Step 1: Setup Salesforce as Identity Provider
- Log into your Salesforce account.
- Switch to Salesforce Classic mode from profile menu and then go to the Setup page.
- From the left pane, select Security ControlsIdentity Provider.
- In the Service Provider section, click on the link to create the Service Provider using Connected Apps.
- Enter Connected App Name, API Name and Contact Email.
- Under the Web App Settings, check the Enable SAML checkbox and enter the following values:
- Now from the left pane, under Administer section, go to Manage AppsConnected Apps. Click on the app you just created.
- Under Profiles section click Manage Profiles button and select the profiles you want to give access to log in through this app.
- Under SAML Login Information, click on Download Metadata.
- Keep this metadata handy for the next steps.


Entity ID | SP-EntityID / Issuer from Service Provider Info Tab |
ACS URL | ACS (AssertionConsumerService) URL from Service Provider Info Tab |
Subject Type | Username |
Name ID Format | urn:oasis:names:tc:SAML:2.0:nameid-format:persistent |

Step 2: Setup Confluence as Service Provider
Now we will go through the steps to setup Confluence as a Service Provider using miniOrange add-on:
Configure Identity Provider
Step 1. Adding IDP settings in add-on
- With the information you have been given by your IDP, you can configure IdP settings in 3 ways.
- Click on Import from Metadata in Configure IDP tab.
- Select IDP: Import From Metadata URL.
- Enter your metadata URL.
- If your IDP changes certificates at intervals(Eg. Azure AD), you can select Refresh metadata periodically. Select 5 minutes for the best results.
- Click Import.
- Click on Import from Metadata in Configure IDP tab.
- Select IDP: Import from Metadata File.
- Upload metadata file.
- Click Import.
- Go to Configure IDP tab and enter the following details.
By Metadata URL:

By uploading Metadata XML file:

Manual Configuration:
1. IDP Name
2. IDP Entity ID
3. Single Sign On URL
4. Single Logout URL
5. X.509 Certificate
