Salesforce Configuration

Here is how to set up a SAML application in Salesforce:

1. Enable My Domain from Setup > Administer > Domain Management > My Domain. Deploy it to all users. This will automatically create Salesforce Identity Provider.
2. Navigate to Administer > Security Controls > Identity Provider.  You will see Identity Provider setup details which needs to be entered in Celoxis.
3. Click on the Download Metadata button to download the certificate. This certificate is entered in Celoxis.
4. Now, on the same page below, click on Service Providers are now created via Connected Apps. Click here. 
5.  On the New Connected App page, enter the following details:
   
   1. Connected App Name
   2. Start URL
   3. Check the Enable SAML checkbox.
   4. Entity ID
   5. ACS URL
   6. Subject Type: Select Custom Attribute
   7. Name ID Format: Select  urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
   8. IdP Certificate: Select the appropriate certificate you have entered in Celoxis (Step 3)
6. Click on Save.
7. After the App is created, you now have to associate User profiles to this so that users belonging to these profiles can login via SSO.
   Navigate to Manage Apps > Connected Apps. Click on the app your just created. 
8. Scroll down and click on Manage Profiles.
9. Select the required profiles and click on Save.

Common Errors

1. Error Message: Server Error Not authenticated
   Solution: The IDP certificate you have entered in Celoxis  is incorrect. Enter the correct certificate you have created for this (Step 3 above)
   You will face the same error if you have not associated the logging in user's profile with the Connected app as explained in step 7 to 9 above.