SAML Single Sign-On (SSO) For DotNetNuke Sites Using Salesforce Community As IDP

DotNetNuke SAML SP Single Sign-On (SSO) module gives the ability to enable SAML Single Sign-On for your DotNetNuke applications. Using Single Sign-On you can use only one password to access your DotNetNuke application and services. Our module is compatible with all the SAML compliant Identity providers. Here we will go through a step-by-step guide to configure Single Sign-On (SSO) between DotNetNuke and Salesforce Community considering Salesforce Community as IdP

Pre-requisites : Download And Installation

• Download the package for DNN SAML Single Sign-On (SSO) module.
• Upload the installation package dnn-saml-single-sign-on_xxx_Install by going in Settings > Extension > Install Extension.

1. Add module on DNN page

• Open any of the page on your DNN site (Edit mode) and Click on Add Module.

• Search for DNNSAMLSSO and click on the DNNSAMLSSO. Drag and drop the module on the page where you want.

• You have finished with the Installation of the module on your DNN site.

2. Configure Salesforce Community as Identity Provider

• Go to Module Settings >> DNNSAMLSSO Settings .


A] Select your Identity Provider

• Select Salesforce from the list. If you don't find your Identity provider in the list, select Custom IDP. You can also search for your Identity Provider using the search box.


B] Configure your Identity Provider

• Under the Service Provider Settings tab, you can download SP metadata as a XML document or copy the metadata url.
• Alternatively, copy and paste the SP Entity ID and ACS Url from the SP metadata Table to your IdP configuration page.

• Log into your Salesforce account as admin.
• Switch to Salesforce Lightning mode from profile menu and then go to the Setup page by clicking on setup button.


• From the left pane, select Settings TabIdentity Provider.


• Click on Enable Identity Provider.


• In the Service Provider section, click on the link to create the Service Provider using Connected Apps.


• Enter Connected App Name, API Name and Contact Email.

Connected App Name	Provide a name for Connected App
API Name	Provide a API name
Contact Email	Provide a Contact Email




• Under the Web App Settings, check the Enable SAML checkbox and enter the following values:

Enable SAML	Checked
Entity ID	SP-EntityID / Issuer from Service Provider Metadata tab of the plugin
ACS URL	ACS (AssertionConsumerService) URL from Service Provider Metadata tab of the plugin
Subject Type	Username
Name ID Format	urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified




• Click on Save to save the configuration.
• Now from the left pane, under Platform Tools section, go to Connected AppsManage Connected Apps. Click on the app you just created.


• In the Profiles section click Manage Profiles button.


• Assign the Profiles you want to give access to log in through this app.


• Under SAML Login Information, click on Download Metadata for your corresponding Salesforce community. .


• Keep this metadata handy for configuring the Service Provider.

3. Configure DotNetNuke SAML Module as Service Provider

Configure your Service Provider

• To upload IdP's metadata, you can use the Upload IdP metadata button under the Identity Provider Settings tab, if you have the IdP metadata URL or the IdP metadata .xml file.
• Alternatively, you can copy the IDP Entity ID and Single Sign-On Url values from the IdP and fill them up under the Identity Provider Settings tab.

4: Test Configuration

• Click the Test Configuration button to verify if you have configured the plugin correctly.
• On successful configuration, you will get Attribute Name and Attribute Values in the Test Configuration window.

5: Adding Login Widget on DNN Page

• For Adding Button on the DNN page on beside the module settings click on the Add Item (Pencil Icon).

• Add Button name and click on Save.

• You can see login button on the page after saving item. (If you are already logged in your site, you will see a "Logout" link).

Note : If you want to Enable this button on every page of the DNN site follow below steps

• Go to the Settings >> Module Settings >> Advanced Settings and Enable option for Display Module On All Page.

• Warning: You will lose all your configuration for the module after enabling this option. You can re-configure the module or it is better to enable this option before configuring the module.

6: Attribute Mapping

• Attributes are user details that are stored in your Identity Provider.
• Attribute Mapping helps you to get user attributes from your IdP and map them to DotNetNuke user attributes like firstname, lastname etc..
• While auto registering the users in your DotNetNuke site these attributes will automatically get mapped to your DotNetNuke user details.
• Go to DNNSAMLSSO Settings >> Advanced settings >> Attribute Mapping.

7: Role mapping (It is Optional to fill this)

• DotNetNuke uses a concept of Roles, designed to give the site owner the ability to control what users can and cannot do within the site.
• DotNetNuke has five pre-defined roles: Administrators, Subscribers, Registered Users, Translator (en-US) and Unverified Users.
• Role mapping helps you to assign specific roles to users of a certain group in your IdP.
• While auto registering, the users are assigned roles based on the group they are mapped to.

You can configure the DotNetNuke SAML 2.0 Single Sign-On (SSO) module with any Identity Provider such as ADFS, Azure AD, Bitium, Centrify, G Suite, JBoss Keycloak, Okta, OneLogin, Salesforce, AWS Cognito, OpenAM, Oracle, PingFederate, PingOne, RSA SecureID, Shibboleth-2, Shibboleth-3, SimpleSAML, WSO2 or even with your own custom identity provider.

If you are looking to Single Sign-On into your sites with any SAML compliant Identity Provider then we have a separate solution for that. We do provide SSO solutions for the following: