Documentation

Table of Contents

Other Resources

Versions Compared

Old Version 27

changes.mady.by.user Daralee Ota

Saved on

compared with

New Version Current

changes.mady.by.user Sheila Morgan-DeChellis

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Configure an application integration

Click Application Manager under APPLICATIONS on the left pane to add a Salesforce app or modify the integrated application.

Image Removed

 

...

Application Manager

1. Click Add an Application.

Image Removed

Add Application

2. Select Salesforce from the application template library.

Image Removed

Application Details

3. Provide information to identify this application in the Application Manager:

...

This topic covers how to integrate the Salesforce application in SecureAuth IdP to securely allow the right user access to Salesforce applications in your organization. 

  1. On the left side of SecureAuth IdP page, click Application Manager.
    Image Added
  2. Click Add an Application.  
    The application template library appears. 
    Image Added
  3. From the list of application templates, search and select Salesforce
    Image Added

  4. On the Applications Details page, set the following configurations. 

    Borderless_tables
    Application NameName is prefilled by default; you can optionally change the application name. This displays on the Application Manger list and on the Application Settings page. 

b. Application Description – appears beneath the Application Name on the Application Settings page.

c. Upload a logo – the Salesforce logo by default appears in this field. This logo precedes the Application Name in the Application Manager list, and appears on the login page, if pertinent to the configuration.

4. Type the name of the Data Store to be connected to this application – when the list appears, select the data store from the dropdown.

Do this for each data store to be connected to this application.

5. Identify Groups that can log on this application:

Enter each group name, or

Enable access to all groups in data stores to be connected to this application.

6. Click Continue.

Image Removed

Connection Settings

7. Under CONFIGURE CONNECTION, select the Connection Type to be used in the authentication request:

SP Initiated (Redirect), or

IdP Initiated

Image Removed

8. Under USER ID MAPPING, select the User ID Profile Field mapped to the property containing the end-user's ID from the Salesforce application.

Image Removed

...

  1. Application DescriptionEnter descriptive name about this application integration.
    Upload logoOptional. Click Upload to change the logo.
    Data StoresEnter the data stores to to authenticate and allow user access for this application. Start typing to bring up a list of data store names. You can enter more than one data store. 
    Groups

    Use one of the following options: 

    • Slider in the On position (enabled): Allow users from every group in your selected data stores access to this application.
    • Slider in the Off position (disabled): Enter the specific groups who are allowed access to this application. 

    Image Added

  2. Click Continue
    The Connection Settings page appears.

  3. In the Configure Connection section, set the following configuration. 

    Borderless_tables
    Connection Type

    Select one of the following: 

    • SP Initiated (Redirect) – Starts the login process at the service provider /  application, then redirects the user to SecureAuth IdP for authentication, and upon successful authentication, it finally asserts the user back to the application.   
    • IdP Initiated – Starts the login process at SecureAuth IdP, and upon successful authentication, asserts the user to the application. 

    Image Added

  4. In the User ID Mapping section, set the following configuration. 

    Borderless_tables
    User ID Profile FieldSelect the profile field in your data store that contains the user IDs. 

    Image Added

  5. In the SAML Assertion section, set the following configurations. 

    Borderless_tables
    Salesforce Login URL

    Set the Salesforce login URL endpoint to https://login.salesforce.com

...

  1.  and include the ID number from Salesforce. 

    For example

...

  1. : https://login.salesforce.com?so=XXXXXXXXXXX

...

  1. UI Text Box
    sizemedium
    typenote

    You can find this setting in the Salesforce admin console

...

  1. under the Endpoints section of the Security Controls > Single Sign-On Settings

...

  1. .

...

  1. To use a custom domain in Salesforce,

...

  1. copy the full URL from Salesforce, including the ID, and paste

...

  1. it into this field. 

...

  1. SAML Issuer

...

  1. A unique name that must match exactly on the SecureAuth IdP side and the Salesforce side.

...

  1. This helps the Salesforce application identify SecureAuth IdP as the SAML issuer. 
    SAML Valid Hours

...

  1. Indicate in hours and minutes, how long the SAML assertion is valid.

...

  1. The default setting is one hour, but for more sensitive application resources, the recommended value is between one to five minutes.

...

  1. Sign SAML Message

...

To use a third-party certificate (instead of the default SecureAuth IdP certificate) to sign the SAML Message:

...

  1. Move the slider to enable or disable signing of the SAML message. 
    IdP Signing CertificateClick Select Certificate, choose the IdP

...

  1. signing certificate to use, and then

...

  1. click Select

...

  1. to close the

...

  1. box.

...

  1.   
    IdP Signing Certificate Serial NumberWhen you select an IdP signing certificate, the serial number populates this field. 

...

  1. Signing Algorithm

...

  1. The signing algorithm digitally signs the SAML assertion and response. 

...

  1. Choose the signing algorithm –  SHA1 or SHA2 (slightly stronger encryption hash and is not subject to the same vulnerabilities as SHA1). 

...

  1. Image Added

...

  1. If

...

  1. more information from the directory needs to be sent in the assertion,

...

  1. in the SAML Attributes section, click Add SAML

...

  1. Attribute and set the following configurations.

    Borderless_tables
    Attribute Name

    Provide the attribute name from the directory to which identifies the user to the application.

...

  1. For example, givenname

    Data Store Property

...

  1. Select the data store property which maps to this directory attribute.

...

  1.  

    For example, First Name

    Namespace (1.1)

...

  1. Set the authorization URL to tell the application which attribute is being asserted.

...

Follow the sub-steps above for each SAML attribute you add.

...

  1.  

    Image Added

  2. Click Add Application.

...

Image Removed

  1.  
    After saving the application, the Information for Service Providers

...

  1. page appears. 
    Image Added

  2. To complete the integration and establish a working connection with SecureAuth, provide the following information as required to the service provider.

    Borderless_tables
    Login URL, Logout URL, IdP IssuerClick Copy to Clipboard to copy SecureAuth IdP realm information and paste it in the corresponding field on the service provider user interface, as required. 

16. View information about the SecureAuth IdP signing certificate, and download the certificate.

17. Click Continue to Summary to review and edit the configuration.

Or click Download Metadata to download the file you created.

Image Removed

 

...

1. Review Application Settings.

NOTE: From this page you can click Back to Application Manager to return to the Application Manager list.

2. Test the application page you created by clicking the link beneath the Application Name ("Salesforce" in this example).

3. Click the pencil icon to make any necessary edits to these configuration pages:

Application Details.

User Data Store And Groups.

Connection Settings.

4. Click Update Settings on each edited page.

5. Click the pencil icon to configure any of these application settings on Classic Experience tabs:

Workflow.

Multi-Factor Methods.

Adaptive Authentication.

6. Save settings on each tab.

7. Return to the New Experience, and click Update to see the updated settings on the Summary page.

8. Access the Information for Service Providers page to obtain links, the signing certificate, and metadata file.

Image Removed

 

...

  1. IdP Signing CertificateDownload the IdP Signing Certificate. 
    Download Metadata

    To download the metadata file: 

    1. Click Download Metadata.
    2. Enter the Domain name to the SecureAuth IdP appliance URL or IP address.
      For example

...

    1. , https://secureauth.company.com

...

    1.  or https://111.222.33.44
      Image Added

...

    1. Click Download to get the configuration file. 

...

    1. Upload the file to

...

    1. the service provider.

...

Image Removed

...

The added application appears on the Application Manager list.

Image Removed

 

    1.  

  2. Click Continue to Summary to review the application settings.  
    Image Added
  3. Click Back to Application Manager to find the application added to the list.