Salesforce SAML

0 3 May 2024

This comprehensive guide is designed to assist you in integrating ALMEFY as your Identity Provider (IdP) in Salesforce, utilising SAML 2.0, enabling Single Sign-On (SSO). We'll walk you through the necessary steps to ensure a seamless and secure setup. Please also refer to the Salesforce documentation for further details.

Prerequisites

  • Admin access to your ALMEFY Hub at <subdomain>.hub.almefy.com
  • A Salesforce EnterprisePerformanceUnlimited, or Developer Edition
  • Admin access to your Salesforce

Setup Overview

We try our best to keep these guides updated but can not anticipate when platforms might update interfaces, or change available options for configuring SSO.

Though setting up ALMEFY as your IdP generally follows the same steps for all platforms.

  1. Configure Endpoint – Set up the specific details of your endpoint in the ALMEFY Hub.
  2. Configure Platform – Adjust your platform’s settings for compatibility with the ALMEFY endpoint.
  3. Copy Metadata – Transfer the necessary metadata from your platform to the ALMEFY Hub for secure integration.

Each step corresponds to the options in the left column of the ALMEFY Hub interface.
If you find any inconsistencies in this guide, please let us know via our contact form.

Setup

Please note: the steps in the left column of the Endpoint Creation screen in the ALMEFY Hub correspond to the same as in this guide.

Step 1. ALMEFY SSO Endpoint Configuration

  1. Create a new Endpoint in the ALMEFY Hub by clicking the Add Endpoint button in the top right of the Endpoints page.
  2. Select the Salesforce SAML Preset
  3. (Optional) Rename the endpoint and the endpoint id if you do not want to use the default.
  4. Press the Generate Certificate & Private Key button or paste your own into the textboxes. We will need those later again.
  5. Keep the endpoint configuration options open and continue with Step 2.

Step 2. Salesforce Configuration

More details can be found in the Salesforce documentation.

  1. Log into Salesforce.
  2. Click the gear icon in the top right and select Setup (Not Service-Setup!)
  3. In the left sidebar menu, navigate to Configuration -> Identity -> **Single Sign-On Settings**
  4. Click the New from Metadata URL button to create a new SAML configuration.
  5. In the ALMEFY Hub Step 2. section, copy the Metadat URL and paste it into Salesforce. Salesforce will fill out most of the required fields automatically.
  6. Fill out the other Form fields:
    • Name: ALMEFY SSO
    • Request Signature Method: RSA-SHA256
    • Assertion Decryption Certificate: Assertion not encrypted
    • SAML Identity Type: Assertion contains User’s Salesforce username
    • SAML Identity Location: Identity is in the NameIdentifier element of the Subject statement
    • Service Provider Initiated Request Binding: HTTP Redirect
  7. Hit Save Changes.
  8. You should now see some additional metadata which we will need in the next steps.

Step 3. Configure Salesforce Metadata in ALMEFY

  1. Copy the Login URL from the Salesforce page.
  2. Navigate back to the ALMEFY Hub Endpoint creation page.
  3. In the Step 3. section, paste the copied value into ACS URL. It should look something like https://<your_subdomain>.my.salesforce.com.
  4. Next, back in Salesforce, copy the Logout URL.
  5. Paste the value into the SLO URL in the ALMEFY Hub. It should look something like https://<your_subdomain>.my.salesforce.com/services/auth/sp/saml2/logout
  6. Click "Add Endpoint".

Step 4. Make ALMEFY SSO available

  1. To make ALMEFY login available on your Salesforce login page, you have to change your domain settings.
  2. In Salesforce search for My Domain in the left sidebar search input and click on it.
  3. Under Authentication Configuration, click Edit.
  4. Select ALMEFY to make it available on the login page.
  5. You are done!

Test & Troubleshoot

To ensure that ALMEFY has been correctly set up as your Identity Provider (IdP), you can test the login in two ways:

  1. Platform Login Page: Visit your Salesforce login page and check if the ALMEFY Login option is visible and functional by clicking on it and scanning the ALMEFY QR Code with the ALMEFY App.
  2. ALMEFY SSO Page: Go to <subdomain>.sso.almefy.com, sign in with the ALMEFY App, and choose your newly enabled platform to test the authentication process.

If you encounter any issues:

  • Review this guide to make sure all steps were followed correctly.
  • Consult the Salesforce documentation for specific setup and troubleshooting instructions.
  • Try to contact Salesforce support and see if your issue can be resolved.
  • If you still need help, please fill out our contact form for support.

    Conclusion

Congratulations on successfully setting up SAML 2.0 authentication with ALMEFY as your Identity Provider! You are now equipped to offer users a secure and convenient single sign-on experience.