Skip to content

Log in to Salesforce using the WSO2 Identity Server

This page guides you through using WSO2 Identity Server to log in to Salesforce.

Note

Ensure your Salesforce edition supports SSO. Check the Salesforce documentation.

Create the Salesforce Service Provider

Follow the steps given below to register the Salesforce application in WSO2 Identity Server.

  1. On the WSO2 Identity Server Console, go to Applications.

  2. Click New Application and select Salesforce from SSO Integrations section.

    Select app type in the WSO2 Identity Server

  3. Provide a name for the application.

    Select salesforce app in the WSO2 Identity Server

  4. Click Create to complete the registration.

  5. Download the SAML Metadata file and copy the Entity ID from the Guide section.

Configure Salesforce

  1. Log in to Salesforce.

Note

If using a custom domain, access your organization via the Use Custom Domain option on the Salesforce login page.

  1. Navigate to Setup > Settings > Identity > Single Sign-On Settings page.

  2. On the Single sign-on settings page, check the SAML Enabled box under Federated Single Sign-On Using SAML to enable the use of SAML SSO.

  3. Click on the New From Metadata file button and upload the downloaded SAML metadata file of the WSO2 Identity Server.

    salesforce-sso

  4. In the SAML settings form replace Entity ID you copied earlier.

  5. Choose the same certificate for Assertion Decryption Certificate and Request Signing Certificate. Add your Salesforce organization’s URL in Custom Logout URL, and click the Save.

    add-entity-id

  6. Scroll to the Endpoints section and copy the Login (Assertion consumer service URL) and Logout URLs.

  7. Download the Request Signing Certificate.

SAML Configurations in Service Provider

Make the following changes to the created service provider.

  1. Go to protocol section.

  2. Paste the Login (Assertion consumer service URL) and Logout URL into their respective fields, and upload the downloaded certificate.

Try it out

Do the following steps to test out the configurations for a new user in Salesforce and the WSO2 Identity Server.

  1. Add login options to your Salesforce login page following Salesforce guide.
  2. Create a user in Salesforce.
  3. Create a user with the same email address as their Salesforce username in WSO2 Identity Server.
  4. Access your Salesforce login URL on an incognito or private browser.
  5. Log in using the newly added login option which is available in login page using the new credentials of the user you just created. Then user will redirected back to Salesforce.

Troubleshooting guidelines

Additional troubleshooting information regarding any Salesforce side SSO failures can be retrieved by using Salesforce SAML Assertion Validator. Further information regarding the steps are available here.