I’m back with yet another declarative trick (that’s a tongue twister) up my sleeve. Today we’re talking about Single Sign-On(SSO).
One of the clients that I’m currently working with had a requirement to enable Single Sign for their Org.
Now, I have done this before but only in Trailhead. BUT, its a completely different beast when you’re doing it in realtime for a client.
IMO the steps listed out in Trailhead are much more difficult than the real thing. I’ve outlined the steps below that I took to successfully enable SSO in my ORG.
Step 1: Create “New” in SAML Single Sign-On Settings
- From Setup enter “Single Sign-on Settings” and then click on the related link.
- Click one of the following options:
- New from Metadata File
- New from Metadata URL
Step 2: Fill in all the Required fields
Once you click on New you will be presented with a screen where you can fill in all the required details.
After filling it all out this is how it should look like:
In my client’s case, they provided me with the Metadata file. So it was as easy as uploading the .txt file to Salesforce. After you’ve uploaded the file, you will also need to upload the Certificate i.e. (Certificate Signing Request or CSR).
Step 3: Enable SAML
This is VERY CRUCIAL but easy to miss checkbox. If you do not enable SAML, you will not be able to select SSO as an option for your users. It’s very easy to miss because it is so itty-bitty.
Step 4(Final): Allow Users to Login Using SSO
On to the final step! Take the following steps:
- My Domain
- Edit > Authentication Configuration
After you hit “Edit” you will be able to select the newly created SSO option for users to login with.
Now let’s see how this looks like on the User end.
As you can see, the standard login page now has an additional option which says, “Or log in using: XXXXXX” where XXXXX is the name of your SSO. It could be Active Directory or O365 or anything you want to call it.
And there you have it! A step-by-step process on how to Enable SSO for your users.
p.s. This was all done on the Salesforce end. You will need help from the IT department to do their part in order to Activate these users and enable them to log-in using SSO.