Overview
The application template provides the ability to enable single sign-on for users accessing the Salesforce application through SafeNet Trusted Access.
The following use cases can be configured for Salesforce:
•SP-initiated SSO
•IdP-initiated SSO
•Just In-time Provisioning
•Single Log Out
Configuring SafeNet Trusted Access for Salesforce is a three-step process:
1.Salesforce setup
2.SafeNet Trusted Access setup
3.Verify authentication
Salesforce Setup
As a prerequisite, download the Identity Provider metadata from the SafeNet Trusted Access console by clicking the Download Metadata button. You will need this metadata in one of the steps below:
Perform the following steps to configure SafeNet Trusted Access as your Identity Provider in Salesforce:
1.Log in to Salesforce as an administrator using the URL “https://login.salesforce.com/”.
2.On the Home page, in the left pane, under Administer, click Security Controls, and then click Single Sign-On Settings.
3.In the right pane, under Single Sign-On Settings, click Edit.
4.Under Federated Single Sign-on Using SAML, select the SAML Enabled checkbox, and then click Save.
5.Under SAML Single Sign-On Settings, click New from Metadata File.
6.On the SAML Single Sign-On Settings page, click Choose File to search and select the Identity Provider (idp) metadata file that you downloaded earlier from the SafeNet Trusted Access Console.
7.In the Custom Logout URL field, enter the URL where you want to redirect the user after the logout (for example, “<Salesforce Login URL>”).
9.Verify the values in other fields and then click Save.
10.Click Download Metadata. The Salesforce metadata will be downloaded automatically. Save it on your local machine.
11.In the left pane, under Administer, click Domain Management, and then click My Domain.
12.On the My Domain page, under Authentication Configuration, click Edit.
13.On the Authentication Configuration page, under Authentication Service, select the Identity Provider (for example, Sfntidp) that you created in step 8.
14.Click Save.
SafeNet Trusted Access Setup
After completing the first step of configuring SafeNet Trusted Access in Salesforce, the second step is to activate the Salesforce application in SafeNet Trusted Access by performing the following steps:
1.In the Applications pane on the left, you will notice that the Salesforce application you added previously is currently in inactive state, by default. To configure and activate this application, click the application (for example, Salesforce) and proceed to the next step.
2.Under STA Setup, click Upload Salesforce Metadata.
3.On the Metadata upload window, click Browse to search and the select Salesforce metadata that you downloaded earlier in step 10 of Salesforce Setup.
4.Under Account Details, the service provider metadata information is displayed.
5.Click Save Configuration to save the details and activate the Salesforce application in SafeNet Trusted Access.
Verify Authentication
Using STA Console
Navigate to the login URL of the Salesforce (for example, https://exampledemo-dev-ed.my.salesforce.com/), and then click the Identity Provider name (for example, Sfntidp) that you created in step 8 of Salesforce Setup. You will be redirected to the SafeNet Trusted Access sign-in page. Enter your primary directory login information, approve the two-factor authentication, and you should be redirected to the Salesforce support portal after authentication.
You will be redirected to your SafeNet Trusted Access sign-in page. Enter your primary directory login information, approve the two-factor authentication, and you should be redirected to the Salesforce application after authentication.
Using STA User Portal
Navigate to the User Portal URL to log in to the STA User Portal dashboard. On the dashboard, you will see a list of applications to which you have access. Click the Salesforce application icon. You should be successfully logged in to the Salesforce application after authentication.
Using Salesforce Android App
1.Install the Salesforce mobile app (for example, Salesforce). On the Log In window, click the Use Custom Domain link.
2.Under Custom Domain, enter your Salesforce domain (for example, https://exampledemo-dev-ed.my.salesforce.com). Click Continue.
You will be redirected to select the Identity Provider name.
3.Select the IdP name that you created in step 8 of the Salesforce Setup (for example, SfntIdp).
You will be redirected to your SafeNet Trusted Access login page.
4. Enter your primary directory login information and approve the two-factor authentication.
You should be successfully logged in to the Salesforce application after authentication.
Using Salesforce iOS App
Install the Salesforce mobile app (for example, Salesforce). On the Log In window, click the Use Custom Domain link. Under Custom Domain, enter your Salesforce domain (for example, https://exampledemo-dev-ed.my.salesforce.com). Click Continue. You will be redirected to select Identity Provider name. Click the IdP name that you created in step 8 of Salesforce Setup (for example, SfntIdp).
You will be redirected to your SafeNet Trusted Access login page. Enter your primary directory login information and approve the two-factor authentication. You should be successfully logged in to the Salesforce application after authentication.
© 2019 SafeNet Trusted Access. Various trademarks are held by their respective owners.