Salesforce Introduction You have to configure both Salesforce and Trustelem so as to align single sign-on parameters. Access to Salesforce parameters Login as administrator to https://login.salesforce.com In section « Administer », click on « Security Controls » Click on « Configure single-sign on for your organization » Trustelem Configuration Select a certificate for this application Choose to enable or disable automatic user provisioning In the Salesforce administration console, find the parameter named « Salesforce Login URL » (starting with https://login.salesforce.com/?saml=<...>), and paste its value in the corresponding Trustelem field Get the ProfileID corresponding the to profile that will be given to users created by automatic provisioning: open the profile details in the Salesforce console, the ProfileID is in the URL Paste this value in the field named « User creation ProfileID » in Trustelem Nota: Salesforce also allows to use directly the Profile name instead of its ID Salesforce Configuration On Salesforce single sign-on parameters panel, click on button « Edit » In section « Federated Single Sign-On Using SAML »: Check option « SAML Enabled » Check option « User Provisioning Enabled » For parameter « SAML Version », select « 2.0 » For parameter « Issuer », input: https://mydomain.trustelem.com/app/17XXX Download the certificate from Trustelem (.pem file) and select it as parameter « Identity Provider Certificate » For parameter « Identity Provider Login URL », input: https://mydomain.trustelem.com/app/17XXX/sso For parameter « Identity Provider Logout URL », input: https://mydomain.trustelem.com/app/17XXX/slo Let parameter « Custom Error URL » empty For parameter « SAML Identity Type », choose « Assertion contains the Federation ID from the User object » For parameter « SAML Identity Location », choose « Identity is in the NameIdentifier element of the Subject statement » For parameter « Entity ID », choose « https//saml.salesforce.com » For parameter « Service Provider Initiated Request Binding », choose « HTTP Redirect » Click on button « Save »