Setup Salesforce as Identity Provider
- Log into Salesforce and go to Setup.
- From the left pane, select Identity->Identity Provider.
- In the service provider section click on the Service Providers are now created via Connected Apps. Click here.
- Enter Connected App Name, API Name and Contact Email.
- Under Web App Settings, check the Enable SAML checkbox and enter the following values:
Entity ID SP-EntityID / Issuer from Service Provider Info Tab ACS URL ACS (AssertionConsumerService) URL from Service Provider Info Tab Subject Type Username Name ID Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
- Now from the left pane, under Administration Setup, select Manage Apps » Connected Apps. Click on the App you just created.
- Under Manage Profiles, Select the profiles you want to give access to log in through this app.
- Under SAML Login Information, click on Download Metadata.
- Open the downloaded file in some browser like chrome, firefox, IE and Search for "ds:X509Certificate" tab and copy the entire string under this tag. The string would be like this: "MII...."
- Keep this certificate value handy for next steps.