- Log in to Salesforce.
- In the setup section, configure the following settings:
- Path to M-Pin SSO SAML issuer (IdP ID) – the path to the M-Pin SSO metadata file (accessed in the 'Global Settings' section of the SSO dashboard).
- The M-Pin SSO X.509 certificate – found under Global Settings > SSO information in the M-Pin SSO web console
- The entity ID URI of Salesforce as Service Provider – depends on whether you have a Salesforce subdomain
- The Salesforce certificate to use with M-Pin SSO
- Hashing algorithm for encrypted requests – either RSA-SHA1 or RSA-SHA256
- SAML Identity Type – user name (The Assertion contains User’s Salesforce user name setting, i.e. M-Pin SSO passes the Salesforce user name in SAML assertions.)
- SAML Identity Location – Subject (The Identity is in the NameIdentifier element of the Subject statement setting, i.e. the Salesforce Username or FederationIdentifier is located in the statement of the assertion.)
- The Single Sign-On service location URL of your M-Pin SSO System – found under Global Settings > SAML Metadata in the M-Pin SSO web console
In the M-Pin SSO web console:
- Under Integration, click on the + button next to Salesforce profiles.
The Add Salesforce profile page is displayed.
- Complete the required fields as follows and save the profile:
- Name: (required) – name of the profile, e.g. Sample Salesforce Profile
- LDAP Profile: – if you have LDAP profiles configured, they will be available in this drop-down
- Recipient URL: – IAM end point for the client app (if any)
- SSL Certificate for SP-initiated SSO: – the Salesforce certificate to use with M-Pin SSO (available from the setup section your Salesforce account, this is the certificate you have specified in the M-Pin SSO Identity Provider settings in your Salesforce Account); if you browse for the certificate file, the certificate will be uploaded and displayed in the field after selecting the Save button.
- Salesforce login URL: (required) – available in the M-Pin SSO Identity Provider settings in your Salesforce Account.
- The entity ID URI of Salesforce as Service Provider: (required) – as configured in the M-Pin SSO Identity Provider settings of your Salesforce account; depends on whether you have a Salesforce sub-domain.
After saving, the profile is displayed on the Salesforce profiles page.
From this point on, when your users visit the Salesforce service and enter an email address belonging to the profile just set up, Salesforce will detect that single sign-on is enabled and a password will no longer be necessary.