To read more about the difference between Identity Providers and Service Providers, please refer to the link below.
This will outline the procedure on how to create an SSO connection between a Salesforce Developer Edition and AtomSphere. Although this is geared towards the Salesforce Developer Edition, the procedure will be similar for setting up SSO with different Salesforce editions.
1. Set up a Salesforce Domain Name.
2. Enable Salesforce as an Identity Provider.
3. Once the Identity Provider is enabled, download the certificate and keep it to be used later.
4. Create a SAML-Enabled Connected App with the following information. Make sure you authorize users to have access to your connected app by following the authorization steps at the bottom part of this link.
Entity Id: https://platform.boomi.com/sso/<ATOMSPHERE_ACCOUNT>/saml
Subject Type: Federation ID
ACS URL: https://platform.boomi.com/sso/<ATOMSPHERE_ACCOUNT>/saml
Name ID Format: urn:names:tc:SAML:2.0:nameid-format:transient
5. Manage your newly created Connected App and note down the information under the SAML Login Information -> IdP-Initiated Login URL.
6. Edit the Connected App and use the information in Step#5 in your Basic Information->Start URL.
7. Edit the Salesforce user information with the following considerations.
- In order for a user to be allowed assignment for the connected app, their User License needs to be defined as “Salesforce”. The Developer Account only gives you 2 Salesforce user licenses and one is already used by your Administrator account.
- You need to have the Federation ID field in the user information populated by the same Federation ID configured in AtomSphere. Using the email address for both has proven to work.
1. Double-click / Open the certificate downloaded in Step#3 of the On Salesforce procedure.
2. Click on the Details tab.
3. Click “Copy to File…”.
4. Click “Next”.
5. Select the format “Base-64 encoded X.509 (.CER)” and click “Next”.
6. Enter the destination directory and filename for the certificate then click “Next”.
7. Click “Finish”. You will see the generated certificate in the destination directory.
8. On the AtomSphere -> Setup -> SSO Options configuration page, do the following.
- Check “Enable SAML Signle Sign-On”.
- Import the certificate created in Step#5 of the “On AtomSphere” procedure.
- On the “Identity Provider Login URL” field, enter “https://<SALESFORCE_DOMAIN>.my.salesforce.com/idp/endpoint/HttpPost”.
- On the “Federation Id Location” select “Federation Id is in NameID element of the Subject”.
9. On the AtomSphere -> Setup -> User Management page, consider the following for the SSO user.
- Make sure the Federation ID of the user matches the Federation ID on Salesforce.
- Make sure the user is not an Administrator.