Salesforce OpenID Integration
This document provides the instructions for setting up UPSSO as a Third Party IDP to Salesforce application using OpenID.
PREREQUISITES
Administrator access to the UPSSO portal.
Administrator access to the Salesforce application.
CONFIGURING Salesforce OpenID in UPSSO
Login into UPSSO portal as an administrator
Click on the “Application Management” from the left side navigation menu.
Click on the “+ New Record” button. And click the Openid Application.

Enter the given fields to configure salesforce openid.
Name : Enter the name of the salesforce openid
Client id : Enter the client ID of the salesforce openid
Redirect url : Enter the redirect URL
Sub field : choose the sub field
Click url : Enter the click URL
Application Image : Select the openid logo


CONFIGURING UPSSO OPENID IN SALESFORCE
Login into the Salesforce application as an administrator user.
Search and click on the “Auth. Providers”.
Click New
For the provider type, select OpenID Connect.
Enter a name for the provider.
Enter the URL suffix, which is used in the client configuration URLs. For example, if the URL suffix of your authentication provider is MyOpenIDConnectProvider, your SSO URL is similar to https://mydomain_url or site_url /services/auth/sso/OpenIDConnectProvider.
For Consumer Key, use the client ID from your OpenID provider.
For Consumer Secret, use the client secret from your OpenID provider.
For Authorize Endpoint URL, enter the base URL from your OpenID provider - https://<UPSSO_SERVER_HOST>/upsso/openid-authorize
Enter the token endpoint URL from your OpenID provider - https://<UPSSO_SERVER_HOST>/upsso/openid-token
Token Issuer - field identifies the source of the authentication token in the form https://<UPSSO_SERVER_HOST>/upsso/
Save the settings.
TESTING THE INTEGRATION
Login into the UPSSO portal as a user having the same email address as a salerforce user.
Click on the Salesforce OpenID.
Select the OTP method and enter the OTP and click on the Verify button.
Consent screen will be displayed , click on accept to login to the application.
Users will be able to access the salesforce application.

