SURFconext cannot verify the configuration steps below as we are not a customer of this service provider. We have collected the information below from our connected instituions to the best of our knowledge. If you have remarks or tips you want to share, please send them to support@surfconext.nl.
This pages depicts setting up Salesforce with SURFconext SSO. Please read the documentation of Salesforce for an up-to-date version of the Salesforce documentation.
SSO setup
- Login to http://www.saleforce.com as admin user.
- Navigate to Setup->Security Controls->SingleSignOn Settings.
- Enable SAML and fill up the dialog presented.
- Fill in the right values for using SURFconext as the IdP:
Parameters to enter:
Parameter | Value | Note |
---|---|---|
SAML version | SAML2 | |
Issuer | This is the entityID of the SURFconext EngineBlock IdP | |
Identity Provider Certificate | Download the certificate from https://metadata.surfconext.nl/engine.surfconext.nl-20181213.pem and upload this file into this field | This is the signing certificate of the SURFconext EngineBlock IdP in X509 format |
SAML User ID Type | Assertion contains the Federation ID from the User object | SURFconext will provide the unique identifier for the user (in the format: urn:collab:person:[~urn:collab:person:surfnet.nl:niels:schachomeorg]:[~urn:collab:person:surfnet.nl:niels:uid], |
SAML User ID Location | User ID is in the NameIdentifier element of the Subject statement | Using the NameIdentifier is the preferred way of delivering the identifyer |
User Provisioning Enabled | True | It is preferred to enable autocreation of users |
Domain setup
- Navigate to Setup->Security Controls->Identity Provider
Create a new domain according to your requirements - This domain will be the startingpoint for your org's access to Salesforce via SURFconext. If required you can set a cname + redirect to the url provided by Salesforce