In this Article we will use one Salesforce Intense as Identity Provider and Other Salesforce Instance as Service provider.
Before Starting you have to decide which salesforce instance will act as Identity Provider and which will act as Service Provider.
Step 1: Enable Domain In Identity Provider Organization
From Click Domain Management | My Domain. Enter a new sub domain name, and click Check availability. If the name is available, click the term and condition box,Then click register domain.
Step 2: Enable Identity Provider
From Set up click Security controls | Identity Provider
Click Enable
Click "Download Certificate". Remember where you save the certificate , as you will upload it later.
Once you enable identity provider ,you will see page like below with Identity Provider related Information.
Image
In Above Image ,Issuer is Nothing But domain URL of Identity Provider Org.
Step 3: Enable Single Sign On in Service Provider Org
Now we have to go to other Salesforce Instance which is acting as Service Provider.
From Setup,Click "Security Controls | Single Sign-On Setting" then click Edit.
Select SAML Enabled check box.
We have to upload certificate download from Identity Provider to here in Service provider while declaring SSO related settings. we have to come back again here to setup "Identity Provider Login URL".
We will get this URL once we define Connected App in Identity Provider instance.
Use the following settings
Image
Step 4: Define Connected App in Identity Provider Instance
Log into the salesforce organization that act as the Identity provider.
From Setup.Click Create | Apps, then in the "Connected APP" Section , Click New
Specify the following information:
Connected App Name: Salesforce Service Provider
Contact Email :
Enable SAML: Select this option to enter service provider details.
Entity ID:
ACS URL:
Once you save, you should be able to see settings page something like shown below :
Image
NOTE: Once you define Connected App, We need to add which profiles should be able to access this app.
From above setting page ,copy url of "IDP-Initiated Login URL" and go back to SSO setting page of Service Provider and Add this URL.
Image
Step 5: Setting up Users
Everything is already at place, Lets start with user setup.
Copy one of User name from Identity Provider Instance to "Federation ID" fields of related user in Service Provider.
Example : In Identity Provider , ihave user "".Now in Service Provider i have user "" and want to relate this user. SO In federation ID filed of "" user, i will copy "".
Image
Testing Scenario :
To Test this, We need to inform salesforce that Instead of standard login page, Users have to use single sign on settings.
Image
Before Starting you have to decide which salesforce instance will act as Identity Provider and which will act as Service Provider.
Step 1: Enable Domain In Identity Provider Organization
From Click Domain Management | My Domain. Enter a new sub domain name, and click Check availability. If the name is available, click the term and condition box,Then click register domain.
Step 2: Enable Identity Provider
From Set up click Security controls | Identity Provider
Click Enable
Click "Download Certificate". Remember where you save the certificate , as you will upload it later.
Once you enable identity provider ,you will see page like below with Identity Provider related Information.
Image
In Above Image ,Issuer is Nothing But domain URL of Identity Provider Org.
Step 3: Enable Single Sign On in Service Provider Org
Now we have to go to other Salesforce Instance which is acting as Service Provider.
From Setup,Click "Security Controls | Single Sign-On Setting" then click Edit.
Select SAML Enabled check box.
We have to upload certificate download from Identity Provider to here in Service provider while declaring SSO related settings. we have to come back again here to setup "Identity Provider Login URL".
We will get this URL once we define Connected App in Identity Provider instance.
Use the following settings
Image
Step 4: Define Connected App in Identity Provider Instance
Log into the salesforce organization that act as the Identity provider.
From Setup.Click Create | Apps, then in the "Connected APP" Section , Click New
Specify the following information:
Connected App Name: Salesforce Service Provider
Contact Email :
Enable SAML: Select this option to enter service provider details.
Entity ID:
ACS URL:
Once you save, you should be able to see settings page something like shown below :
Image
NOTE: Once you define Connected App, We need to add which profiles should be able to access this app.
From above setting page ,copy url of "IDP-Initiated Login URL" and go back to SSO setting page of Service Provider and Add this URL.
Image
Step 5: Setting up Users
Everything is already at place, Lets start with user setup.
Copy one of User name from Identity Provider Instance to "Federation ID" fields of related user in Service Provider.
Example : In Identity Provider , ihave user "".Now in Service Provider i have user "" and want to relate this user. SO In federation ID filed of "" user, i will copy "".
Image
Testing Scenario :
To Test this, We need to inform salesforce that Instead of standard login page, Users have to use single sign on settings.
Image
No comments:
Post a Comment