In this blog post, I am going to explain step by step to setup the salesforce identity provider with EchoSign. Setting up echo sign Identity with salesforce is having mainly three stages namely configuring Salesforce identity provider, configure EchoSign, create connected apps
1.Enable My Domain in Salesforce
2. Start you free tail https://acrobat.adobe.com/us/en/sign.html
Step1: -Enable Salesforce Identity Provider
1. Navigate to Setup | Administration Setup | Security Controls | Identity Provider. You should see Identity Provider setup. Click on “Enabled Identity Provider “
2. (Optionally) change the self-signed certificate to a production certificate issued by a certificate authority.This certificate is used to sign SAML assertions
3.Click on Save.As shown below Click on the Download Certificate button to download the certificate. This certificate is used to setup service providers.
4 . Salesforce Identity Provider exposes the following endpoints. You would need these when configuring SAML at the service provider.
https://yourdomain.my.salesforce.com/idp/endpoint/HttpRedirect (replace your domain with your MyDomain value)
https://yourdomain.my.salesforce.com/idp/endpoint/HttpPost (replace your domain with your MyDomain value)
Step 2: Configure EchoSign
- Sign in to your EchoSign account.
- Click on Account | Account Settings
- Click on SAML Settings tab under Account Settings.In the right side, you will see an option for SAML Mode, select SAML Allowed mode if you want users to sign in to EchoSign account using SAML as well as EchoSign credentials. Else select SAML Mandatory mode to sign in using SAML only.
4.A dedicated Hostname is required to enable SAML. If you already have dedicated hostname then this option will not be there. Otherwise, enter your hostname.
5.Under User Creation, check if you would like users to be provisioned into EchoSign when they sign in without an account.
6. Under Login Page Customization, you can enter Single Sign on Login message. It will be shown when you go for SP-initiated SSO. e.g. Sign In using Salesforce
7.Enter IdP Entity ID as your SAML IdP Issuer i.e. https://ltngdev-dev-ed..my.salesforce.com
8.Enter IdP Login URL as SP-Initiated Redirect Endpoint” URL i.e. https://ltngdev-dev-ed..my.salesforce.com/idp/endpoint/HttpRedirect
9.Enter IdP Logout URL i.e. https://ltngdev-dev-ed..my.salesforce.com/secur/logout.jsp e.g.https://acme.my.salesforce.com/secur/logout.jsp.
10.Enter IdP Certificate content.
11.You will see EchoSign SAML Service Provider (SP) Information. Note down these URLs as you will need them in Salesforce side Configuration.
Step 3 :Configure salesforce connect app:-
- Log in as an Administrator, and navigate to Setup | App Setup | Create | Apps
- Under Connected Apps section, click New.
- Under Basic Information,
- Provide Connected App Name
- The field API Name is auto-populated
- In the field Logo Image URL, select Choose one of our sample logos, find the logo, and copy past the logo URL. Or, enter your own URL.
- In the field Contact Email, enter your email address.
Under Web App Settings,
- Select Enable SAML
- Enter Entity ID as http://echosign.com
- Enter ACS URL as https://mycomany.na2.echosign.com/public/samlConsume
- Select Subject Type. e.g. Federation ID. Please note that SAML Subject must carry the same identity as of EchoSign user’s account ID i.e. email.
- In the field Name ID Format, keep the default selection (unspecified)
- In the field Issuer, keep the default value
- In the field Service Provider Certificate, keep the default (unselected)
- Save the settings.
- Go to Manage Apps | Connected Apps
- Select your App.
- Click Manage Profiles or Manage Permission Sets and add profiles/permission sets of users who can access this app.
IdP Initiated Login URL: It will be used to test the IdP initiated SSO. Right click IdP-Initiated Login URL, and copy the link into a notepad.