{{appName}} Demo

Flow

Step-1

• Provide Federation ID in the SSO Information section of the User, who will login using SSO
  In our case: joesimple@mohansun.org is for our user Joe Simple

Step-2

• In Single Sign-On Settings:
  • Enable SAML
  • Create a new entry for SAML SSO settings with these values:

    ---

  • IdP (Identity Provider, in our case it is : Axiom): Name (Issuer) and Certificate - We want the SAML assertion provided by the IdP to be signed with that Cert. Salesforce needs public key to read that assertion. This way Salesforce will know it is coming from the trusted IdP.
    Issuer: in our case it is: https://axiomsso.herokuapp.com

    ---

  • Entity-ID: This the Salesforce URL with custom domain: in our case it is : https://mohansun-lx1-dev-ed.my.salesforce.com. This is also called as Audience

    ---

Step-2 - Contd.

• In Single Sign-On Settings:
• SAML Identity Type: Select it as: Assertion contains the Federation ID from the User object - Salesforce will look for Federation ID in the SAML assertion provided by IdP to have Federation ID and link that to the user in the login process

  ---

• SAML Identity Location: Select Identity is in the NameIdentifier element of the Subject statement - Salesforce will look for SAML Identity in the Subject statement

Step-2 - Contd.

• Save this SSO record. You will see important Endpoints about:
  • Login URL, Logout URL and OAuth2 Token Endpoint
  • In case Login URL will https://mohansun-lx1-dev-ed.my.salesforce.com?so=00Df40000003eOA
    Here url parmameter so stands for Saleforce Org
    In our case our org-id is :00Df40000003eOA, which will be the value for this url parameter.
    The SAML assertion will have elements to demote who will be Recipient and Destination of the IdP created assertion: Recipient="https://mohansun-lx1-dev-ed.my.salesforce.com?so=00Df40000003eOA"

    ---

    Destination="https://mohansun-lx1-dev-ed.my.salesforce.com?so=00Df40000003eOA"

Step-3

• Create Testing SAML Assertion (response) using Axiom:
  • Provide Username OR Federated ID: in our case it is joesimple@mohansun.org
  • Issuer: in our case: https://axiomsso.herokuapp.com
  • Recipient URL: in our case, our org so it is: https://mohansun-lx1-dev-ed.my.salesforce.com?so=00Df40000003eOA
  • Entity-ID: This the Salesforce URL with custom domain: in our case it is : https://mohansun-lx1-dev-ed.my.salesforce.com

    ---

  • Click the button Request SAML Response
  • If everyting goes well, our user Joe Simple will get logged into our Salesforce org

Demo

Demo - SAML Validator

References

• Single Sign-On Implementation Guide
• Set Up Single Sign-On for Your Internal Users
• Learn the Language of Identity