This comprehensive guide is designed to assist you in integrating ALMEFY as your Identity Provider (IdP) in Salesforce, utilising OIDC, enabling Single Sign-On (SSO). We'll walk you through the necessary steps to ensure a seamless and secure setup. Please also refer to the Salesforce documentation for further details.
Prerequisites
- Admin access to your ALMEFY Hub at
<subdomain>.hub.almefy.com
- A Salesforce Enterprise, Performance, Unlimited, or Developer Edition
- Admin access to your Salesforce
Setup Overview
We try our best to keep these guides updated but can not anticipate when platforms might update interfaces, or change available options for configuring SSO.
Though setting up ALMEFY as your IdP generally follows the same steps for all platforms.
- Configure Endpoint – Set up the specific details of your endpoint in the ALMEFY Hub.
- Configure Platform – Adjust your platform’s settings for compatibility with the ALMEFY endpoint.
- Copy Metadata – Transfer the necessary metadata from your platform to the ALMEFY Hub for secure integration.
Each step corresponds to the options in the left column of the ALMEFY Hub interface.
If you find any inconsistencies in this guide, please let us know via our contact form.
Setup
Please note: the steps in the left column of the Endpoint Creation screen in the ALMEFY Hub correspond to the same as in this guide.
Step 1. ALMEFY SSO Endpoint Configuration
- Create a new Endpoint in the ALMEFY Hub by clicking the
Add Endpoint
button in the top right of theEndpoints
page. - Select the Salesforce OIDC Preset
- (Optional) Rename the endpoint and the endpoint id if you do not want to use the default.
Endpoint URI
: We will fill this in later in the Salesforce setup. This is the URL where ALMEFY will send you when you log in athttps://<subdomain>.sso.almefy.com
.Secret
: Either enter a secret or let ALMEFY generate one for you by pressingGenerate Secret
. The secret is needed to encrypt the communication between ALMEFY and your Salesforce site.- Keep the endpoint configuration options open and continue with Step 2.
Step 2. Salesforce Configuration
More details can be found in the Salesforce documentation.
- Log into Salesforce.
- Click the gear icon in the top right and select
Setup
(Not Service-Setup!) - In the left sidebar menu, navigate to
Configuration -> Identity -> Auth. Providers
- Click the
New
button to create a new IdP configuration. - Select
Open ID Connect
asProvider Type
. - From the
Step 2.
section in the ALMEFY Hub Endpoint creation, copy and paste the following fields:
Invidion field | ALMEFY Hub field | Value |
---|---|---|
Name | ALMEFY |
|
URL-Suffix | almefy |
|
Consumer Key | Endpoint ID | |
Consumer Secret | Secret | |
Authorize Endpoint URL | Auth URL | |
Token Endpoint URL | Token URL | |
Userinfo Endpoint URL | User Profile URL | |
Default Scopes | Scope | |
Send access token in header | Enabled | |
Send client credentials in header | Disabled | |
Include Consumer Secret in SOAP API Responses |
Enabled | |
Custom Logout URL | Logout URL | |
Registration Handler | Refer to step 7. below for details | |
Execute Registration As | Enter Salesforce admin account supposed to execute the handler |
-
For OIDC to work in Salesforce, you must provide your own
RegistrationHandler
class. You can selectAutomatically create a registration handler template
and modify it your needs. More details can be found here.You are generally free to implement this class in any way you want, but should check if the
data.identifier
matches any user in yourgetMatchingUsers
method in any way. -
Hit
Save
. -
You should now see some additional metadata which we will need in the next steps.
Step 3. Configure Salesforce Metadata in ALMEFY
- Copy the
Callback URL
from the Salesforce page. - Navigate back to the ALMEFY Hub Endpoint creation page.
- In the
Step 3.
section, paste the copied value intoRedirect URI
. It should look something likehttps://<your_subdomain>.my.salesforce.com/services/authcallback/almefy
. - Next, back in Salesforce, copy the
Single Logout URL
. - Paste the value into the
Post Logout URL
in the ALMEFY Hub. It should look something likehttps://<your_subdomain>.my.salesforce.com/services/auth/rp/oidc/logout
- In Salesforce, copy the
Single Sign-On-# Initialization URL
. - In the
Step 1.
section of the ALMEFY Hub, paste the value intoEndpoint URI
. It should look something likehttps://<your_subdomain>.my.salesforce.com/services/auth/sso/almefy
- Click "Add Endpoint".
- You are done!
Test & Troubleshoot
To ensure that ALMEFY has been correctly set up as your Identity Provider (IdP), you can test the login in two ways:
- Platform Login Page: Visit your Salesforce login page and check if the ALMEFY Login option is visible and functional by clicking on it and scanning the ALMEFY QR Code with the ALMEFY App.
- ALMEFY SSO Page: Go to
<subdomain>.sso.almefy.com
, sign in with the ALMEFY App, and choose your newly enabled platform to test the authentication process.
If you encounter any issues:
- Review this guide to make sure all steps were followed correctly.
- Consult the Salesforce documentation for specific setup and troubleshooting instructions.
- Try to contact Salesforce support and see if your issue can be resolved.
- If you still need help, please fill out our contact form for support.
Conclusion
Congratulations on successfully setting up OIDC authentication with ALMEFY as your Identity Provider! You are now equipped to offer users a secure and convenient single sign-on experience.