This article is an add-on to our SAML configuration guide, supplementing the process described there with specific details and additional information unique to configuring SAML for the Salesforce SAML 2.0 app connector in OneLogin's app catalog.
Configuring OneLogin's Salesforce App Connector
Take a look at this brief training video to learn more about using Salesforce with OneLogin.
Watch Now
Prerequisites
- Administrative access to enable SAML in Salesforce; you should follow the Salesforce SAML process described there in conjunction with your OneLogin setup, as you will be exchanging some details between your accounts during the configuration. Additionally, you should require single sign-on (SSO) for your Salesforce users.
- If you intend to configure both SAML and provisioning for Salesforce, you must enable provisioning before completing your SAML configuration.
Configuration
In the "Salesforce Login URL" field, enter the enhanced domain URL for your Salesforce account.
Parameters
Ensure that Credentials are Configured by admin and that the User ID Salesforce parameter is mapped to Email in OneLogin.
The Locale, Permission Sets, Profile, Role, and Time Zone fields are set by Salesforce and will be mapped based on your organization's configuration.
SSO
Copy your OneLogin SSO values to their corresponding fields in Salesforce:
OneLogin
|
Salesforce
|
Issuer URL
|
Issuer
|
SAML 2.0 Endpoint (HTTP)
Note: You will also need this value if configuring Salesforce Communities in OneLogin.
|
Identity Provider Login URL
|
SLO Endpoint (HTTP)
|
Identity Provider Logout URL
|
X.509 Certificate
|
Identity Provider Certificate
|
SAML Signature Algorithm
|
Request Signature Method
|
|