# Salesforce #### Introduction * You have to configure both Salesforce and Trustelem so as to align single sign-on parameters. #### Access to Salesforce parameters * Login as administrator to * In section « **Administer** », click on « **Security Controls** » * Click on « **Configure single-sign on for your organization** » #### Trustelem Configuration * Select a certificate for this application * Choose to enable or disable **automatic user provisioning** * In the Salesforce administration console, find the parameter named « **Salesforce Login URL** » (starting with ***`https://login.salesforce.com/?saml=<...>`***), and paste its value in the corresponding Trustelem field * Get the **ProfileID** corresponding the to profile that will be given to users created by automatic provisioning: open the profile details in the Salesforce console, the **ProfileID** is in the URL * Paste this value in the field named « User creation ProfileID » in Trustelem * **Nota:** Salesforce also allows to use directly the Profile name instead of its ID #### Salesforce Configuration * On Salesforce single sign-on parameters panel, click on button « **Edit** » * In section « **Federated Single Sign-On Using SAML** »: * Check option « **SAML Enabled** » * Check option « **User Provisioning Enabled** » * For parameter « **SAML Version** », select « **2.0** » * For parameter « **Issuer** », input: ```exp https://mydomain.trustelem.com/app/17XXX ``` * Download the certificate from Trustelem (.pem file) and select it as parameter « **Identity Provider Certificate** » * For parameter « **Identity Provider Login URL** », input: ```exp https://mydomain.trustelem.com/app/17XXX/sso ``` * For parameter « **Identity Provider Logout URL** », input: ```exp https://mydomain.trustelem.com/app/17XXX/slo ``` * Let parameter « **Custom Error URL** » empty * For parameter « **SAML Identity Type », choose « Assertion contains the Federation ID from the User object** » * For parameter « **SAML Identity Location », choose « Identity is in the NameIdentifier element of the Subject statement** » * For parameter « **Entity ID** », choose « **`https//saml.salesforce.com`** » * For parameter « **Service Provider Initiated Request Binding** », choose « **HTTP Redirect** » * Click on button « **Save** »