Configuring SAML > Salesforce

Note: Single Sign-On may not be available in your plan. Please contact your Advocacy Coach to learn more.

This article will cover how you can configure SAML SSO for your AdvocateHub using Salesforce. This provides your Advocates with a seamless, easy way to enter your hub once they are logged into a Salesforce app, for example, Salesforce Community.


Configuration In Salesforce

You must be an logged into Salesforce as an Administrator to complete these actions.

Setup Domain

1. SP-Initiated SAML requires you to customize your Salesforce domain to something that is specific to your company. To do this navigate to Setup > Domain Management > My Domain. You will see a page like the below:

2. Enter a name of your choice for your domain and make sure it is available and then register the domain. You will receive an email from Salesforce when they have completed updating their naming registries. We will need this new customized domain name later on.

3. Now we will enable the ability for Salesforce to accommodate SAML. Navigate to Setup > Security > Controls > Single Sign-On Settings.

Configure SSO Settings

4. On the Single Sign-On Settings click edit. Check the SAML Enabled checkbox.

5. Staying on that same page, click the 'new' button in the SAML Single Sign-On Settings section.

6. Fill out the required fields as per the below table:

Field Name Value
Name Whatever you like
Issuer The URL you set as your custom domain in step 2
Identity Provider Certificate Generate or upload your certificate. Check out this Salesforce article on  how to generate a certificate
API Name Whatever you like
Entity ID https://saml.salesforce.com
SAML Identity Type Assertion contains the User's Salesforce username
SAML Identity Location Identity is in the NameIdentifier element of the Subject statement
SP Initiated Request Binding HTTP POST

7. Click save

Create Connected App

8. Create an app in Salesforce by going to Build > Create > Apps

9. Scroll down to the Connected Apps section and click the new button.

10. You should be greeted with an initial setup page where you can fill out the Basic Information section as you please. The other section we need to concern ourselves with here is Web App Services, check the Enable SAML box

11. Fill out the field and information according to the table below (Ignore if not mentioned)

Fields Values
Entity ID Influitive-AdvocateHub
ACS URL https:// insert_subdomain_here.influitive.com/saml/consume

12. Save your app, you will get a notification saying that it should take 2-10 minutes for the changes to take effect. Click continue.

13. Finally, we need to map our Attributes. Scroll down to the bottom of the page to the Custom Attributes section. Click new to create a new Attribute and create 3 attributes as per below:

14. That is it! Our app is created and now we have the information to complete the configuration in AdvocateHub


Configuration in AdvocateHub

For the configuration on the AdvocateHub side, we need 2 pieces of information, the  SSO Endpoint URL and the SSO Fingerprint.

1. To retrieve the SSO Endpoint URL head back to your Connected App you created and locate the SAML Login Information section of the app. Copy the SP-Initiated Redirect Endpoint URL to your clipboard:

Copy this to your clipboard and open up your AdvocateHub. Navigate to Settings > Login/Security and paste it in the SSO Endpoint URL field:

2. Finally we need the SSO Fingerprint, we need to derive this from your certificate.

I like using  this tool but feel free to use another one if you like. We need to copy the contents of your certificate to your clipboard as below (without the Begin Certificate and End Certificate)

Paste the contents into our tool like below, select sha256 as your algorithm and click Calculate

This should populate both Fingerprint fields as you can see below. Both of these are the same and both will work equally well. Copy one of these to your clip board and head back to Navigate to  Settings > Login/Security in your AdvocateHub settings

Your settings should looks something the below. Save these and we should be all set!

Still need help? Contact Us Contact Us