
| ACS URL | ACS (AssertionConsumerService) URL from Step1 of the plugin under Identity Provider Tab. | Entity Id | SP-EntityID / Issuer from Step1 of the plugin under Identity Provider Tab. |
| Subject Type | Username |
| Name Id Format | urn:oasis:names:tc:SAML:2.0:nameid-format:persistent |
Step 6: Assign profile.
- Now from left pane, under Administration Setup, select Manage Apps » Connected Apps
- Click on the App you just created.
- Under Manage Profiles, Select the profiles you want to give access to login through this app.
Step 7: Download metadata for communities.
- Under SAML Login Information, click on Download Metadata.
- Open the downloaded file in some browser like chrome, firefox, IE
- Search for "ds:X509Certificate" tab and copy the entire string under this tag. String would be like this: "MII...."
- Keep this certificate value handy for next steps
Step 8: In miniOrange SAML plugin, go to Service Provider tab and enter the following details
| Identity provider Name: | Salesforce | SAML Login URL | https://<your domain>.my.salesforce.com /idp/endpoint/HttpRedirect | IdP Entity ID or Issuer | https://<your domain>.my.salesforce.com |
| X.509 Certificate | Paste the certificate value you copied from the Metadata file. |
| Response Signed | Checked |
| Assertion Signed | UnChecked |