Salesforce SAML Single Sign-On (SSO) with Magento as SAML IdP . Magento SAML IdP extenstion gives you the ability to use your Magento credentials to login into Salesforce (SP). Here we will go through a step-by-step guide to configure SSO between Salesforce as SP (Service Provider) and Magento as IDP (Identity Provider).

Pre-requisites: Download and Installation

Installation using Composer:

• Purchase the miniOrange SAML IDP Single Sign-On extension from magento marketplace.
• Go to My profile -> My Purchases
• Please ensure you are using correct access keys (My Profile - Access Keys)
• Paste the access keys in your auth.json file inside your project
• Use the below command to add the extension to your project.

  "composer require {module_name}:{version}"

• You can see the module name and list of versions in the selector below the extension module name.
• Run the following commands on command prompt to enable the extension.

php bin/magento setup:di:compile

php bin/magento setup:upgrade

Manual Installation:

• Download the miniOrange SAML IDP Single Sign-On extension.
• Unzip all contents of the zip inside the MiniOrange/IDPSaml directory.

{Root Directory of Magento} app code MiniOrange IDPSaml

• Run the following commands on command prompt to enable the extension

php bin/magento setup:di:compile

php bin/magento setup:upgrade

Steps to configure Salesforce SAML Single Sign-on ( SSO ) Login into Magento 2

1. Configure Magento as Identity Provider

• In the miniOrage SAML Identity Provider extension, go to Service Provider settings tab of the extension.
• Provide the required settings (i.e. SP Entity ID/Issuer, ACS URL) find to your Service Provider Salesforce and click on Save button to save your configuration.

2. Configure Salesforce as Service Provider

• Open a new browser tab or window, Login into your Salesforce account as Account Admin.
• Select either Salesforce Classic: Navigate to Setup > Security Controls > Single Sign-On Settings.

• Or Salesforce Lightening Experience: Click the gear icon, then navigate to Setup > Identity > Single Sign-On Settings.

• On the Single Sign-On Settings page and click on Edit button.

• Check the SAML Enabled box to enable the use of SAML Single-Sign On, then click on Save button.

• Click on New to open SAML Single Sign-On Settings.


Name	Enter a name of your choice
SAML Version	Make sure this is set to 2.0. This should be enabled by default.
Issuer	Copy and paste the IDP-Entity URL/Issuer from IDP Metadata tab of Magentp SAML Identity Provider (Idp) module.
Identity Provider Certificate	Download the Certificate from IDP Metadata Open it in notepad. Copy and paste the content here.
Identity Provider Login URL	Copy and paste the SAML Login URL from IDP Metadata tab of Magento SAML Identity Provider (Idp) module.
Custom Logout URL	Copy and paste the SAML Logout URL from IDP Metadata tab of Magento SAML Identity Provider (Idp) module.
API Name	Enter an API name of your choice.
Entity ID	If you have a custom domain setup, use https://[customDomain].my.salesforce.comIf you do not have a custom domain setup, use https://saml.salesforce.com

• Click on Save button.

• Copy your Login URL and Entity ID.

3. Attribute Mapping

• In the Magento IDP extension, navigate to the Attribute Mapping tab.
• In the User Attributes section, enter the following information and click on Save .
• You can also add more attributes by clicking on + sign to add attributes.

4. SSO Testing

• Open a new browser or private incognito window and enter your Salesforce URL, which will redirect you to the Magento login screen.
• Enter your Magento credentials and click the log in button.
• If you are redirected to your Salesforce start page and successfully logged in, your configuration is correct.

Additional Resources

• What is Single Sign-On (SSO)?
• What is SAML?
• Magento SAML Single Sign-On (SSO)
• Magento OAuth Client Single Sign-On (SSO)
• Frequently Asked Questions (FAQs)