Configuring Salesforce



Similar documents
For details about using automatic user provisioning with Salesforce, see Configuring user provisioning for Salesforce.

Configuring SuccessFactors

An overview of configuring Intacct for single sign-on. To configure the Intacct application for single-sign on (an overview)

Configuring. SuccessFactors. Chapter 67

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)

Configuring. SugarCRM. Chapter 121

Connected Data. Connected Data requirements for SSO

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)

SP-initiated SSO for Smartsheet is automatically enabled when the SAML feature is activated.

Configuring on-premise Sharepoint server SSO

SAML single sign-on configuration overview

Configuring Parature Self-Service Portal

SAP NetWeaver Fiori. For more information, see "Creating and enabling a trusted provider for Centrify" on page

SAP NetWeaver AS Java

Sharepoint server SSO

Configuring. Moodle. Chapter 82

Creating a generic user-password application profile

SAML single sign-on configuration overview

Configuring an ios App Store application

How To Use Salesforce Identity Features

Egnyte Single Sign-On (SSO) Installation for Okta

McAfee Cloud Identity Manager

Office 365 deployment checklists

Configuring user provisioning for Amazon Web Services (Amazon Specific)

Configuring Single Sign-on from the VMware Identity Manager Service to WebEx

Fairsail. Implementer. Single Sign-On with Fairsail and Microsoft Active Directory Federation Services 2.0. Version 1.92 FS-SSO-XXX-IG R001.

Centrify Cloud Management Suite

Configuring Single Sign-On from the VMware Identity Manager Service to Office 365

Single Sign On (SSO) Implementation Manual. For Connect 5 & MyConnect Sites

Egnyte Single Sign-On (SSO) Installation for OneLogin

This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections:

Getting Started with the Aloha Community Template for Salesforce Identity

PingFederate. Salesforce Connector. Quick Connection Guide. Version 4.1

Configuring Single Sign-on from the VMware Identity Manager Service to Dropbox

To set up Egnyte so employees can log in using SSO, follow the steps below to configure VMware Horizon and Egnyte to work with each other.

Google Apps Deployment Guide

Single Sign-On Implementation Guide

An Overview of Samsung KNOX Active Directory-based Single Sign-On

Single Sign-On Implementation Guide

Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x

Configuring Single Sign-on from the VMware Identity Manager Service to ServiceNow

AVG Business SSO Partner Getting Started Guide

UP L18 Enhanced MDM and Updated Protection Hands-On Lab

Single Sign On for ShareFile with NetScaler. Deployment Guide

IIS, FTP Server and Windows

OneLogin Integration User Guide

Force.com Sites Implementation Guide

HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services

SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy

dotmailer for Salesforce Installation Guide Winter 2015 Version

Single Sign-On Implementation Guide

INTEGRATION GUIDE. DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server

Office 365 deploym. ployment checklists. Chapter 27

Integrating Autotask Service Desk Ticketing with the Cisco OnPlus Portal

Configuring Single Sign-on from the VMware Identity Manager Service to AirWatch Applications

SchoolBooking SSO Integration Guide

McAfee Cloud Identity Manager

SAML application scripting guide

VMware Identity Manager Administration

Using SAML for Single Sign-On in the SOA Software Platform

Identity Implementation Guide

Guide for Setting Up Your Multi-Factor Authentication Account and Using Multi-Factor Authentication. Mobile App Activation

Introduction and overview view of Citrix ShareFile provisioning. Preparing your Citrix ShareFile account for provisioning

Single Sign-On Implementation Guide

CA Nimsoft Service Desk

ADFS Integration Guidelines

TimeTrade Salesforce Connector Administrator Guide

CA Performance Center

Administrator Guide. v 11

Managing policies. Chapter 7

McAfee Cloud Identity Manager

Egnyte Single Sign-On (SSO) Configuration for Active Directory Federation Services (ADFS)

Samsung KNOX EMM Authentication Services. SDK Quick Start Guide

Security Assertion Markup Language (SAML) Site Manager Setup

Flexible Identity Federation

Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER

DIGIPASS as a Service. Google Apps Integration

Cloudfinder for Office 365 User Guide. November 2013

NSi Mobile Installation Guide. Version 6.2

Advanced Configuration Administration Guide

Mobile Iron User Guide

INSTALLATION GUIDE. Installing PhoneBurner for Salesforce. PhoneBurner for Salesforce

Cloud Services MDM. Control Panel Provisioning Guide

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

Zendesk + Salesforce. Step-by-Step Guide to Integrating Zendesk and Salesforce.

