Salesforce as IdP

Step 1: Setup Salesforce as Identity Provider

  • Log into Salesforce and go to Setup.
  • From the left pane, select IdentityIdentity Provider.
  • In the service provider section select the option to set the Service provider using connected apps.
  • Enter Connected App Name, API Name and Contact Email.
  • OAuth/OpenID/OIDC Single Sign On (SSO), Salesforce SSO Login-1

  • Under Web App Settings, check the Enable SAML checkbox and enter the following values:
  • Entity ID SP-EntityID / Issuer from Service Provider Info Tab
    ACS URL ACS (AssertionConsumerService) URL from Service Provider Info Tab
    Subject Type Username
    Name ID Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
  • Now from the left pane, under Administration Setup, select Manage Apps ยป Connected Apps. Click on the app you just created.
  • Under Manage Profiles, select the profiles you want to give access to log in through this app.
  • Under SAML Login Information, click on Download Metadata.
  • Open the downloaded file in any browser and search for "ds:X509Certificate" tab and copy the entire string under this tag. The string would be like this: "MII...."
  • Keep this certificate value handy for next steps.
  • OAuth/OpenID/OIDC Single Sign On (SSO), Salesforce SSO Login-2