SSO to an onsite application
Steps
-
On the Main Menu, click Server Settings.
-
On the Roles and Protocols page in the Server Settings configuration, ensure that both the IdP and SP roles are enabled.
The choice of protocol is not relevant for either role to implement the Salesforce Connector for onsite single sign-on (SSO), but a selection is required to enable a role.
If updates are needed on the page, make sure you click Save.
-
Configure an SP Adapter Instance, if one is not already configured or if you want to use a new one.
Click Adapters under SP Configuration on the Main Menu.
Use any adapter type, including the OpenToken Adapter bundled with PingFederate. Learn more in the PingFederate Administrator’s Manual.
-
On the Main Menu under System Settings, click IdP-to-SP Adapter Mapping and follow the page flow to complete this configuration.
Select the Salesforce IdP Adapter Instance configured earlier as the source instance and any SP Adapter Instance as the target.
Learn more in the PingFederate Administrator’s Manual or click Help on any screen.
-
(Optional) On the Main Menu under SP Configuration, click Default URLs.
If the default SSO URL in the top text box is unspecified and the SP configuration will be used only to set up this Salesforce Connector, you can enter the target-application URL as the default.
The default URL for single logout (SLO) in the second text box does not apply for the Salesforce Connector. SLO is not supported.
Alternatively, you can enter a fallback URL or leave an existing entry unchanged, and provide the target-application URL as a query parameter in the Salesforce link. This recommended process is described in the next section.
Learn more about how default URLs are used in the PingFederate Administrator’s Manual or click Help.