{"id":3830,"date":"2014-04-14T11:48:06","date_gmt":"2014-04-14T11:48:06","guid":{"rendered":"http:\/\/www.jitendrazaa.com\/blog\/?p=3830"},"modified":"2016-03-17T16:32:08","modified_gmt":"2016-03-17T16:32:08","slug":"step-by-step-guide-to-setup-federated-authentication-saml-based-sso-in-salesforce","status":"publish","type":"post","link":"https:\/\/www.jitendrazaa.com\/blog\/salesforce\/step-by-step-guide-to-setup-federated-authentication-saml-based-sso-in-salesforce\/","title":{"rendered":"Step by step guide to Setup Federated Authentication (SAML) based SSO in Salesforce – Video Tutorial"},"content":{"rendered":"

In this post, We will be dicussing how to setup\u00a0Federated SAML based Authentication in Salesforce.<\/p>\n

SAML <\/a>stands for “Security Assertion Markup Language” and it is Open standard for exchanging Authentication and Authorization between Systems. SAML based authentication is supported by all editions of Salesforce.<\/p>\n

User Validation can be initiated by any one of below two types:<\/p>\n

    \n
  1. Service Provider Initiated SSO<\/li>\n
  2. Identity Provider (IDp) initioated SSO<\/li>\n<\/ol>\n

    We are going to use Identity Provider Initiated SSO in this article. Means User will Login from Outside(IDp) and will be redirected to Salesforce (Service Provider). Identity Provider must follow Federated Authentication (SAML) standard\u00a0which should be deployed to DMZ<\/a> (URL should be publicly accessible on Internet) layer of your Organization. As a Salesforce developer you should assume that you will always get IDp URL which implements SSO and implements valid SAML response.\u00a0To Quickly start with this tutorial assume that your organization already deployed SAML based Authentication endpoint and for that we will be using great Heroku app available freely as open source named “AXIOM<\/a>“.<\/p>\n

    AXIOM is java based heroku application which implements SAML and can be used for testing \u00a0purpose to check whether SSO is working properly or not.<\/p>\n

    IDp Initiated Single Sign On :<\/strong><\/p>\n

    In IDp Initiated SSO, User Directly logins to Identity provider and IDp redirects user to proper Salesforce Instance with SAML assertion in request (Service Provider). If SAML assertion is valid then Salesforce validates that user successfuly.<\/p>\n

    \"IDp<\/a>
    Image 1 – IDp Initiated SAML Based Single Sign On<\/figcaption><\/figure>\n

    Step 1 : Enable My Domain<\/strong><\/p>\n

    First step is to enable “My Domain” in Salesforce. This functionality will provide a unique name to your salesforce Instance. It may take 24 hours to activate. Your Domain name must be unique and not used by someone else.<\/p>\n

    Step 2: Download Identity Provider Certificate<\/strong>
    \n<\/span><\/p>\n

    In this step we are going to get certificate from IDp. This certificate will be used by Salesforec to validate that client coming for user authentication is valid to avoid any unauthorized access to Service Provider (In our case it is Salesforce).<\/p>\n

    You can download certificate by navigating to Axiom application here<\/a>.<\/p>\n

    Step 3: Enable Single Sign On in Salesforce<\/strong><\/p>\n

    Navigate to “Setup | Security Controls | Single Sign-On Settings” and check “SAML Enabled” option.<\/p>\n

    Step 4 : Configure Single Sign On<\/strong><\/p>\n

    Once SAML is enabled, new section will appear on same page to create New “SAML Single-On Settings”.<\/p>\n

    Click on New Button and provide following informations<\/p>\n