- Log into your Passly Tenant.
- Select SSO Manager.
- Select the small plus in the bottom right corner.
- Select Salesforce from the vertical list selection.
- Enable the Application
Select the preferred Authentication Policy.
- Select Protocol Setup.
- Updated the Audience URI: https://saml.salesforce.com
- Select Add Application.
- From the SSO Manager select Salesforce.
- Select Permissions.
Note: Here is where you will define the User groups that will have access to the App.
- Select Signing and Encryption.
- Select Download Certificate.
Note: You will need this certificate in the SFDC configuration.
Enabling Salesforce.com for SAML support
Next log into Salesforce.com with an administrator account and navigate to the Single Sign On settings section.
- Configure the Single Sign On Settings as follows:
- SAML Enabled: Checked
- SAML Version: 2.0
- Issuer: https://<Your Passly tenant.my.passly.com>/trust
- User Provisioning Enabled: <User Preference>
- Identity Provider Login URL: https://<Your Passly tenant.my.passly.com>/SSO/federation/passive/Saml2SpInit
- SAML User ID Type: Assertion contains User’s salesforce.com username
- SAML User ID Location: User ID is in the NameIdentifier element of the Subject statement
- Service Provider Initiated Request Binding: HTTP Redirect
- Upload the Identity provider certificate from the Passly Single Sign On server.
Once Salesforce.com has been configured for Single Sign-On, try logging in via you’re my Domain, e.g. https://customer.my.salesforce.com.
This should redirect you to Passly Single sign On, prompt for your MFA credential, and redirect back into Salesforce.
For more information on how to use Rich Clients like Salesforce Chatter with Single Sign On take a look at the Developerforce article: Single Sign-On for Desktop and Mobile Applications using SAML and OAuth. You will find the pertinent configuration details under the "A Detailed Example section".