Registering PingFederate as an SSO provider in Salesforce
About this task
The Salesforce Connector quick-connection template helps you create a connection to Salesforce by pre-populating some configuration settings. Some of the configuration information comes from a SAML metadata XML file that you can export from the Salesforce console after registering PingFederate as a single sign-on (SSO) provider. You can find detailed configuration instructions in Configure SAML Settings for SSO in the Salesforce documentation.
|
SAML XML transmissions containing assertions must be digitally signed. If you haven’t done so, export the public certificate for the signing key to be used for the Salesforce connections. Note the file location. Certificate export is available through the Digital Signing section in the security section of the PingFederate Main Menu. |
Steps
-
Sign on to Salesforce as an administrator.
-
On the Setup console, on the search bar, enter
Single Sign-On Settingsand then click Single Sign-On Settings. -
On the Single Sign-On Settings page, under SAML Single Sign-On Settings, click New.
-
On the SAML Single Sign-On Settings page, enter the SAML information for your PingFederate server.
-
In the Name field, enter a name that you choose, such as
My PingFederate Instance. -
In the API Name field, enter a name that you choose without spaces or special characters, such as
MyPingFederateInstance. -
In the Issuer field, do one of the following:
Choose from:
-
If you want PingFederate to use a custom entity ID with Salesforce, enter a name that you choose. When you complete Creating a connection, add the name in the Virtual Server IDs field.
-
Otherwise, enter the SAML 2.0 Entity ID that you chose in Enabling provisioning and single sign-on (SSO) in PingFederate.
-
-
For Identity Provider Certificate, upload your PingFederate signing certificate.
-
In the Entity ID field, do one of the following:
Choose from:
-
If you want to integrate with Salesforce Communities, enter the URL for your Salesforce community.
On the Salesforce Setup console, on the Platform Tools > Feature Settings > Communities > All Communities page, copy your community URL.
-
Otherwise, enter your Salesforce domain. For example, "mycompany.my.salesforce.com" in the URL https://mycompany.my.salesforce.com.
-
-
(Optional) In the Identity Provider Login URL field, enter the PingFederate endpoint URL for SSO.
After you complete the steps in Creating a connection, you can copy the SSO URL from the connection summary page.
-
(Optional) In the Custom Logout URL field, enter the logout URL for your IdP application. Salesforce redirects a user to this URL after ending the Salesforce session.
-
Click Save.
-
On the SAML Single Sign-On Settings page, click Download Metadata. Save the
SAMLSP-xxxxxxxxxxxxxxx.xmlfile.