Step by Step Guide to Setup Salesforce as IdP

STEP 1: Log into salesforce and go to Setup.
STEP 2: From the left pane, select App Setup » Create » Apps.

STEP 3: Under Connected Apps, select New.

STEP 4: Enter Connected App Name, API Name and Contact Email.

STEP 5: Under Web App Settings, check the Enable SAML checkbox and enter the following values:

Entity ID: Issuer from the SAML plugin under Identity Provider Setup Tab.
ACS URL: ACS URL from the SAML plugin under Identity Provider Setup Tab.
Subject Type: Username
Name ID Format: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent



  • Now from left pane, under Administration Setup, select Manage Apps » Connected Apps.
  • Click on the App you just created.
  • Under Manage Profiles, Select the profiles you want to give access to login through this app.


  • Under SAML Login Information, click on Download Metadata.
  • Open the downloaded file in some browser like chrome, Firefox, IE.
  • Search for “ds:X509Certificate” tab and copy the entire string under this tag. String would be like this:
  • Keep this certificate value handy for next steps.


STEP 8: In miniOrange SAML plugin, go to Service Provider Setup tab. Enter the following values:

Identity Provider Name: Salesforce
SAML Login URL: /idp/endpoint/HttpRedirect
IdP Entity ID:
X.509 Certificate: Paste the certificate value you copied from the Metadata file.
Response Signed: Checked
Assertion Signed: Unchecked