Skip to main content

Connect an SSO with Salesforce (SAML)

Use the Integrations Hub module to connect a single sign on to Salesforce using SAML.

Cheryn avatar
Written by Cheryn
Updated over 2 weeks ago

  1. OAuth is by far the easiest connection, and can take less than 5 minutes to configure. However we also do support SAML configuration.

  2. Start in the Salesforce Admin, and head to the Settings, find the User for which is an example of a person who will be signing on through the Digital Experience Community. We need to take note of the Profile, in our case it is the Customer Community Login User.

  3. Next, make sure your Identity Provider is turned on. If it is not, please Enable it.

  4. Take note of this, and then head to the App Manager. Choose New Connected App

  5. Fill out the top portion, and then check the box for Enable SAML

  6. In another tab, head to the Integrations Hub > Connectors > Single Sign On > Salesforce (SAML)

  7. Copy the Process Url

  8. Back in Salesforce, enter OpenWater as the EntityId, then paste in the Process Url from the previous step into the ACS Url

  9. Change Subject Type to User ID


  10. Scroll to the bottom of the page and Save


  11. Now click Manage

  12. Find the SAML Login Information, and ignore the first few links. Click on the expansion icon next to For Communities

  13. If you have multiple communities, find the one you are interested in connecting to OpenWater and copy the SP-Initiated Redirect Endpoint

  14. Go back to Integrations Hub and Paste it in to the Login URL

  15. Download the Metadata of the Community

  16. Find the X509 Section, copy it (do not include the <ds:X509Certificate> or </ds:X509Certificate>)

  17. Paste it into the Certificate

  18. Press Save

  19. Then press Publish

  20. Head back to Salesforce Admin, and go to Manage Profiles

  21. Add the Profile you noted from Step 2

  22. Save, then go to Custom Attributes

  23. Add all the fields you wish to map. You can use an attribute key of your choice.

  24. Click Save

  25. Click on Field Mapping, then click on the click here in the “No Fields have been provided yet”

  26. You may be prompted to login with your Community User account. (Not your admin account). Once you do so you should see a message like this:

  27. Head back to Integrations Hub and Refresh

  28. Proceed to map the fields. Ensure email, user data, and unique ID are all properly mapped

  29. Press Save

  30. Now go back to Settings, then copy the Begin Url

  31. Set the System Settings > Login Configuration to Json Web Token, then set the Login Url and the secret

  32. Your SSO is now complete- high-five yourself, you did it!

    Testing Your New SSO

    As with any new integration or workflow, testing is super important! You can now load up your site in an incognito window, then test out your login.

Did this answer your question?