This guide describes the whole process of configuring Salesforce and HelloID. If the domain has already been added to Salesforce you can skip ahead to step 13.
1. Go to Salesforce as the system admin and press Setup in the top right corner
2. Enter Identity in the search window and select the Identity Provider in the results
3. Press Configure a Domain Name
4. Enter the domain name and press Register domain
5. The registration will take some time, wait until this has finished
6. Press Login
7. Deploy the new domain to the users
8. Press OK to proceed deployment of the new domain
If you have already enabled Salesforce as an identity provider, the steps 9 until 11 can be skipped
9. Go to Identity > Identity Provider and enable Salesforce as an identity provider
10. Choose the default certificate and press Save
11. Press OK to proceed enabling Salesforce as an identity provider
12. Go to Identity > Identity Provider and download the Metadata
13. Go to the HelloID portal, log on as an Administrator and go to the management portal. Go to Settings> Certificates and press Create Self-Signed Certificate to create or Import Certificate to import a Certificate. In this guide we will create a Certificate
14. Enter the fields for the new certificate and press Save to continue. See document “How to use certificates” for more information about creating and using certificates.
15. Go to Security > Authentication > Identity Providers and press Create Provider
16. The Identity Provider Catalog will open, Add the Salesforce SAML Identity Provider
17. Enable JIT. View a complete configuration reference here.
18. Press Configuration
18. Open the Metadata file (downloaded at step 12)
Enter the following required settings and press Save. You may configure other optional settings as desired.
- Issuer: This will be set in by the template, check if it has a / at the end (<Portal URL>/)
- Login URL: HTTP-Redirect URL from the Metadata
- Binding: This will be set in by the template to Redirect
- Request Certificate: select the created Salesforce certificate (see step 14)
- Logout URL: <Salesforce URL>/secur/logout.jsp
19. Now switch back to Salesforce and press Service Providers are now created via Connected Apps. Click here
20. Enter the following fields and press Save
- Connected App Name: Use a recognizable name for the App
- Api Name: Same as “Connected App Name”
- Contact Email: Enter a contact Email for the App
- Enable SAML: Enable this option
- Entity URL: URL of the HelloID portal (There needs to be a / at the end of the URL)
- ACS URL: Enter the Consumer ID, from Identity Provider - Portal Information (see step 17)
21. Press Manage
22. Scroll down a bit and press Manage Profiles under Profiles to add profiles to the HelloID app
23. Select the profile which you want to grant access to be able to login to HelloID and press Save
24. The configuration has finished and can be tested by entering the portal URL. Instead of the showing the HelloID login you will be redirected to the Salesforce login page.
25. All users in the application profiles (configured at step 23) will be able to login.