Salesforce

Introduction

You have to configure both Salesforce and Trustelem so as to align single sign-on parameters.

Access to Salesforce parameters

Trustelem Configuration

Select a certificate for this application
Choose to enable or disable automatic user provisioning
In the Salesforce administration console, find the parameter named « Salesforce Login URL » (starting with https://login.salesforce.com/?saml=<...>), and paste its value in the corresponding Trustelem field
Get the ProfileID corresponding the to profile that will be given to users created by automatic provisioning: open the profile details in the Salesforce console, the ProfileID is in the URL
Paste this value in the field named « User creation ProfileID » in Trustelem
Nota: Salesforce also allows to use directly the Profile name instead of its ID

Salesforce Configuration

On Salesforce single sign-on parameters panel, click on button « Edit »
In section « Federated Single Sign-On Using SAML »:
- Check option « SAML Enabled »
- Check option « User Provisioning Enabled »
- For parameter « SAML Version », select « 2.0 »
- For parameter « Issuer », input:
```
https://mydomain.trustelem.com/app/17XXX
```
- Download the certificate from Trustelem (.pem file) and select it as parameter « Identity Provider Certificate »
- For parameter « Identity Provider Login URL », input:
```
https://mydomain.trustelem.com/app/17XXX/sso
```
- For parameter « Identity Provider Logout URL », input:
```
https://mydomain.trustelem.com/app/17XXX/slo
```
- Let parameter « Custom Error URL » empty
- For parameter « SAML Identity Type », choose « Assertion contains the Federation ID from the User object »
- For parameter « SAML Identity Location », choose « Identity is in the NameIdentifier element of the Subject statement »
- For parameter « Entity ID », choose « https//saml.salesforce.com »
- For parameter « Service Provider Initiated Request Binding », choose « HTTP Redirect »
Click on button « Save »

Back to top