Integrating LivePerson with Salesforce

Citrix Virtual Classroom. Deliver file sharing and synchronization services using Citrix ShareFile. Self-paced exercise guide

McAfee Directory Services Connector extension

Managing users. Account sources. Chapter 1

OfficeSuite CRM Connector for Salesforce

Agenda. How to configure

DreamFactory on Microsoft SQL Azure

Cloud Authentication. Getting Started Guide. Version

Salesforce Integration

User-password application scripting guide

Quick Start Guide. Installation and Setup

McAfee Cloud Single Sign On

User Guide. Version R91. English

FileMaker Server 15. Getting Started Guide

CUSTOMER Android for Work Quick Start Guide

Transcription:

Chapter 94 Configuring Salesforce The following is an overview of how to configure the Salesforce.com application for singlesign on: 1 Prepare Salesforce for single sign-on: This involves the following: Verify that the Salesforce account provides SSO: Make sure that you have an account with Salesforce, such as an Enterprise, Unlimited, Professional, Performance, Developer, or Database.com account. These are the only types of Salesforce accounts that can be enabled for SSO. For more information, see "Verifying the Salesforce account edition" on page 94-793. Create a domain (al): If you prefer to use a custom Salesforce domain, create it before configuring the application in Admin Portal. For details, see "Creating a custom domain in Salesforce" on page 94-802. 2 Configure the application settings in Admin Portal. You ll need to copy a few settings from here to paste into the Salesforce web site. For details, see "Configuring Salesforce in Admin Portal" on page 94-794. 3 Configure Salesforce for SSO. For details, see "Configuring Salesforce for SSO" on page 94-799. Note For details about using automatic user provisioning with Salesforce, see Configuring user provisioning for Salesforce. Verifying the Salesforce account edition In order for Salesforce to be configured for SSO, your Salesforce account must be one of the following types: Group (also supports provisioning) Enterprise (also supports provisioning) Unlimited (also supports provisioning) Developer Non-profit Note For the Professional edition, your application must be certified for it to have provisioning API access. For details, see the Salesforce documentation, such as http:// www.salesforce.com/us/developer/docs/packagingguide/content/ dev_packages_api_access.htm and https://developer.salesforce.com/page/ Certification_FAQ. 793

Configuring Salesforce in Admin Portal To verify your Salesforce account edition: 1 Log in to your Salesforce account. 2 Go to Setup, and then Company Profile. The Company Profile page displays your account edition. Configuring Salesforce in Admin Portal To add and configure the Salesforce application in Admin Portal: 1 In Admin Portal, click Apps. 2 Click Add Web Apps. The Add Web Apps screen appears. 3 On the Search tab, enter the partial or full application name in the Search field and click the search icon. 4 Next to the application, click Add. 5 In the Add Web App screen, click Yes to confirm. Admin Portal adds the application. 6 Click Close to exit the Application Catalog. The application that you just added opens to the Application Settings page. Admin Portal user s guide 794

Configuring Salesforce in Admin Portal 7 Specify the following: Assertion Customer Service URL Required or optional Required Set it to [enter your Salesforce login URL] For production accounts, specify the URL that you use to log in to your Salesforce account. The URL begins with the following pattern and ends with a 15-digit ID: https:// login.salesforce.com?so=. For example: https:// login.salesforce.com?so=00d 90000000uBQi For sandbox (test) accounts, specify https://test.salesforce.com. Issuer Required The cloud service generates the contents of this field for you automatically. Encrypt Assertion??? Identity Provider Login URL The contents of this field must exactly match the Issuer field for this application in the Admin Portal and the Issuer field in the Salesforce website. The cloud service automatically generates the content of this field. If you want to do SP-initiated SSO, copy this URL into the Identity Provider Login URL field in Salesforce. If you want IdP-initiated only SSO, leave this field as is and do not copy it over to Salesforce. Chapter 94 Configuring Salesforce 795

