Salesforce as IdP

Setup Salesforce as Identity Provider

  1. Log into Salesforce and go to Setup.
  2. From the left pane, select Identity->Identity Provider.
  3. In the service provider section click on the Service Providers are now created via Connected Apps. Click here.
  4. Enter Connected App Name, API Name and Contact Email.

  5. Under Web App Settings, check the Enable SAML checkbox and enter the following values:
    Entity ID SP-EntityID / Issuer from Service Provider Info Tab
    ACS URL ACS (AssertionConsumerService) URL from Service Provider Info Tab
    Subject Type Username
    Name ID Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
  6. Now from the left pane, under Administration Setup, select Manage Apps » Connected Apps. Click on the App you just created.
  7. Under Manage Profiles, Select the profiles you want to give access to log in through this app.
  8. Under SAML Login Information, click on Download Metadata.
  9. Open the downloaded file in some browser like chrome, firefox, IE and  Search for "ds:X509Certificate" tab and copy the entire string under this tag. The string would be like this: "MII...."
  10. Keep this certificate value handy for next steps.