Skip to main content

Setting up your SSO enabled application as a connected app in your Idp Salesforce Org




This is my final post for my experiment around setting up SSO in a Salesforce org while using another Salesforce org as my Identity Provider. All the other posts related to this experiment are below -

Now I am in the final step of my experiment and am going to login back to my Salesforce org which is acting as my Idp. Here I am going to add a connected app for the SSO enabled Salesforce org by doing the following - 
  • Navigate to the Setup -> Create -> Apps and create a new app under the Connected Apps section
  • In the new connected app, set the field values as - 
    • Name - unique name of the connected app
    • Set the Enable SAML to true in the Web App Settings section
    • Now you will have to fill the data in SAML details that will show up. 
    • The entity id should match the entity id from the SSO app (sso enabled salesforce org my domain url)
    • ACS url - the login url of the SSO enabled app.
    • Subject type - The user record field value that will be sent to the SSO enabled environment. In  my case I am using the username as the subject type
    • I am leaving rest of the fields like Name Id format, Issuer as it it.
  • Next assign this connected app to the profiles of the users who need to get authenticated to the SSO enabled salesforce org.
  • Ensure that the federated id on the SSO enabled salesforce org matches the Subject type you set in this environment. It is very important to do this.
Note: In my research I am not enforcing encryption and certificate based authentication at all ends. I would suggest that it is highly recommended to do this especially in a production Org.

Thats it, my integration now works perfectly. Next time, i try to access the SSO enabled salesforce Org's my domain url, i see a Salesforce login page with the message "To access this page, you have to log in to Salesforce"



This is because it is redirecting me to the Idp login page. I enter the credentials for logging into my idp here. When i enter it correctly, it logs me into my SSO enabled salesforce org!

This concludes my little SSO experiment. Looking forward to post about other things soon. Enjoy!
Labels:

Comments

Post a Comment

Popular posts from this blog

Workaround to bypass Salesforce SSO

One of the best practices for implementing Single Sign On for your Salesforce org is always ensure there is a way your System administrator can login via the standard login page side-stepping the SSO configuration.  Reason for this is if ever something goes wrong with your Idp provider's service and the SSO authentication responses are not coming as expected, all your users are unable to login. That is, if you have setup your My domain to prevent logins via standard Salesforce login urls (login.salesforce.com). This includes the System administrator as well. Only if your system administrator can somehow login, then he or she can disable the SSO settings for your domain and allow login via the normal login page as a temporary measure. What do you do in such a situation? Well Salesforce has built a workaround for this which is not well documented anywhere (probably for a good reason :) ). I found out about it from a colleague at work. If your my domain url is - https://Com...
42 comments
Read more

DBAmp for Salesforce - salesforce integration for SQL Server DBAs

Recently i got the opportunity to explore a tool called DBAmp for integration with Salesforce. I found it to be a very useful tool which will help with any data manipulation requirements in Salesforce. Following are my learnings from the exercise. Hope it helps any of you who may need to work with this tool -  DBAmp is a SQL Server package that can be used to integrate with Salesforce. The site where this software is available is - http://www.forceamp.com/ Overview: It essentially installs on top of an existing SQL Server database and provides an OLE DB connector that can be used to connect to Salesforce. Behind the scenes, it executes API calls against Salesforce for any SQL server command it receives. Thus we can create a connection in SQL server to Salesforce org and pull data into tables in the database just as if we are querying against Salesforce tables directly. Use cases for DBAmap + Salesforce: Many use cases exist for using this tool against Sales...
3 comments
Read more

Summer 16 Salesforce Administrator Maintenance exams

I was able to clear my Summer 16 Salesforce administrator maintence exam earlier today. Next I need to start working on Winter 17 immediately. Anyway before that i thought i will leave some pointers to any folks who may be taking Summer 16 anytime soon Below are some topics you can read about to prepare yourself for the exam - 1. Process builder improvements -  Process builder can now execute immediate actions and then evaluate the next criteria in the flow. Please see this link - https://releasenotes.docs.salesforce.com/en-us/summer16/release-notes/rn_forcecom_process_multiple_actions.htm Expect a question on this. 2. Files sharing permission -  In Classic, when a file is shared to a user via a record, its access can be set to "Set by Record". This allows the record level access to determine access level for the file as well. Read about this below - https://releasenotes.docs.salesforce.com/en-us/summer16/release-notes/rn_files_access_by_record.htm 3. Chatter Q...
1 comment
Read more