Configuring Salesforce in Admin Portal Required or optional Set it to Custom Error URL The cloud service automatically generates the content of this field. If desired, copy this URL into the Custom Error URL field in Salesforce. This custom page in the user portal displays when users encounter an error in Salesforce. Identity Provider Logout URL The cloud service automatically generates the content of this field. When a user logs out of Salesforce, if you want the user to be logged out of the user portal also, copy this URL into Salesforce directly. Otherwise, leave this field as is. 8 On the Application Settings page, expand the Additional s section and specify the following settings: Application ID Configure this field if you are deploying a mobile application that uses the Samsung mobile SDK, for example mobile applications that are deployed into a Samsung KNOX version 1 container. The cloud service uses the Application ID to provide single sign-on to mobile applications. Note the following: The Application ID has to be the same as the text string that is specified as the target in the code of the mobile application written using the mobile SDK. If you change the name of the web application that corresponds to the mobile application, you need to enter the original application name in the Application ID field. There can only be one SAML application deployed with the name used by the mobile application. The Application ID is case-sensitive and can be any combination of letters, numbers, spaces, and special characters up to 256 characters. Admin Portal user s guide 796

Configuring Salesforce in Admin Portal Show in User app list Security Certificate Select Show in User app list so that this web application displays in the user portal. (By default, this option is selected.) If this web application is only needed in order to provide SAML for a corresponding mobile application, deselect this option. This web application won t display for users in the user portal. These settings specify the signing certificate used for secure SSO authentication between the cloud service and the web application. Just be sure to use a matching certificate both in the application settings in the Admin Portal and in the application itself. Select an option to change the signing certificate. Use existing certificate When selected the certificate currently in use is displayed. It s not necessary to select this option it s present to display the current certificate in use. Use the default tenant signing certificate Select this option to use the cloud service standard certificate. This is the default setting. Use a certificate with a private key (pfx file) from your local storage Select this option to use your organization s own certificate. To use your own certificate, you must click Browse to upload an archive file (.p12 or.pfx extension) that contains the certificate along with its private key. If the file has a password, you must enter it when prompted. 9 (al) On the page, you can change the name, description, and logo for the application. For some applications, the name cannot be modified. The Category field specifies the default grouping for the application in the user portal. Users have the option to create a tag that overrides the default grouping in the user portal. 10 On the User Access page, select the role(s) that represent the users and groups that have access to the application. When assigning an application to a role, select either Automatic Install or al Install: Select Automatic Install for applications that you want to appear automatically for users. If you select al Install, the application doesn t automatically appear in the user portal and users have the option to add the application. 11 (al) On the Policy page, specify additional authentication control for this application.you can select one or both of the following settings: Restrict app to clients within the Corporate IP Range: Select this option to prevent users outside the company intranet from launching this application. To use this Chapter 94 Configuring Salesforce 797

