• Home
• Login with External IDP
• Salesforce as IDP Setup Guide

Single Sign-On (SSO) for Apps Using Salesforce as IDP

---

Configure Salesforce as IDP to Single Sign-On (SSO) into multiple applications by loging using Salesforce as Identity Provider. Here, users can login to all applications (SPs) using their Salesforce login credentials by configuring Salesforce as an Identity Provider (IdP). miniOrange will act as an Identity Broker which forms a trusted connection between IDP and multiple SPs by enabling cross-protocol authentication. This provides easy and secure login access to users by using only one set of login credentials.

Prerequisites

• You must have an active Salesforce account.
• You must be registered with miniOrange and have your branding set up.

Follow the Step-by-Step Guide given below to Configure Salesforce as an Identity Provider (IDP)

Mentioned below are steps to configure Salesforce as IDP via SAML and OAuth configuration. Follow the steps accordingly based on your requirement (SAML or OAuth).

1. Retrieve Configuration Details from miniOrange

• SAML
• OAuth

• Go to miniOrange Admin Console and click on Setup button within the Add Identity Source card.



• Click on Add IDP button.



• Now click on the Click here link to get miniOrange metadata as shown in Screen below.



• For SP initiated SSO section Select Show Metadata Details.



• Copy ACS URL and SP Entity ID for future use.

• Go to miniOrange Admin Console.
• From the left navigation bar select Identity Provider.
• Click on Add Identity Provider button at top right corner.



• Click on Oauth and copy the OAuth Callback URL.

2. Configure Salesforce as an Identity Provider

• SAML
• OAuth

• Log in to Salesforce Portal to access the dashboard.



• Click the gear icon in the top-right corner and select Open Advanced Setup.



• From the left panel, select Settings Tab and navigate to Identity >> Identity Provider.



• Click on Enable Identity Provider button. After enabling the Identity Provider, you should be able to see Salesforce metadata endpoints and certificate details.



• In the Service Provider section, click on the link to create the Service Provider using Connected Apps.



• Enter Connected App Name, API Name and Contact Email.



• Under Web App Settings, check the Enable SAML checkbox.
• For Basic SAML configuration, you need to paste ACS URL and SP Entity ID copied in the previous step from miniOrange and click on Save.



• Click on Manage.



• After completing connected app setup you will be redirected to your connected app.
• Now Under Profiles section, click on Manage Profiles button.



• Under the Profiles section, click on the Manage Profiles button and select the profiles you want to give access to login through this app.
  [⚠️Note: If you want to test connection using administrator account you need to check System administrator.]



• Under SAML Login Information, click on Download Metadata button to download the IDP metadata.

• Now, Login to your SalesForce portal in a new tab to access the dashboard.



• Click the gear icon in the top-right corner and select Open Advanced Setup.



• Search for apps in search bar at top left corner and navigate to App Manager >> New Connected App button at top right corner.



• Select Create a Connected App and click on Continue.



• You will be taken to the application settings page. Enter the required details such as Connected App Name, API Name and Contact Email.



• Check the Enable OAuth Settings under API(Enable OAuth Settings) section and you will be shown more options to configure.
• Paste the Callback uri copied earlier from the previous step and select the Scopes as required, uncheck Required Proof Key for Code Exchange and save the settings.



• Scroll down and click Save.
• You will be taken to the Application Management page. Under Api section, Click on Manage Consumer Details.



• Here, you will find Consumer key (Client ID) and Consumer Secret (Client Secret). Copy these Consumer key and Consumer Secret.

3. Configure miniOrange as the Service Provider

• SAML
• OAuth

• From the left navigation bar select Identity Provider
• Click on Add Identity Provider button.



• Select SAML. Click on Import IDP metadata.



• Choose an appropriate IDP name. Browse for the file we downloaded in the previous step and Click on Import.



• Select the appropriate option from the SSO Binding dropdown according to the URL you are configuring. (Default value is HTTP-POST)



• Click on Save and you will be redirected back to the Identity Providers page.

• Now come back to miniOrange Dashboard.
• From the left navigation bar select Identity Provider.



• Select Oauth.



• Enter the following values.

IdP Name	Salesforce
IdP Display Name	Choose appropriate Name
Client ID	Consumer key from step 2
Client Secret	Consumer secret from step 2
Scope	email profile openid

• Click on Save.
• You will be redirected back to the Identity Providers page.

4. Test Salesforce IDP Connection

⚠️ Wait for 10 mins before testing the connection. Changes can take up to 10 minutes to take effect.

• Go to Identity Providers tab.
• Click on Select>>Test Connection option against the Salesforce Identity Provider you configured.





• On entering valid Salesforce credentials you will see a pop-up window which as shown in below screen.



• Hence your configuration of Salesforce as IDP in miniOrange is successfully completed.

External References

• Know More about Single Sign On (SSO)
• Configure Salesforce Single Sign-On (SSO)
• SP-Initiated v/s IdP-Initiated SSO
• Configure Scim Provisioning for Salesforce Apps