SALESFORCE & UPSSO SAML INTEGRATION GUIDE
This document provides instructions to integrate Salesforce with UPSSO based on SAML protocol.
- Administrator access to the Salesforce portal.
- Administrator access to UPSSO portal
CONFIGURING SALESFORCE APPLICATION IN UPSSO
- Login into the UPSSO portal as an administrator.
- Click on the “Application Management” menu item and then “Add Application” button as highlighted below,
3. Click on the Salesforce application icon.
4. Enter the Salesforce URL of your company (For example https://uniqueperform-dev-ed.my.salesforce.com?so=00D7F000007CAji). Click on the Save button.
5. The Salesforce icon will appear under the Application menu item.
DOWNLOADING THE IDP CERTIFICATE
- Click on the “IDP Resources” link and then “DOWNLOAD IDP CERTIFICATE” button as highlighted below.
2. A file named “server.crt” will be downloaded. Keep this file as we need this later.
CONFIGURING UPSSO SAML IN SALESFORCE
- Login into the Salesforce application as an administrator user.
- Search and click on the “Single Sign-On Settings” then click on the “Edit” button as highlighted below.
3. Select the “SAML Enabled” checkbox and click on the Save button.
4. Click on the “New” button as highlighted below.
5. Enter the values as described below (Replace <UPSSO_SERVER_HOST> with IP address or hostname of UPSSO application server)
API Name: UPSSO
Entity ID: Enter the same Salesforce URL configured in the UPSSO application above (For example: https://uniqueperform-dev-ed.my.salesforce.com?so=00D7F000007CAji)
Identity Provider Certificate: Select the “server.crt” file downloaded from UPSSO application above.
Request Signing Certificate: Select the appropriate certificate
Request Signature Method: RSA-SHA1
Assertion Decryption Certificate: Assertion not encrypted
SAML Identity Type: Assertion contains the User's Salesforce username
SAML Identity Location: Identity is in an Attribute element
Attribute Name: email
Service Provider Initiated Request Binding: HTTP Redirect
Identity Provider Login URL: https://<UPSSO_SERVER_HOST>/upsso/upsso-service
Single Logout Enabled: Selected
Identity Provider Single Logout URL: https://<UPSSO_SERVER_HOST>/upsso/logout
Single Logout Request Binding: HTTP POST
6. Please refer to the screenshot below for the reference,
7. Click on the “Save” button.
8. Search and click on “My Domain” from the menu, then click on the “Edit” button as highlighted below.
9. Select the UPSSO checkbox and click on the “Save” button.
TESTING THE INTEGRATION
- Make sure to logout from Salesforce.
- Login into the UPSSO portal as a user having the same email address as a Salesforce user.
- Click on the Salesforce icon as shown below.
4. Enter the OTP and click on the Verify button.
5. Users will be able to access the Salesforce application.