The following documentation is applicable to Free, Developer, and Developer Pro plans. For documentation related to the enterprise plan, please click here.
Developer Pro Add on

Inbound SSO SAML - Salesforce

This document provides instructions to add a custom Identity provider (Salesforce) using Inbound SAML - SSO. As a result, it will allow your consumers to log in to your application with their Salesforce account using SSO.

Salesforce Configuration

  1. Log into Salesforce with your developer account.
  2. In the left navigation pane, search Identity provider and enable Identity provider setup.
  3. From the drop-down list of the account (in the top-right corner), select setup.
  4. Now, in the left navigation pane, search App Manager(a) and click App Manager (b) from the Apps list to open it.
  5. Click the New Connected App(c) from the top-right corner.

    The following screen will appear:

  6. Give a name to Connect App.
  7. Enter start URL: https://<LoginRadius AppName>
  8. Select the Enable SAML and the further options will appear on the screen.
  9. Enter Entity ID: https://<LoginRadius AppName>
  10. Select the Subject Type: eg. User ID
  11. Select the Name ID Format: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
  12. Add Issuer: https://<LoginRadius AppName>
  13. Select default or create and add IDP Certificate.
  14. Add SP Certificate and Key

    a) Generate the SP Certificate key from the following command:

    ```openssl genrsa -out private.key 2048```

    b) Generate the certificate form the private key

    ```openssl req -new -x509 -key private.key -out certificate.cert -days 365 -subj /CN=<loginradius-app-name>```
  15. Save the configuration

LoginRadius Account Configuration

To support the Inbound SSO - SAML, you will need to handle the following:

  1. Log into your LoginRadius Dashboard account, select your app and then navigate to the Integration section.

    The following screen will appear:

  2. Click the Add button for adding a new Inbound SSO-SAML app. The configuration options will appear.
  3. Search for Inbound in the search bar, locate the Inbound SSO-SAML. Click the Try It For Free option and then the Enable button from the appeared pop-up. The Inbound SSO-SAML app is added to the Available Integrations.
  4. Click the Let’s Configure option.

    The following screen will appear:

  5. Enter or select the following values:

    • Enter the Provider Name.
    • Enter the Display Provider Name.
    • Select Id Provider Binding : urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
    • Enter the Id Provider Location: https://<account>
    • Enter the Id Provider Logout URL: https://<account>
    • Enter the Id Provider Certificate from the Salesforce connect app. You can download the IDP Certificate from the salesforce.
    • Enter the Service Provider Certificate and Service Provider Private Key that you have generated while doing Salesforce Configuration.
    • Enter the Relay state param, i.e: RelayState.
    • Data Mapping: Add the fields you want to map along with Email.
    Key Value
    Email email
  6. Click the Save button to save the configuration. You have successfully configured Salesforce IDP using Inbound SSO-SAML. Open Auth Page(IDX) of your app and the Login with SAML Salesforce option will appear:

Was this article helpful?

Have more questions? Submit a request