SALESFORCE & UPSSO SAML INTEGRATION GUIDE

This document provides instructions to integrate Salesforce with UPSSO based on SAML protocol.

PREREQUISITES

  1. Administrator access to the Salesforce portal.
  2. Administrator access to UPSSO portal

CONFIGURING SALESFORCE APPLICATION IN UPSSO

  1. Login into the UPSSO portal as an administrator.
  2. Click on the “Application Management” menu item and then “Add Application” button as highlighted below,

3. Click on the Salesforce application icon.

4. Enter the Salesforce URL of your company (For example https://uniqueperform-dev-ed.my.salesforce.com?so=00D7F000007CAji). Click on the Save button.

5. The Salesforce icon will appear under the Application menu item.

DOWNLOADING THE IDP CERTIFICATE

  1. Click on the “IDP Resources” link and then “DOWNLOAD IDP CERTIFICATE” button as highlighted below.

2. A file named “server.crt” will be downloaded. Keep this file as we need this later.

CONFIGURING UPSSO SAML IN SALESFORCE

  1. Login into the Salesforce application as an administrator user.
  2. Search and click on the “Single Sign-On Settings” then click on the “Edit” button as highlighted below.

3. Select the “SAML Enabled” checkbox and click on the Save button.

4. Click on the “New” button as highlighted below.

5. Enter the values as described below (Replace <UPSSO_SERVER_HOST> with IP address or hostname of UPSSO application server)

Name: UPSSO

API Name: UPSSO

Entity ID: Enter the same Salesforce URL configured in the UPSSO application above (For example: https://uniqueperform-dev-ed.my.salesforce.com?so=00D7F000007CAji)

Issuer: https://<UPSSO_SERVER_HOST>/upsso/get-idp-metadata

Identity Provider Certificate: Select the “server.crt” file downloaded from UPSSO application above.

Request Signing Certificate: Select the appropriate certificate

Request Signature Method: RSA-SHA1

Assertion Decryption Certificate: Assertion not encrypted

SAML Identity Type: Assertion contains the User's Salesforce username

SAML Identity Location: Identity is in an Attribute element

Attribute Name: email

Service Provider Initiated Request Binding: HTTP Redirect

Identity Provider Login URL: https://<UPSSO_SERVER_HOST>/upsso/upsso-service

Single Logout Enabled: Selected

Identity Provider Single Logout URL: https://<UPSSO_SERVER_HOST>/upsso/logout

Single Logout Request Binding: HTTP POST

6. Please refer to the screenshot below for the reference,

7. Click on the “Save” button.

8. Search and click on “My Domain” from the menu, then click on the “Edit” button as highlighted below.

9. Select the UPSSO checkbox and click on the “Save” button.

TESTING THE INTEGRATION

  1. Make sure to logout from Salesforce.
  2. Login into the UPSSO portal as a user having the same email address as a Salesforce user.
  3. Click on the Salesforce icon as shown below.

4. Enter the OTP and click on the Verify button.

5. Users will be able to access the Salesforce application.