DotNetNuke SAML SP Single Sign-On (SSO) module gives the ability to enable SAML Single Sign-On for your DotNetNuke applications.
Using Single Sign-On you can use only one password to access your DotNetNuke application and services.
Our module is compatible with all the SAML compliant Identity providers.
Here we will go through a step-by-step guide to configure Single Sign-On (SSO) between DotNetNuke and Salesforce Community considering Salesforce Community as IdP
Pre-requisites : Download And Installation
- Download the package for DNN SAML Single Sign-On (SSO) module.
- Upload the installation package dnn-saml-single-sign-on_xxx_Install by going in Settings > Extension > Install Extension.
1. Add module on DNN page
- Open any of the page on your DNN site (Edit mode) and Click on Add Module.
- Search for DNNSAMLSSO and click on the DNNSAMLSSO. Drag and drop the module on the page where you want.
- You have finished with the Installation of the module on your DNN site.
2. Configure Salesforce Community as Identity Provider
- Go to Module Settings >> DNNSAMLSSO Settings .
A] Select your Identity Provider
- Select Salesforce from the list. If you don't find your Identity provider in the list, select Custom IDP. You can also search for your Identity Provider using the search box.
B] Configure your Identity Provider
- Under the Service Provider Settings tab, you can download SP metadata as a XML document or copy the metadata url.
- Alternatively, copy and paste the SP Entity ID and ACS Url from the SP metadata Table to your IdP configuration page.
- Log into your Salesforce account as admin.
- Switch to Salesforce Lightning mode from profile menu and then go to the Setup page by clicking on setup button.

- From the left pane, select Settings TabIdentity Provider.

- Click on Enable Identity Provider.
- In the Service Provider section, click on the link to create the Service Provider using Connected Apps.

- Enter Connected App Name, API Name and Contact Email.
Connected App Name |
Provide a name for Connected App |
API Name |
Provide a API name |
Contact Email |
Provide a Contact Email |

- Under the Web App Settings, check the Enable SAML checkbox and enter the following values:
Enable SAML |
Checked |
Entity ID |
SP-EntityID / Issuer from Service Provider Metadata tab of the plugin |
ACS URL |
ACS (AssertionConsumerService) URL from Service Provider Metadata tab of the plugin |
Subject Type |
Username |
Name ID Format |
urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified |
- Click on Save to save the configuration.
- Now from the left pane, under Platform Tools section, go to Connected AppsManage Connected Apps. Click on the app you just created.

- In the Profiles section click Manage Profiles button.

- Assign the Profiles you want to give access to log in through this app.

- Under SAML Login Information, click on Download Metadata for your corresponding Salesforce community.
.

- Keep this metadata handy for configuring the Service Provider.
3. Configure DotNetNuke SAML Module as Service Provider
4: Test Configuration
- Click the Test Configuration button to verify if you have configured the plugin correctly.
- On successful configuration, you will get Attribute Name and Attribute Values in the Test Configuration window.
5: Adding Login Widget on DNN Page
6: Attribute Mapping
- Attributes are user details that are stored in your Identity Provider.
- Attribute Mapping helps you to get user attributes from your IdP and map them to DotNetNuke user attributes like firstname, lastname etc..
- While auto registering the users in your DotNetNuke site these attributes will automatically get mapped to your DotNetNuke user details.
- Go to DNNSAMLSSO Settings >> Advanced settings >> Attribute Mapping.
7: Role mapping (It is Optional to fill this)
- DotNetNuke uses a concept of Roles, designed to give the site owner the ability to control what users can and cannot do within the site.
- DotNetNuke has five pre-defined roles: Administrators, Subscribers, Registered Users, Translator (en-US) and Unverified Users.
- Role mapping helps you to assign specific roles to users of a certain group in your IdP.
- While auto registering, the users are assigned roles based on the group they are mapped to.
You can configure the DotNetNuke SAML 2.0 Single Sign-On (SSO) module with any Identity Provider such as
ADFS, Azure AD, Bitium, Centrify, G Suite, JBoss Keycloak, Okta, OneLogin, Salesforce, AWS Cognito,
OpenAM, Oracle, PingFederate, PingOne, RSA SecureID, Shibboleth-2, Shibboleth-3, SimpleSAML, WSO2 or
even with your own custom identity provider.
If you are looking to Single Sign-On into your sites with any SAML compliant Identity Provider then we have a separate solution for that. We do provide SSO solutions for the following:
×