- Getting Started
- Recommended Integration & Registration Flow
- Admin Console Overview
- User Onboarding and Management
- User Registration and Login
- Enterprise Applications
- Microsoft Integration
- Installing TraitWare PAM Module for SSH and SFTP
Salesforce SAML Integration
Posted on April 3, 2019
Contents
- What you need from TraitWare
- Setting up TraitWare
- Adding SAML Application
- Turning on application access for a user
- Setting up your service
Getting Started
Both TraitWare and Salesforce require certain information to be able to communicate securely with each other.
What You Need From Salesforce
- A paid Professional, Enterprise, Unlimited, or Developer plan ($89-$179/agent/month)
- Your Organization/Custom login (the login created by the owner ex: business.my.salesforce.com)
- Your account ID
- Metadata XML (recommended)
What You Need From TraitWare
You will obtain the following when you create your TraitWare application.
- Metadata XML (recommended)
- SAML Endpoint/Sign-in URL (optional)
- Public Verification Certificate Fingerprint (optional)
Setting Up TraitWare
In order for TraitWare to communicate with Slack, an application will need to be created. Once you have access from TraitWare, navigate to https://admin.traitware.com and use your TraitWare app to sign in.
Adding a SAML Application
- Select Applications in the menu on the left.
- Select Add Application to add a new application.
- Select SAML as your Application Type.
- Enter an Application Name that will make sense when you see it (ex: Salesforce).
- Choose Use a Template.
- In the SAML Applications dropdown list, select Salesforce. The fields following will auto-fill with generic information.
- For Return URI, put a sign-in URL to redirect users back to upon timeout
- Replace
YOURDOMAIN and YOURID in each field with theOrganziation that you collected above. Ex: https://YOURDOMAIN.my.salesforce.com?so=YOURID becomes https://business.my.salesforce.com?so=654359 - For Relay State and Metadata URL, you can leave the fields empty.
- You won’t need to add anything for the Claims Mapping.
- Alternatively, you can upload the Metadata that will be obtained from Salesforce in a later step
- Select Save Application.
- Once your application is submitted, it will populate the information required by your service provider
- Open the appropriate application, navigate to the Provider Credentials tab, and you will then be able to copy the information required
- If you plan to use the Metadata, select Download as XML and save it somewhere you will be able to easily find
Turning on Application Access for User
- Select Users from the menu in the upper left.
- Select a user. Their User Profile will open.
- Find the Salesforce Application name under Applications, and select the application to enable access for that user.
Setting Up Salesforce
- Navigate to https://login.salesforce.com and sign in using an Admin account.
- Select Setup by expanding the settings menu
- If you have not done so already, setup your domain for ease of navigation to your SSO login
- Select My Domain from the Company Settings options list.
- Type in your domain and Check Availability
- Then Register Domain (It may take a bit of time for the registration to complete)
- Once you receive confirmation that it is ready, you can use it to setup the SSO
- Navigate to Single Sign-On Settings under Identity
- Select Edit
- Check the box to Enable SAML
- Select Save
- Select New from Metadata File
- Select Choose File
- Navigate to the file you downloaded before
- Select Create
- Update the Name and API Name to something that you will recognize
- Double check that all other fields look correct
- Change Service Provider Initiated Request Binding to HTTP POST
- Select Save
- To obtain the rest of the information needed by TraitWare, select the SSO that you have just created
- From here, you will either need to copy the Login URL information or Download Metadata (recommended)
- To use the Metadata.xml to update your TraitWare application information, navigate back to the application created in the previous steps in the TraitWare Console
- Select the application to open it
- Go to the Upload SAML Metadata tab
- Toggle to Replace Full Application Configuration
- Select Upload a File and select the file downloaded from Salesforce
- Otherwise, manually update the 5 necessary fields and select Submit
Recommended Salesforce Settings
- Once you have finished setting up your users, it is recommended to turn off the generic login (the URL and the usernames and passwords)
- Navigate to My Domain under Company Settings
- Edit your My Domain Settings to Prevent login from https://login.salesforce.com and Save
- Edit your Authentication Configuration
- Uncheck the box for Login Form (this will automatically redirect users to the TraitWare QR login when they navigate to your custom URL)
- Select Save
- Once these settings are saved, users will be directed to the TraitWare QR rather than coming to a login page with options to use manual credentials
Additional Information
If you do not see an application in the dropdown list during the Application setup, you can fill in the fields with your generic information. If you have issues, please contact us at support@traitware.com, and we will work with you to see if the application can be added.