Configuring Salesforce in Admin Portal option, you must also specify which IP addresses are considered as your intranet by specifying the Corporate IP range in Settings > Corporate IP Range. Require Strong Authentication: Select this option to force users to authenticate using additional, stronger authentication mechanisms when launching an application. Specify these mechanisms in Policy > Add Policy Set > Account Security Policies > Authentication. You can also include JavaScript code to identify specific circumstances when you want to block an application or you want to require additional authentication methods. For details, see Specifying application access policies with JavaScript. 12 On the Account Mapping page, configure how the login information is mapped to the application s user accounts. The options are as follows: Use the following Directory Service field to supply the user name: Use this option if the user accounts are based on user attributes. For example, specify an Active Directory field such as mail or userprincipalname or a similar field from the Samsung KNOX EMM user service. Everybody shares a single user name: Use this option if you want to share access to an account but not share the user name and password. For example, some people share an application developer account. Use Account Mapping Script: You can customize the user account mapping here by supplying a custom JavaScript script. For example, you could use the following line as a script: LoginUser.Username = LoginUser.Get('mail')+'.ad'; The above script instructs the cloud service to set the login user name to the user s mail attribute value in Active Directory and add.ad to the end. So, if the user s mail attribute value is Adele.Darwin@acme.com then the cloud service uses Adele.Darwin@acme.com.ad. For more information about writing a script to map user accounts, see the SAML application scripting guide. 13 (al) On the Advanced page, you can edit the script that generates the SAML assertion, if needed. In most cases, you don t need to edit this script. For more information, see the SAML application scripting guide. Note On the Changelog page, you can see recent changes that have been made to the application settings, by date, user, and the type of change that was made. 14 Click Workflow to set up a request and approval work flow for this application. The Workflow feature is a premium feature and is available only in the Samsung KNOX EMM User Suite App+ Edition. See Configuring Workflow for more information. 15 Click Save. Admin Portal user s guide 798

Configuring Salesforce for SSO After configuring the application settings (including the role assignment) and the application s web site, you re ready for users to launch the application from the user portal. Configuring Salesforce for SSO You need system administrator permission in Salesforce to perform these steps. Tip It can be useful to open the web application and Admin Portal simultaneously and have them both open, perhaps side by side. As part of the SSO configuration process, you ll need to copy and paste settings between the two browser windows. Salesforce allows you to specify multiple identity providers for SSO. To configure Salesforce for SSO: 1 In your web browser, log in to the Salesforce web site. 2 Navigate to Administration Setup, then Security Controls, then Single Sign-On Settings and click Edit. 3 Under Federated Single Sign-On Using SAML, select SAML Enabled. 4 Click Save. 5 In the Single Sign-On Settings page, click New. The SAML Single Sign-On Setting Edit page displays. Use this page to configure the application for single sign-on from the user portal. 6 Specify the following: Required or optional Set it to Name Required samsungemm The name of your identity provider, such as Samsung. API Name Required samsungemm SAML version Required 2.0 The cloud service uses SAML 2.0. User Provisioning enabled Deselected For details about configuring Salesforce for user provisioning, see Configuring user provisioning for Salesforce. Chapter 94 Configuring Salesforce 799

Configuring Salesforce for SSO Required or optional Set it to Issuer Required [a name of your choosing; recommended to use urn:cloud.samsungemm. com ] The contents of this field must exactly match the Issuer field for this application in Admin Portal and the Issuer field in the Salesforce website. Entity ID Required If using a customized subdomain in Salesforce, set it to that domain. Otherwise, use https:// saml.salesforce.com. Identity provider certificate Signing Certificate Assertion Decryption Certificate Default Certificate Assertion not encrypted SAML Identity Type Required Assertion contains User s Salesforce.com user name SAML Identity Location Required User ID is in the NameIdentifier element of the Subject statement Either use the standard certificate that you downloaded from the Admin Portal, or upload your own certificate (without the key). After you upload the certificate, the certificate information appears in the Current Certificate area. Encrypted assertions are not currently supported by the cloud service. Admin Portal user s guide 800

Configuring Salesforce for SSO Identity Provider Login URL Identity Provider Logout URL 7 Click Save. al [leave this field blank for IdP-initiated only SSO. For SP-initiated, paste the Identity Provider Login URL from the application settings in Admin Portal] If specified, Salesforce uses SP-initiated SAML SSO. Copy the Identity Provider Login URL from Admin Portal to this field. When specifying the URL, the URL must contain the appkey and customerid, such as the following: https:// cloud.samsungemm.com/ run?appkey=salesforce&cust omerid=ab123. Note that appkey is casesensitive. This item can be blank. If you want users to log out of the user portal when they log out of Salesforce, copy the URL from the Salesforce Application Settings in the Admin Portal and paste the URL here. If you want to keep users logged into the user portal after they log out of Salesforce, leave this field as is. Custom Error URL al This item can be blank. If specified, a custom error page displays when a user encounters an error in Salesforce. Service Provider Initiated Request Binding Required or optional Required for SP-initiated SSO Set it to HTTP Post The Error URL is a customized page that displays when a user encounters an error in Salesforce. If desired, paste the Error URL contents from the Salesforce application settings in the Admin Portal. Chapter 94 Configuring Salesforce 801

