In order to set up the Salesforce SSO SAML application on AppsCo, you will need:
- AppsCo Business
- Salesforce Classic or Salesforce Lightning Experience
NOTE: We always suggest that you login to your Salesforce and AppsCo admin accounts also in another browser, in order to avoid getting locked out in case of settings misconfiguration.
Additional Note: We suggest that you read the documentation in the Salesforce knowledge base regarding this setup as well as it might help you understand the prerequisites you need in order to set up this functionality.
1. Go to your AppsCo company resources page.
2. Click Add, and then choose SSO Application from the drop-down menu.
3. Search for Salesforce, and click on the card to add the application to your company's resources.
4. You'll need to enter information about the service provider - Salesforce in order to add the SSO SAML resource. Some of the required information (such as ACS URL) can be found in your Salesforce settings.
Under SAML Issuer enter: https://appsco.com
Under Domain registered at SP enter: your Salesforce sub-domain. For example, if your Salesforce instance URL is: https://yourcompany.salesforce.com you should enter only yourcompany.
Under ACS URL: You will find this value under your org’s SAML settings - it is the Salesforce Login URL (also known as the “Salesforce ACS URL”). Copy this URL to AppsCo. (If unsure where to find it, consult the Salesforce Help article mentioned above). Once you're done, click ''Add'' to create the resource. It will show up on the resources list.
5. Now, click the ''Edit'' button on the Salesforce SSO SAML resource in order to access the information you will need to copy to the service provider (Salesforce) and complete the setup.
6. AppsCo IdP Information card contains all the information you must provide to Salesforce in order to set up the SSO SAML integration.
In Salesforce, from Setup, enter Single Sign-On Settings in the Quick Find box, then select Single Sign-On Settings.
On the Single Sign-On Settings page, click Edit:
Mark the checkbox for SAML Enabled. You must enable SAML in order to be able to view the SAML single sign-on settings. Click Save.
Then, click New and enter the settings.
Note: You can leave the default values unless noted otherwise.
Name: AppsCo (Salesforce inserts the corresponding API Name value in the field to the right, which you can customize if necessary.)
Specify the SAML version - Make sure it is set to 2.0 - it should be so by default.
Issuer: Copy the value under Entity ID available in AppsCo
Identity Provider Certificate: Download the file under Certificate available in AppsCo and upload it here.
Identity Provider Login URL: Copy the value under Sign in URL in AppsCo.
Identity Provider Logout URL: Copy the value under Sign out URL in AppsCo.
Custom error URL: Copy the value under the Error URL in AppsCo.
The Entity ID field to the right:
- If you use a custom domain set up in Salesforce, use https://[customDomain].my.salesforce.com
- If you do not use a custom domain setup, use https://saml.salesforce.com
You will see a preview of all the settings. In the Endpoints section, copy the entire Login URL.
Then, go back to AppsCo and on the Manage Resource page for your Salesforce SSO SAML app, click Manage on the Settings card.
Paste the Login URL from the Endpoints section in Salesforce under ACS URL and click Save to save your settings.
Your Salesforce SSO SAML application is now set up. The last step is to assign the application with the users.
Click on the Share button in the top left corner.
Select the users or the groups you wish to assign this resource to by clicking on the profile image icon. Click Share to share the resource. Please note that the SSO SAML applications can only be shared to managed users.
For the user to be able to use Salesforce SSO SAML application a matching username (email) must exist in the Salesforce instance and in AppsCo instance.
Once the resource is shared, it will show up on the user's company dashboard. By clicking on the icon, the user will be authenticated and logged in automatically to Salesforce without entering any credentials.
If you have any questions, please send us an email to firstname.lastname@example.org