Salesforce can be configured for SSO using WSO2 Identity Cloud by adding it as an application. After the configuration is done, you can simply access the Salesforce application from the applications list in the User Portal of WSO2 Identity Cloud. This triggers an authentication request to the Identity Cloud using the SAML protocol. Identity Cloud sends an authentication response, and you are able to log in to Salesforce. The following diagram illustrates this process:
Figure: Accessing a Salesforce application using WSO2 Identity Cloud
The following is a video of how this is done.
Before you begin, download the metadata XML file that allows you to set the identity cloud configuration details in any third-party application without having to key them in.
- Log in to WSO2 Identity Cloud.
Click the menu icon on the top, left corner of the screen and click Applications:
Alternatively, click Overview on the menu bar and click View Applications.
- Click DOWNLOAD IDP METADATA to download the IDP metadata file. (This file gets downloaded to a local folder.)
Let's get started!
Setting up Salesforce for SSO
To setup Salesforce for SSO, do a domain deployment in Salesforce as follows:
Log in to Salesforce (https://developer.salesforce.com/) using the your developer account.How to create a developer account in Salesforce
To create a developer account in Salesforce:
1. Go to https://developer.salesforce.com/ and click 'Sign Up' button.
2. Enter all your details and click 'Sign me up'. Your developer account is created.
- Register your mobile phone for verification purposes.
- Enter the verification code you received on your mobile.
- In the left navigation panel, in SETTINGS/Company Settings and click My Domain.
- This is the Step 1 of the Domain Setup. Give a unique domain name and click Check Availability to make sure that the given domain name is unique.
The following is displayed if the domain is available for use.
- Register the domain by clicking Register Domain. Once the domain is registered, you get an email indicating that the domain is registered and ready for testing.
Once you click the Register Domain, you are taken to the second step of the domain setup process. You will receive an email from Salesforce.
- Click the link in the email that directs you to the Salesforce login page.
- Log in to Salesforce using your username and password that were created in step 1.
- In the left navigation panel, in Company Settings under SETTINGS, click My Domain.
You are directed to the third step of the domain setup process.
- Click the Deploy to Users button to make the domain available for users.
- Click OK to confirm the domain deployment.
Once you click OK, you are directed to step 4 of the domain setup process. This completes the deployment process. The next step is to configure SAML settings for single sign-on.
- In the left navigation panel, in SETTINGS, expand Identity and select Single Sign-On Settings.
- In the Single Sign-On Settings page, click Edit.
- In Federated Single Sign-On Using SAML, click the SAML Enabled check box and click Save.
- Click New from Metadata File to upload the metadata file that you downloaded in the Before you begin section above.
- Click Choose File to select the metadata file.
- Once you select the metadata file, click Create to load the Identity Cloud's metadata details to Salesforce.
- Verify the details and click Save.
The following page appears with the SAML settings that you configured for SSO with WSO2 Identity Cloud.
Entity ID and Endpoints fields are used when configuring Salesforce in WSO2 Identity Cloud. (see step 7 in the Configure WSO2 Identity Cloud for SSO with Salesforce section.)
Configuring WSO2 Identity Cloud for SSO with Salesforce
- Log into WSO2 Identity Cloud.
Click the menu icon on the top, left corner of the screen.
- Click Applications from the Admin Portal to navigate to the Application list.
- Click ADD APPLICATION to add a Salesforce application.
- Select Salesforce icon.
- Enter an Application Name and click Add.
- Enter Issuer and Assertion Consumer URL and click Add. For these fields use Entity ID and Salesforce login URL respectively. (See Configure SSO in Salesforce, step 18)
- In Store Configuration, enter Display Name, Access URL (same as Issuer), and click Save.
The added Salesforce app is displayed in Identity Cloud/Applications page.
- Once the application is added, it is listed in User Portal. Click Go to User Portal at the top right corner of the page.
- Click the added Salesforce app.
Now you can access the Salesforce home page without having to sign in because you configured SSO between Salesforce and WSO2 Identity Cloud.