Here is how to set up a SAML application in Salesforce:
- Enable My Domain from Setup > Administer > Domain Management > My Domain. Deploy it to all users. This will automatically create Salesforce Identity Provider.
- Navigate to Administer > Security > Security Controls > Identity Provider. You will see Identity Provider setup details which needs to be entered in Celoxis.
- Click on the Download Metadata button to download the certificate. This certificate is entered in Celoxis.
- Now, on the same page below, click on Service Providers are now created via Connected Apps. Click here.
- On the New Connected App page, enter the following details:
- Connected App Name
- Start URL
- Check the Enable SAML checkbox.
- Entity ID
- ACS URL
- Subject Type: Select Custom Attribute
- Name ID Format: Select urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
- IdP Certificate: Select the appropriate certificate you have entered in Celoxis (Step 3)
- Click on Save.
- After the App is created, you now have to associate User profiles to this so that users belonging to these profiles can login via SSO.
Navigate to Manage Apps > Connected Apps. Click on the app your just created. - Scroll down and click on Manage Profiles.
- Select the required profiles and click on Save.
Common
...
Errors
Error Message: Server Error Not authenticated
Solution: The IDP certificate you have entered in Celoxis is incorrect. Enter the correct certificate you have created for this (Step 3 above)
You will face the same error if you have not associated the logging in user's profile with the Connected app as explained in step 7 to 9 above.