Configuring SAML > Salesforce
Note: Single Sign-On may not be available in your plan. Please contact your Advocacy Coach to learn more.
This article will cover how you can configure SAML SSO for your AdvocateHub using Salesforce. This provides your Advocates with a seamless, easy way to enter your hub once they are logged into a Salesforce app, for example, Salesforce Community.
This article will cover:
Configuration In Salesforce
You must be an logged into Salesforce as an Administrator to complete these actions.
1. SP-Initiated SAML requires you to customize your Salesforce domain to something that is specific to your company. To do this navigate to Setup > Domain Management > My Domain. You will see a page like the below:
2. Enter a name of your choice for your domain and make sure it is available and then register the domain. You will receive an email from Salesforce when they have completed updating their naming registries. We will need this new customized domain name later on.
3. Now we will enable the ability for Salesforce to accommodate SAML. Navigate to Setup > Security > Controls > Single Sign-On Settings.
Configure SSO Settings
4. On the Single Sign-On Settings click edit. Check the SAML Enabled checkbox.
5. Staying on that same page, click the 'new' button in the SAML Single Sign-On Settings section.
6. Fill out the required fields as per the below table:
|Name||Whatever you like|
|Issuer||The URL you set as your custom domain in step 2|
|Identity Provider Certificate||Generate or upload your certificate. Check out this Salesforce article on how to generate a certificate|
|API Name||Whatever you like|
|SAML Identity Type||Assertion contains the User's Salesforce username|
|SAML Identity Location||Identity is in the NameIdentifier element of the Subject statement|
|SP Initiated Request Binding||HTTP POST|
7. Click save
Create Connected App
8. Create an app in Salesforce by going to Build > Create > Apps
9. Scroll down to the Connected Apps section and click the new button.
10. You should be greeted with an initial setup page where you can fill out the Basic Information section as you please. The other section we need to concern ourselves with here is Web App Services, check the Enable SAML box
11. Fill out the field and information according to the table below (Ignore if not mentioned)
|ACS URL|| https://
12. Save your app, you will get a notification saying that it should take 2-10 minutes for the changes to take effect. Click continue.
13. Finally, we need to map our Attributes. Scroll down to the bottom of the page to the Custom Attributes section. Click new to create a new Attribute and create 3 attributes as per below:
14. That is it! Our app is created and now we have the information to complete the configuration in AdvocateHub
Configuration in AdvocateHub
For the configuration on the AdvocateHub side, we need 2 pieces of information, the SSO Endpoint URL and the SSO Fingerprint.
1. To retrieve the SSO Endpoint URL head back to your Connected App you created and locate the SAML Login Information section of the app. Copy the SP-Initiated Redirect Endpoint URL to your clipboard:
Copy this to your clipboard and open up your AdvocateHub. Navigate to Settings > Login/Security and paste it in the SSO Endpoint URL field:
2. Finally we need the SSO Fingerprint, we need to derive this from your certificate.
I like using this tool but feel free to use another one if you like. We need to copy the contents of your certificate to your clipboard as below (without the Begin Certificate and End Certificate)
Paste the contents into our tool like below, select sha256 as your algorithm and click Calculate
This should populate both Fingerprint fields as you can see below. Both of these are the same and both will work equally well. Copy one of these to your clip board and head back to Navigate to Settings > Login/Security in your AdvocateHub settings
Your settings should looks something the below. Save these and we should be all set!