Table of Contents
How do I integrate SAML with Salesforce as a service provider?
After you enable Salesforce as an identity provider, define a service provider by setting up a SAML-enabled connected app. Before integrating a service provider with Salesforce, enable your org as an identity provider and exchange SAML single sign-on (SSO) information with your service provider.
How do I integrate with Salesforce (SP)?
For Service Provider (SP)-initiated access, refer to Salesforce (SP-initiated) Integration Guide 1. Have a Salesforce account 2. Create a New Realm for the Salesforce integration 3. Configure the following tabs in the Web Admin before configuring the Post Authentication tab:
How do I add a Salesforce ID to the SecureAuth IDP property?
In the Profile Fields section, map the directory field that contains the user’s Salesforce ID to the SecureAuth IdP Property For example, add the Salesforce ID Field to the Email 2 Property if it is not already contained somewhere else Click Save once the configurations have been completed and before leaving the Data page to avoid losing changes
How do I set up SAML2 (IdP initiated) authentication?
Select SAML 2.0 (IdP Initiated) Assertion Page from the Authenticated User Redirect dropdown in the Post Authentication tab in the Web Admin 3. An unalterable URL will be auto-populated in the Redirect To field, which will append to the domain name and realm number in the address bar (Authorized/SAML20IdPInit.aspx)
Prerequisites
If you haven’t already done so, sign up for a free Developer Edition account. This article uses the Salesforce Lightning Experience.
Create a self-signed certificate
If you don’t already have a certificate, you can use a self-signed certificate. A self-signed certificate is a security certificate that is not signed by a certificate authority (CA) and doesn’t provide the security guarantees of a certificate signed by a CA.
Create a policy key
You need to store the certificate that you created in your Azure AD B2C tenant.
Add a claims provider
If you want users to sign in using a Salesforce account, you need to define the account as a claims provider that Azure AD B2C can communicate with through an endpoint. The endpoint provides a set of claims that are used by Azure AD B2C to verify that a specific user has authenticated.
Add a user journey
At this point, the identity provider has been set up, but it’s not yet available in any of the sign-in pages. If you don’t have your own custom user journey, create a duplicate of an existing template user journey, otherwise continue to the next step.
Add the identity provider to a user journey
Now that you have a user journey, add the new identity provider to the user journey. You first add a sign-in button, then link the button to an action. The action is the technical profile you created earlier.
Configure the relying party policy
The relying party policy, for example SignUpSignIn.xml, specifies the user journey which Azure AD B2C will execute. Find the DefaultUserJourney element within relying party. Update the ReferenceId to match the user journey ID, in which you added the identity provider.