Skip to main content

Setting up Salesforce as an Identity Provider


As I mentioned in my previous post, I am currently working on enabling Single Sign On (SSO) for my Salesforce Org. To do this research, I needed an identify provider that would act as my SAML end point to validate identity requests and respond with valid SAML responses. Well I figured why dont i setup another one of my Salesforce orgs as an Idp provider.

Below are the steps i followed to enable one of my Salesforce Orgs as an Idp that is capable of sending SAML responses to valid requests -


  • As a prerequisite to enabling an org as an Idp, you will need to setup a My Domain for that environment. Please see my previous blog for instructions - Setup my Domain on Salesforce
  • For the org that will act as your Identity Provider, navigate to the Setup -> Security Controls -> Identity Providers screen


  • Now click the Enable Identity Provider button
  • In the next step, you will be asked to select a certificate to enable secure communication of the SAML requests and responses. You can choose the Salesforce provided self-signed certificate or use another certificate that you may have already imported into the "Certificates and Key Management" screen previously. Since this is just a research setup on my developer edition org, i am going to use the Salesforce provided certificate.

  • Thats it, your org is now enabled to act as an Idp with ability to respond to SAML requests. The resulting screen will show as below -

  • It has the SAML endpoint details and has a button that enables you to download all metadata needed at the service provider side to enable SSO
  • As a next step you will need to add your Service Provider as a Connected app in this org. Since in my experiment I am adding another Salesforce org as my service provider (to enable it for SSO), i will add that in a separate post. Update - I added the steps for adding the connected app in the above Salesforce app in following post - Setting up an SSO enabled connected app.
In my next post, i will walk through the setup of an SSO enabled Salesforce org. Till then, enjoy!

.
Labels:

Comments

Post a Comment

Popular posts from this blog

Workaround to bypass Salesforce SSO

One of the best practices for implementing Single Sign On for your Salesforce org is always ensure there is a way your System administrator can login via the standard login page side-stepping the SSO configuration.  Reason for this is if ever something goes wrong with your Idp provider's service and the SSO authentication responses are not coming as expected, all your users are unable to login. That is, if you have setup your My domain to prevent logins via standard Salesforce login urls (login.salesforce.com). This includes the System administrator as well. Only if your system administrator can somehow login, then he or she can disable the SSO settings for your domain and allow login via the normal login page as a temporary measure. What do you do in such a situation? Well Salesforce has built a workaround for this which is not well documented anywhere (probably for a good reason :) ). I found out about it from a colleague at work. If your my domain url is - https://Com...
42 comments
Read more

DBAmp for Salesforce - salesforce integration for SQL Server DBAs

Recently i got the opportunity to explore a tool called DBAmp for integration with Salesforce. I found it to be a very useful tool which will help with any data manipulation requirements in Salesforce. Following are my learnings from the exercise. Hope it helps any of you who may need to work with this tool -  DBAmp is a SQL Server package that can be used to integrate with Salesforce. The site where this software is available is - http://www.forceamp.com/ Overview: It essentially installs on top of an existing SQL Server database and provides an OLE DB connector that can be used to connect to Salesforce. Behind the scenes, it executes API calls against Salesforce for any SQL server command it receives. Thus we can create a connection in SQL server to Salesforce org and pull data into tables in the database just as if we are querying against Salesforce tables directly. Use cases for DBAmap + Salesforce: Many use cases exist for using this tool against Sales...
3 comments
Read more

Summer 16 Salesforce Administrator Maintenance exams

I was able to clear my Summer 16 Salesforce administrator maintence exam earlier today. Next I need to start working on Winter 17 immediately. Anyway before that i thought i will leave some pointers to any folks who may be taking Summer 16 anytime soon Below are some topics you can read about to prepare yourself for the exam - 1. Process builder improvements -  Process builder can now execute immediate actions and then evaluate the next criteria in the flow. Please see this link - https://releasenotes.docs.salesforce.com/en-us/summer16/release-notes/rn_forcecom_process_multiple_actions.htm Expect a question on this. 2. Files sharing permission -  In Classic, when a file is shared to a user via a record, its access can be set to "Set by Record". This allows the record level access to determine access level for the file as well. Read about this below - https://releasenotes.docs.salesforce.com/en-us/summer16/release-notes/rn_files_access_by_record.htm 3. Chatter Q...
1 comment
Read more