salesforce SSO with OneLogin

On By rajamohan vakatiIn Single Sign On
 In this blog post, I am going to explain step by step setup salesforce single sign on with OneLogin.

Prerequisites :-

  • My Domain Should be enabled
  • One login tail org (https://www.onelogin.com/signup)
Step 1:- Setting Up OneLogin 

 

Starting in the OneLogin admin dashboard portal, do the following:

Go to Apps > Add Apps.

Search for Salesforce that is a SAML 2.0 connector and select it.

Edit the Display Name, if necessary.

Click Save.1

Select the Configuration tab.

In the “Salesforce Login URL” field, enter your Salesforce login URL.

2.PNG

The URL will take the form of https://login.salesforce.com?so=<Your Organization ID>. If you are unsure of your Salesforce Organization ID, go to Company Profile > Company Information within Salesforce to find it or you will get this URL after saving your SAML SSO setting in salesforce

6.Click Save.

7.Select the Parameters tab.

Ensure that Credentials are Configured by admin and that the mappings are as follows: Map your user id with Macro . in Macro place the values of the salesforce user Id 
Note: – You can mapping User Id to user email or you can use FederatId. In this blog, I used trail org so just for testing I used a macro. 

48.Click Save.Select the

9.Select the SSO tab.

10. Copy the SAML2.0 Endpoint (HTTP) URL in notepad . this you need to use in salesforce

11 . Copy the Issuer URL.this you need to use in salesforce

12 . Download the “X.509 Certificate” certificate by click on View Details then download.

5.PNG

Note the Issuer URL, SAML Endpoint, and X.509 Certificate details which you need to configure in salesforce.

 

Step 2: -Setting Up Salesforce 

In this step, we are going to configure the SAML setting in salesforce.  Please keep the Issuer URL, SAML Endpoint, and X.509 Certificate details which you got in the first set from OneLogin.

In Salesforce

  1. In the Setup menu, go to Security Controls > Single Sign-On Settings.
  2. Under Federated Single Sign-On Using SAML, select Edit, then the checkbox SAML Enabled, then Save.
  3. Select New to create a Salesforce SSO profile.
  4. On the SAML Single Sign-On Setting page, complete the form as follows:
    Name: OneLogin
    API Name: OneLogin
    Issuer: Issuer URL copied from your app’s SSO tab in OneLogin
    Entity ID: https://saml.salesforce.com
    Identity Provider Certificate: Click Choose File and upload the X.509 PEM file you downloaded from your app’s SSO tab in OneLogin.
    Request Signing Certificate: Default Certificate
    Request Signature Method: RSA-SHA1
    Assertion Decryption Certificate: Assertion not encrypted
    SAML Identity Type: Username
    SAML Identity Location: Subject
    Identity Provider Login URL: SAML Endpoint URL copied from your app’s SSO tab in OneLogin
    Identity Provider Logout URL: -blank-
    Custom Error URL: -blank-
    Service Provider Initiated Request Binding:     HTTP POST

Below is the image after configuring the salesforce SAML

 

6

 

Step 3: Adding It to my domain. 

Now after adding it you can add this salesforce my domain page under “authentication Configurations “.

After configuring you can see salesforce login page as shown.

7

After Click on OneLogin button, it will redirect to one login page for authentication.

 

 

 

 

Leave a Reply