Salesforce: Configure SSO to Simpplr using G Suite

Table of Contents

Enable and Deploy My Domain on your Salesforce Org

Configure G Suite for SSO

Configure SAML 2.0 in Salesforce

Give Access to Users in G Suite for Salesforce App

 

Enable and Deploy My Domain on your Salesforce Org

Back to top

The Salesforce My Domain feature allows you to select a custom domain name for your application. A My Domain URL looks like https://customer.my.salesforce.com.

  1. In your Salesforce org, click Setup, then type Domain into the Quick Find box and choose Domains.
  2. Click Add a Domain and enter your custom domain in the Domain Name field.

Configure G Suite for SSO

Back to top

  1. Log in to https://admin.google.com.
  2. Navigate to Apps > SAML Apps.
  3. Click the plus (+) icon to add the new application. A popup window will open; search for Salesforce.
    Screen_Shot_2021-09-14_at_10.43.35_AM.png
  4. Select the application. A new window will open with Google IDP information.
    Screen_Shot_2021-09-14_at_10.45.06_AM.png
  5. Download the IDP metadata file from Option 2 as shown above.
  6. Once Salesforce is configured, use this information in Step 4 of G Suite.Screen_Shot_2021-09-14_at_10.46.54_AM.png
  7. In the Service Provider Details section, enter the following urls into the Entity ID, ACS URL, and Start URL fields: 
      • ACS URL: https://your-domain-name.my.salesforce.com?so={SF provided - domain specific id} will be equal to Login URL in SAML configuration page shown below.
        Screen_Shot_2021-09-14_at_10.48.32_AM.png
      • Entity ID: https://your-domain-name.my.salesforce.com will be same as domain URL for Salesforce.
      • Start URL: https://your-domain-name.my.salesforce.com will be same as domain URL for Salesforce. Click Finish.
  8. Once the Application is set up, it will appear as shown below in Admin Panel > SAML APP.
    Screen_Shot_2021-09-14_at_10.59.06_AM.png
  9. Click on the Salesforce Application to configure the SSO and Provisioning.
    Screen_Shot_2021-09-14_at_10.59.54_AM.png
  10. Click Edit Service on the top right corner of the screen. You will see the option to toggle ON for everyone/OFF for everyone. Select ON. Then you have the option on the left side of the screen to configure the service based on OU structure if you have anything in G Suite. click Save.
    Screen_Shot_2021-09-14_at_11.15.28_AM.png
  11. You will be returned to the default page. Click User Provisioning, then Set up user provisioning.
  12. In the Authorize window, click Authorize.
    Screen_Shot_2021-09-14_at_11.18.15_AM.png
  13. Salesforce will open in the same tab. Log in to your Salesforce org. If you haven't logged in to your Salesforce administrator account before clicking Authorize, you're prompted to sign in. If you can't access your Salesforce application, click Re-authorize app to be prompted to sign in.
  14. In the Provide SCIM endpoint field, enter https://your-domain-name.my.salesforce.com/services/scim/v1 (change your-domain-name with your custom domain name).Screen_Shot_2021-09-14_at_11.23.33_AM.png
  15. In the Map attributes box, next to the selected Cloud Directory attribute, use the dropdown menus to map to the corresponding Salesforce attributes.
    Screen_Shot_2021-09-14_at_11.25.18_AM.png
  16. Select Entitlements in the Map attributes. then scroll down and select AutoProvSFAttribs > SFEntitlements. Then click Next.
    Screen_Shot_2021-09-14_at_11.31.28_AM.png
  17. From the Set provisioning scope dialog box, add a group to restrict provisioning to members of groups you define. Click the underscore and begin typing your group name. A list of available groups will appear. Selecting one adds it and opens another selection option. Add more groups if necessary. To remove groups, click the Edit (pencil) icon. Once complete, click Finish.Screen_Shot_2021-09-14_at_11.37.14_AM.png

Configure SAML 2.0 in Salesforce

Back to top

  1. Log in to Salesforce with the same administrator username and password used for User Management settings in G Suite.
  2. From Setup, type Single Sign-On into the Quick Find box and select Single Sign-On Settings.
    sso_enable_salesforce.gif
  3. Click Edit and check the SAML Enabled box to enable SAML Single Sign-On, then click Save.
    Screen_Shot_2021-09-14_at_11.48.07_AM.png
  4. Next, in the list at the bottom of your page, select New from the Metadata File to add a new SAML SSO configuration.
    Screen_Shot_2021-09-14_at_11.50.20_AM.png
  5. From here, upload the XML file you saved in G Suite. Click Create to configure the SAML settings in Salesforce. You'll be redirected to a page similar to what you see below. Save the login URL in the endpoints. Screen_Shot_2021-09-14_at_11.53.17_AM.png

Give Users Access in G Suite for Salesforce App

Back to top

  1. Log in to https://admin.google.com.
  2. Click Users, then click on the user you want to give Salesforce access to. 
  3. Click the User Information tab. This will load a new page that allows you to edit user information. Scroll down to AutoProvSFAttribs and Click SFEntitlements, enter the Profile ID users will have when their login is created in Salesforce. (Log in to Salesforce as Admin. In quick search, find Profiles under Manager Users. Click on the desired profile and copy the 12-digit profile ID from the URL as shown below).
    Screen_Shot_2021-09-14_at_11.58.36_AM.png
  4. Save the user settings and go to Home > Groups. Search the Group you added above during Provisioning and add the required user in that group. That user will be provisioned short, and you can see the logs if you navigate to SAML Apps, Salesforce and Provisioning. You will see the user Created, Suspended and Failure for the Provisioning.
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.

Articles in this section

See more