RapidIdentity Product Guides - 2019 Rolling Release

Salesforce SAML Authentication Configuration

Salesforce supports SAML Single Sign-on and provides a SAML Single Sign-on overview with a Single Sign-on Implementation Guide.

Fortunately, within RapidIdentity Federation, Salesforce SAML authentication configuration is very similar to G Suite SAML authentication configuration.

he preliminary Salesforce SAML authentication configuration steps require that both RapidIdentity Portal and RapidIdentity Federation (IdP) are internet accessible and are configured as described near the top of this page.

Follow these 14 steps to configure Salesforce SAML Authentication.

  1. Navigate to RapidIdentity Appliance | Configuration | IdP Configuration.  

  2. Click Click here to download the signing/encryption certificate used by the Identity Provider to download the certificate.  

  3. Keep this browser window open since the Base URL and the Logout URL are necessary during later steps.

  4. Next, log into Salesforce with an administrator account and navigate to Security Controls | Single Sign-on Settings.

  5. This table lists the complete URLs necessary to configure each of the respective Salesforce field values.

    Table 272. Salesforce Fields' URL Values

  6. The Identity Provider Certificate is available through the RapidIdentity Appliance IdP configuration page. Click the link next to Certificate to download. 

  7. Ensure the Name field is set to IdAuto IdP and the API Name is IdAuto_IdP.

  8. Select the remaining values shown in the Salesforce image to complete configuration and then click Save.

  9. Click Download Metadata and then return to the RapidIdentity Appliance IdP Configuration page.

  10. Click Register New Service Provider , paste the metadata into the metadata field, ensure the SSO Advanced Settings match the screenshot below, and click Resister

  11. Return to the RapidIdentity Appliance IdP Configuration page and click Edit Attributes.

  12. Add a Name ID Attribute with the LDAP Attribute that contains the Salesforce username and a Name Format value of urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified

  13. Return to Edit Attribute Mappings to add the newly created attribute, and also ensure that the [INTERNAL] SAML Transient ID attribute is added as a Denied Attribute.

  14. Finally, return to the IdP Provider Configuration page and click Trigger Service Reload and then Trigger Web Reload.

When both reloads are complete, access https://{SALESFORCE DOMAIN}.my.salesforce.com. A properly configured SAML authentication should direct to the user's homepage.