Configuring Salesforce for SSO 8 If you re going to use SP-initiated SSO, go to Setup, Domain Management, then My Domain, and then under Login Page Branding, click Edit. Note Make sure that you ve deployed your custom domain to users. Otherwise, the user authentication service settings are not available to you in Salesforce. 9 In the Login Page Branding screen, in the Authentication Service section, select both options: Login Page and Samsung. These authentication service options allow your users the option to log in by way of the user portal or by entering their Salesforce user name and password. Selecting the Login Page option provides you and all your users the option to log in using your Salesforce user name and password. If you do not select Login Page, only users who are in Admin Portal and assigned to a role that you ve assigned to Salesforce can access Salesforce. At this time, Salesforce does not yet provide a way to restrict the user name and password login to a subset of users. Tip 10 Click Save. As a best practice, keep Login Page selected. Creating a custom domain in Salesforce You can use a custom domain in Salesforce, if desired. In order to use SP-initiated SSO with Salesforce, you must have a custom domain. For more information, see the following Salesforce information: https://cs1.salesforce.com/help/doc/ user_ed.jsp?section=help&target=domain_name_testing_and_rollout.htm&loc=help&has h=topic-title To register a domain in Salesforce: 1 Log in to your Salesforce account. 2 Go to Setup (under your name in the top, blue bar)> Domain Management > My Domain > Choose your company s domain name. 3 Enter a potential domain name and click Check Availability. 4 If the domain is available, click the Terms and Conditions check box, and click Register domain. Your subdomain is now ready for testing. 5 Click the Click here to login link to log in to your subdomain. To deploy the subdomain, you must be logged in. The login address now includes your newly created subdomain. For example: https://griffin--lg.cs1.my.salesforce.com/?login=1 Admin Portal user s guide 802

Configuring Salesforce mobile applications for SSO 6 In the login screen for your subdomain, enter your normal Salesforce user name and password. 7 Test the domain by clicking tabs and buttons to make sure the Salesforce functionality works as expected. 8 When you re finished testing the domain, deploy it to your users. While logged in to your subdomain, go to Setup, then Domain Management, then My Domain. Click Deploy to Users. 9 Salesforce displays a warning message - once you create the domain, you can t reverse it. All users will be pointed to the new domain after you deploy the domain. Click OK to continue. Salesforce deploys the domain for you and displays your current domain settings, such as the login policy, redirect policy, and domain name. For more information, consult the Salesforce documentation. Configuring Salesforce mobile applications for SSO Salesforce provides mobile applications for both ios and Android devices. To configure the Salesforce mobile app for SSO: 1 Complete SSO configuration as described in "Configuring Salesforce in Admin Portal" on page 94-794 and "Configuring Salesforce for SSO" on page 94-799. 2 Install the Salesforce1 app for your mobile device from itunes or Google Play. 3 Open the app and click the Settings icon. 4 Tap the +. 5 Enter a host name. 6 (al) Enter a label, for example Samsung. 7 Tap Done. 8 Tap Samsung in the Choose Connection box. 9 Sign in with your Salesforce user name and password. 10 Tap Allow to give Salesforce permission to access your account information. If it is the first time you have signed in to this account, the app will ask you to enter an activation code that is emailed to you. Chapter 94 Configuring Salesforce 803

For more information about Salesforce For more information about Salesforce For additional information, see the following: https://na6.salesforce.com/help/doc/user_ed.jsp?loc=help&target=sso_saml.htm& https://na14.salesforce.com/help/doc/ user_ed.jsp?loc=help&target=sso_saml.htm&section=security https://help.salesforce.com/apex/htviewhelpdoc?id=sso_tips.htm&language=en_us Admin Portal user s guide 804

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information