Skip to main content

HelloID

Salesforce SAML application setup
Important

Some URLs and parameters are case sensitive. If not entered correctly, configurations may not work.

1. Login as Administrator in the HelloID Portal and press manage portal. Go to Settings > Certificates and press Create Self-Signed Certificate to create a Certificate for Salesforce. See How to use certificates for more information about creating and using certificates.

2. Open the created certificate.

salesforce_2.png

3. Download the Certificate for use in the Salesforce configuration.

salesforce_3.png

4. Go to Applications > Applications and press Open application catalog

salesforce_4.png

5. Search for Salesforce SAML and press Add

salesforce_5.png

6. Enter the correct environment name in the URL in and press Next

salesforce_6.png

7. Select the Salesforce certificate (see step 3). Press Next to continue

salesforce_7.png

8. These settings do not have to be changed. Press Next to continue

salesforce_8.png

9. Here it’s possible to configure a self-service product. Press Next to continue

salesforce_9.png

10. Press Save to add the application to the dashboard

salesforce_10.png

11. Now open the Salesforce application by pressing Edit in the application overview

salesforce_11.png

12. Press Download metadata

salesforce_12.png

13. Open the metadata file a texteditor like notepad and copy the location.

salesforce_13.png
salesforce_13a.png

14. Login to the Salesforce portal and select Setup

salesforce_14.png

15. Search for Single Sign-On Settings and select the page

salesforce_15.png

16. Press Edit

salesforce_16.png

17. Check the SAML Enabled box and press Save

salesforce_17.png

18. Press the New button

salesforce_19.png

19. Enter the following fields and press Save

  • Name: Enter a name for the Federation

  • API Name: By default same as Name

  • Issuer: The URL of your Salesforce Environment

  • Entity ID: The URL of your HelloID Environment

  • Identity Pro Certificate: Select the Certificate (step 3)

  • Request Sign Certificate: Default

  • Request Sign Method: Default

  • Assertion Decr cert: Not encrypted

  • SAML Identity Type: Assertion contains User’s salesforce.com username

  • SAML Identity Location: Identity is in the NameIdentifier element…

  • Service Provider Init: HTTP Post

  • Identity Provider login: The location copied at step 13

salesforce_18.png

20. Copy the Salesforce Login URL

salesforce_20.png

21. Paste the Salesforce Login URL in the Salesforce configuration > Endpoint URL value and enter the Salesforce URL in the Issuer value. Enter in the Extra audience value the “<portal url>” and press Save to finish the configuration.

salesforce_21.png

22. At first use the user needs to enter and verify their email address. When the verification is finished the user will be logged in to Salesforce.

The credentials can be prepopulated by configuring step 8 of this guide or by using the API “Create Credential Set”.