Table of Contents
Note:The System admin for OneLogin, as well as Salesforce, will need to configure the SSO.
If you have not yet done so, create a Salesforce service account when connecting your OneLogin SSO on the Salesforce side. This article will explain more about what a service account is and why it's important to create one, but essentially, a service account is not tied to one single user's email address. So if the admin/user leaves the company, the service account will still be up and running.
Set Up OneLogin
- Log in to OneLogin as the Administrator. From the home page, click Administration.
- From the Salesforce page, navigate to Setup.
- Go to Apps then select Add Apps.
- Search for Salesforce and select it. If needed, edit the Display Name. Then click Save.
- Select the Configuration tab. Then in the Salesforce Login URL field, enter your org's Salesforce login URL. It must be in the format: https://login.salesforce.com?so=orgid
- Select the API version as 33.
- Click Authenticate to be redirected to the OneLogin OAuth Configuration Service. Here you'll need to click on Salesforce for authentication.
- Log in with the Salesforce System admin's login credentials.
- From the new window that opens, click Allow Access. This will send you back to the OneLogin configuration page, where you'll see a Clear Token option.
- Select the Parameters tab. Ensure the option is selected for Credentials are Configured by admin and that the mappings are as follows: User ID -> Email (it can be changed using different options like OneLogin, username or Distinguish username etc.)
- Click Save. Then navigate over to the SSO tab and copy the SAML2.0 Endpoint (HTTP) URL and the Issuer URL.
- From the X.509 Certificate, click View Details. Select X.509 PEM as the certificate type.
- Click Download to download the X.509 PEM certificate file. Next, you'll input the Issuer URL, SAML2.0 Endpoint, and X.509 Certificate into Salesforce to confirm the SSO connection.
- Click the Provisioning tab. Check Enable Provisioning for Salesforce. You can also choose whether or not the Admin needs to approve any user creation, updates, or deletion. When finished, click Save.
Setting up Salesforce
- Log in to Salesforce as the System admin.
- Navigate to Setup, then in the Quick Find box, type in Single sign-On and click Single Sign-On Settings.
- Under Federated Single Sign-On Using SAML, ensure SAML Enabled is checked. If not, click Edit and check the box. then click Save.
- Under SAML Single Sign-On Settings, click New to create a new SSO Profile.
- Assign the following to the new SSO profile:
Once all the information is input, click Save.
Assign the Simpplr app to users
- Log back in to OneLogin with your Admin credentials. Click Administration.
- Navigate to Users and select All Users.
- Click New User and fill in the required fields. Then click Save.
- Go to the Applications tab and click the + icon to add the application to the user.
- Select Salesforce from the dropdown list, then Continue and Save.
- Now you can send an invitation to the user for them to set up a password and access Simpplr.
Create a Bookmark app
By default, once your Simpplr and OneLogin are integrated, you'll be taken to Salesforce when logging in from the OneLogin portal. To ensure you get taken to the Simpplr app instead of Salesforce, you'll need to create a bookmark app in OneLogin. To do so:
Login to OneLogin.
- From the Administrator portal, go to Applications > Applications.
- Click Add App on the right-hand side of the page.
- From the Add App, search Bookmark. From the results, choose Shortcut.
- Enter the name of your intranet from the next screen.
- Make sure the application is selected as Visible in Portal. Click Save.
- From the left-hand navigation menu, click Configuration. Add your Simpplr home dashboard URL to the Website Address field. Click Save.
- Navigate back to the left-hand menu and choose Users. Assign the same users who have been assigned the intranet's original app.