SALESFORCE & UPSSO SAML INTEGRATION GUIDE
This document provides instructions to integrate Salesforce with UPSSO based on SAML protocol.
PREREQUISITES
Administrator access to the Salesforce portal.
Administrator access to UPSSO portal
CONFIGURING SALESFORCE APPLICATION IN UPSSO
Login into the UPSSO portal as an administrator.
Click on the “Application Management” menu and then click new record button and select SAML application as highlighted below.
3. Click on the Salesforce application icon.
4. Enter the Salesforce URL of your company .Click on the Save button.
5. The Salesforce icon will appear under the Application menu item.
DOWNLOADING THE IDP CERTIFICATE
Click on the “IDP Resources” link and then “DOWNLOAD IDP CERTIFICATE” button.
2. A file named “server.crt” will be downloaded. Keep this file as we need this later.
CONFIGURING UPSSO SAML IN SALESFORCE
Login into the Salesforce application as an administrator user.
Search and click on the “Single Sign-On Settings” then click on the “Edit” button as highlighted below.
3. . Select the “SAML Enabled” checkbox and click on the Save button.
4. Click on the “New” button as highlighted below.
5.Enter the values as described below (Replace <UPSSO_SERVER_HOST> with IP address or hostname of UPSSO application server)
Name: UPSSO
API Name: UPSSO
Entity ID: Enter the same Salesforce URL configured in the UPSSO application above
Issuer: https://<UPSSO_SERVER_HOST>/upsso/get-idp-metadata
Identity Provider Certificate: Select the “server.crt” file downloaded from UPSSO application above.
Request Signing Certificate: Select the appropriate certificate
Request Signature Method: RSA-SHA1
Assertion Decryption Certificate: Assertion not encrypted
SAML Identity Type: Assertion contains the User's Salesforce username
SAML Identity Location: Identity is in an Attribute element
Attribute Name: email
Service Provider Initiated Request Binding: HTTP Redirect
Identity Provider Login URL: https://<UPSSO_SERVER_HOST>/upsso/upsso-service
Single Logout Enabled: Selected
Identity Provider Single Logout URL: https://<UPSSO_SERVER_HOST>/upsso/logout
Single Logout Request Binding: HTTP POST
6. Please refer to the screenshot below for the reference.
7. Click on the “Save” button.
8. Search and click on “My Domain” from the menu, then click on the “Edit” button as highlighted below.
9. Select the Athentication Service checkbox which is applicable and click on the “Save” button.
TESTING THE INTEGRATION
Make sure to logout from Salesforce.
Login into the UPSSO portal as a user having the same email address as a Salesforce user.
Click on the Salesforce icon as shown below.
4. Select the OTP method and enter the OTP and click on the Verify button.
5. Users will be able to access the Salesforce application.
BYPASS SSO URL
https://<YOUR_COMPANY _SALESFORCE_URL>-dev-ed.my.salesforce.com/
Only Admin can login through the above link directly
Non-admin cannot and has to go through the SSO