This site requires JavaScript to be enabled
Customer Service > General > Configuring SAML for Salesforce
Configuring SAML for Salesforce
Article: KB0010329 Published: 01/30/2026 Last modified: 01/30/2026

IMPORTANT: Starting from 03 February 2026, Salesforce will enforce a Device Activation prompt for new devices using SSO. As OneLogin does not yet handle this behavior change automatically, users will now receive two prompts—a OneLogin MFA prompt and a verification email from Salesforce—when logging in from a new device. In order to avoid this double prompting behavior, you can configure Salesforce to trust your IP ranges. See Set Trusted IP Ranges for Your Org and Restrict Login IP Addresses in Profiles.

For more information, see the related Salesforce Knowledge Base Article.

This article is an add-on to our SAML configuration guide, supplementing the process described there with specific details and additional information unique to configuring SAML for the Salesforce SAML 2.0 app connector in OneLogin's app catalog.

Configuring OneLogin's Salesforce App Connector

Take a look at this brief training video to learn more about using Salesforce with OneLogin.

Watch Now

Prerequisites

  • Administrative access to enable SAML in Salesforce; you should follow the Salesforce SAML process described there in conjunction with your OneLogin setup, as you will be exchanging some details between your accounts during the configuration. Additionally, you should require single sign-on (SSO) for your Salesforce users.
  • If you intend to configure both SAML and provisioning for Salesforce, you must enable provisioning before completing your SAML configuration.

Table of Contents

 

 

Configuration

In the "Salesforce Login URL" field, enter the enhanced domain URL for your Salesforce account.

 

 

Parameters

Ensure that Credentials are Configured by admin and that the User ID Salesforce parameter is mapped to Email in OneLogin.

The Locale, Permission Sets, Profile, Role, and Time Zone fields are set by Salesforce and will be mapped based on your organization's configuration.

 

 

SSO

Copy your OneLogin SSO values to their corresponding fields in Salesforce:

OneLogin

Salesforce

Issuer URL

Issuer

SAML 2.0 Endpoint (HTTP)

Note: You will also need this value if configuring Salesforce Communities in OneLogin.

Identity Provider Login URL

SLO Endpoint (HTTP)

Identity Provider Logout URL

X.509 Certificate

Identity Provider Certificate

SAML Signature Algorithm

Request Signature Method
Expand/Collapse Comments
:     
Was this helpful?
YesYesNoNo