Skip to main content

Setting up Salesforce as an Identity Provider


As I mentioned in my previous post, I am currently working on enabling Single Sign On (SSO) for my Salesforce Org. To do this research, I needed an identify provider that would act as my SAML end point to validate identity requests and respond with valid SAML responses. Well I figured why dont i setup another one of my Salesforce orgs as an Idp provider.

Below are the steps i followed to enable one of my Salesforce Orgs as an Idp that is capable of sending SAML responses to valid requests -


  • As a prerequisite to enabling an org as an Idp, you will need to setup a My Domain for that environment. Please see my previous blog for instructions - Setup my Domain on Salesforce
  • For the org that will act as your Identity Provider, navigate to the Setup -> Security Controls -> Identity Providers screen


  • Now click the Enable Identity Provider button
  • In the next step, you will be asked to select a certificate to enable secure communication of the SAML requests and responses. You can choose the Salesforce provided self-signed certificate or use another certificate that you may have already imported into the "Certificates and Key Management" screen previously. Since this is just a research setup on my developer edition org, i am going to use the Salesforce provided certificate.

  • Thats it, your org is now enabled to act as an Idp with ability to respond to SAML requests. The resulting screen will show as below -

  • It has the SAML endpoint details and has a button that enables you to download all metadata needed at the service provider side to enable SSO
  • As a next step you will need to add your Service Provider as a Connected app in this org. Since in my experiment I am adding another Salesforce org as my service provider (to enable it for SSO), i will add that in a separate post. Update - I added the steps for adding the connected app in the above Salesforce app in following post - Setting up an SSO enabled connected app.
In my next post, i will walk through the setup of an SSO enabled Salesforce org. Till then, enjoy!

.
Labels:

Comments

Post a Comment

Popular posts from this blog

Workaround to bypass Salesforce SSO

One of the best practices for implementing Single Sign On for your Salesforce org is always ensure there is a way your System administrator can login via the standard login page side-stepping the SSO configuration.  Reason for this is if ever something goes wrong with your Idp provider's service and the SSO authentication responses are not coming as expected, all your users are unable to login. That is, if you have setup your My domain to prevent logins via standard Salesforce login urls (login.salesforce.com). This includes the System administrator as well. Only if your system administrator can somehow login, then he or she can disable the SSO settings for your domain and allow login via the normal login page as a temporary measure. What do you do in such a situation? Well Salesforce has built a workaround for this which is not well documented anywhere (probably for a good reason :) ). I found out about it from a colleague at work. If your my domain url is - https://Com
43 comments
Read more

Salesforce Big Objects - Key learnings

I remember reading about Salesforce Big Objects before they became available and thought maybe it is an option to backup data present in regular objects. That is, instead of taking a backup via an ETL tool or data loader, maybe this will be an option to backup the data in the Force.com platform itself. Now that it is GA and I am reading more about it, i think the use cases for this are more varied. Some use cases I can think of are –  Archival of key data objects within the platform: You may want to use this option if you dont use any other means to backup key data. Also this may be an attractive option for non-large enterprise customers who dont themselves invest on large data warehouses or data lakes in their enterprise architecture. Ex: customer history (if present in tasks and activities) will become huge over years but this is useful information for reporting & customer analysis. Store key information which is large volume in quantity and also high volume in transa
1 comment
Read more

DBAmp for Salesforce - salesforce integration for SQL Server DBAs

Recently i got the opportunity to explore a tool called DBAmp for integration with Salesforce. I found it to be a very useful tool which will help with any data manipulation requirements in Salesforce. Following are my learnings from the exercise. Hope it helps any of you who may need to work with this tool -  DBAmp is a SQL Server package that can be used to integrate with Salesforce. The site where this software is available is - http://www.forceamp.com/ Overview: It essentially installs on top of an existing SQL Server database and provides an OLE DB connector that can be used to connect to Salesforce. Behind the scenes, it executes API calls against Salesforce for any SQL server command it receives. Thus we can create a connection in SQL server to Salesforce org and pull data into tables in the database just as if we are querying against Salesforce tables directly. Use cases for DBAmap + Salesforce: Many use cases exist for using this tool against Salesforce. Pr
3 comments
Read more