Configuring Single Sign-On for Salesforce
Solution:
Salesforce is considered a behemoth when it comes to cloud apps that help you boost your sales. Most companies worldwide depend on Salesforce CRM to manage all their customers' and partners' information from a single console. Wouldn't it be great if your sales team could have a hassle-free login experience to all the business critical apps in the Salesforce software suite? ADSelfService Plus' single sign-on (SSO) feature does exactly that.
Once you’ve configured SSO for Salesforce in ADSelfService Plus, end users can easily access all their Salesforce apps with just their Active Directory or Windows credentials. Here are the steps to configure SSO for Salesforce.
Prerequisites
- Make sure the ADSelfService Plus server can be accessed through an HTTPS connection (Access URL must be configured as HTTPS). For detailed steps, click here.
- Log in to ADSelfService Plus as an administrator.
- Navigate to Configuration → Self-Service → Password Sync/ Single Sign On → Add Application, and select Salesforce from the applications displayed.
Note: You can also find the Salesforce application you need from the search bar located in the left pane, or the navigation option in the right pane.
- Click IdP details in the top-right corner of the screen.
- In the pop-up that appears, download the SSO certificate by clicking Download Metadata.
Salesforce configuration steps
- Log in to Salesforce with administrator credentials.
Note: The steps below reference Salesforce Lightning.
- Click the Gear icon in the top-right corner.
- Navigate to Setup → Settings (from the left panel menu) → Identity → Single Sign-On Settings.
- Click Edit.
- Select SAML Enabled and click Save.
- Click New from Metadata File under SAML Single Sign-On Settings.
- Upload the metadata file downloaded in Step 5 of Prerequisites, then click Create.
- Modify the Name and API Name with valid names for reference.
- Click Save.
- Copy the Login URL, which will be your SAML Redirect URL when configuring ADSelfService Plus.
- To map SSO login to a particular domain login page:
- Navigate to Settings (from the left panel menu) > Company Settings > My Domain.
- Click Edit in the Edit Authentication Configuration of the required domain.
- Select SSO configuration under Authentication Service.
- Click Save.
ADSelfService Plus configuration steps:
- Now switch to ADSelfService Plus’ Salesforce configuration page.
- Enter the Application Name and Description.
- Enter the Domain Name of your Salesforce account. For example, if you use johndoe@thinktodaytech.com to log in to Salesforce, then thinktodaytech.com is the domain name.
- Under the Assign Policies field, select the policies for which SSO needs to be enabled.
Note: ADSelfService Plus allows you to create OU- and group-based policies for your AD domains. To create a policy, go to Configuration → Self-Service → Policy Configuration → Add New Policy.
- Select Enable Single Sign-On.
- For the SAML Redirect URL field, enter the Login URL you saved in Step 10 of Salesforce configuration steps.
- Click Add Application.
Your users can now sign in to Salesforce through ADSelfService Plus.
ADSelfService Plus also allows users to access their Salesforce accounts from its web console with just a click.
Highlights
Free Active Directory users from attending lengthy help desk calls by allowing them to self-service their password resets/ account unlock tasks. Hassle-free password change for Active Directory users with ADSelfService Plus ‘Change Password’ console.
Get seamless one-click access to 100+ cloud applications. With enterprise single sign-on, users can access all their cloud applications with their Active Directory credentials. Thanks to ADSelfService Plus!
Intimate Active Directory users of their impending password/account expiry by mailing them these password/account expiry notifications.
Synchronize Windows Active Directory user password/account changes across multiple systems, automatically, including Office 365, G Suite, IBM iSeries and more.
Ensure strong user passwords that resist various hacking threats with ADSelfService Plus by enforcing Active Directory users to adhere to compliant passwords via displaying password complexity requirements.
Portal that lets Active Directory users update their latest information and a quick search facility to scout for information about peers by using search keys, like contact number, of the personality being searched.