Open two Salesforce orgs.
One Salesforce org in Firefox which we can consider as Identity Provider and the org that to be opened in Chrome is considered as Service Provider.
Setup the Identity Provider org first.
1. In setup search, type my domain.
2. If you don't have the Domain enabled, Please create my domain.
3. Once my domain feature is enabled, we need to go to Identity provider option which is found under Administrator Security Controls.
We have to setup the Identity provider since the domain is enabled.
4. In order to get this org to work as Identity Provider, we have to click on Enable Identity Provider.
5. Here it will ask to have the certificate.
6. If you don’t have the Certificate, we can do that from Certification and key management.
7. Here Identity provider is configured and issuer is generated.
8. This is to be used in providing Service Provider;
Next step is to create a Connected App for the Service Provider
9. We have to click on the link --- "Service Providers are now created via Connected Apps. Click here."
10. Give the name – Unique
11. URL for group IMAGE and ICON url.
12. Enable SAML. Once we enable SAML we will get the bunch of fields that need to be configured.
13. Entity ID --> here the Service Provider is Salesforce so.. it should be https://saml.salesforce.com
14. ACS URL --> Assertion consumer service ----> we will be getting this information when we set the Service Provider.
15. Under Subject Type -- Give Federation ID.
16. Change the Name ID format to SAML2.0
17. Issuer will be prepopulated from provider.
18. Hit SAVE
19. Click on MANAGE...
20. This should show us the IDP initiated Login URL.
21. Copy this and that should be used in Configuring Service provider.
22. Make sure that our profile has the permission for our connected app. For doing this Click on Manage Profiles.
Move over to the Service Provider org and Configure
1. In Service Provider ORG, setup--> search for Single Sign on and Enable SAML for this ORG and Create a single sign on settings for the Identity provider. Ã Click on NEW
2. Give the Name.
3. Issuer should be the Identity provider URL. which we copied earlier
4. Entity ID --> should be https://saml.salesforce.com
5. Certificate should be the certificate that is created in Identity Provider...
6. SAML Identity Type -- Since we selected Federation ID -- We need to choose the second Option.
7. Identity Provider Login URL should IDP initiated Login URL.
8. Save it.
9. We do see salesforce Login URL and that has to be considered as ACS URL in Identity Provider
In Identity Provider org --> connected app -- ACS URL
In Identity Provider org -- Go to settings--> Advanced User settings --> Federation ID with our Username
Setup the same in Service provider ORG
In Identity Provider org --> Switch the app to APP launcher --> If we give the START URL in Connected app, we will show up the APP here
So, we can give the START url with the Accounts Tab URL.
Now it shows my app here in Identity Provider APP.
On clicking it, we will be navigated to the Other ORG (Service Provider).
0 Comments