Prerequisites :-
- My Domain Should be enabled
- One login tail org (https://www.onelogin.com/signup)
Starting in the OneLogin admin dashboard portal, do the following:
Go to Apps > Add Apps.
Search for Salesforce that is a SAML 2.0 connector and select it.
Edit the Display Name, if necessary.
Click Save.
Select the Configuration tab.
In the “Salesforce Login URL” field, enter your Salesforce login URL.
The URL will take the form of https://login.salesforce.com?so=<Your Organization ID>. If you are unsure of your Salesforce Organization ID, go to Company Profile > Company Information within Salesforce to find it or you will get this URL after saving your SAML SSO setting in salesforce
6.Click Save.
7.Select the Parameters tab.
Ensure that Credentials are Configured by admin and that the mappings are as follows: Map your user id with Macro . in Macro place the values of the salesforce user Id
Note: – You can mapping User Id to user email or you can use FederatId. In this blog, I used trail org so just for testing I used a macro.
8.Click Save.Select the
9.Select the SSO tab.
10. Copy the SAML2.0 Endpoint (HTTP) URL in notepad . this you need to use in salesforce
11 . Copy the Issuer URL.this you need to use in salesforce
12 . Download the “X.509 Certificate” certificate by click on View Details then download.
Note the Issuer URL, SAML Endpoint, and X.509 Certificate details which you need to configure in salesforce.
Step 2: -Setting Up Salesforce
In this step, we are going to configure the SAML setting in salesforce. Please keep the Issuer URL, SAML Endpoint, and X.509 Certificate details which you got in the first set from OneLogin.
In Salesforce
- In the Setup menu, go to Security Controls > Single Sign-On Settings.
- Under Federated Single Sign-On Using SAML, select Edit, then the checkbox SAML Enabled, then Save.
- Select New to create a Salesforce SSO profile.
- On the SAML Single Sign-On Setting page, complete the form as follows:
Name: OneLogin
API Name: OneLogin
Issuer: Issuer URL copied from your app’s SSO tab in OneLogin
Entity ID: https://saml.salesforce.com
Identity Provider Certificate: Click Choose File and upload the X.509 PEM file you downloaded from your app’s SSO tab in OneLogin.
Request Signing Certificate: Default Certificate
Request Signature Method: RSA-SHA1
Assertion Decryption Certificate: Assertion not encrypted
SAML Identity Type: Username
SAML Identity Location: Subject
Identity Provider Login URL: SAML Endpoint URL copied from your app’s SSO tab in OneLogin
Identity Provider Logout URL: -blank-
Custom Error URL: -blank-
Service Provider Initiated Request Binding: HTTP POST
Below is the image after configuring the salesforce SAML
Step 3: Adding It to my domain.
Now after adding it you can add this salesforce my domain page under “authentication Configurations “.
After configuring you can see salesforce login page as shown.
After Click on OneLogin button, it will redirect to one login page for authentication.