3.7 Configuring the Connector for Salesforce

Each cluster supports only one Connector for Salesforce.You must configure the Connector for Salesforce to provision accounts into Salesforce.

You can configure the connector to allow users single sign-on access into Salesforce. When users log in to Active Directory, Access Gateway for Cloud automatically authenticates the users to Salesforce. Providing single sign-on to the users increases the security of your company’s information stored in Salesforce.

  1. Access the administration page.

    For more information, see Section 3.1, Accessing the Administration Page.

  2. Drag and drop the Connector for Salesforce from the SaaS Palette to the bar.

  3. Click the Connector for Salesforce, then click Configure.

  4. Fill in the fields to configure the connector.

  5. (Conditional) Configure the Connector for Salesforce to allow single sign-on for users:

    1. Generate a .pem file from the Connector for Salesforce.

      1. Click Configure on the Connector for Salesforce in the Admin page.

      2. Click Single Sign-On Settings, then click Download Certificate.

      3. Follow the prompts to save the .pem file.

    2. Log into Salesforce as an administrator.

    3. Select Setup from the drop-down menu.

    4. Click Security Controls under Administration Set Up in the left pane.

    5. Click Single Sign On Settings.

    6. Click Edit, then use the following information to configure single sign-on:

      SAML Enabled: Check this option.

      SAML Version: Specify 2.0 for the version.

      Issuer: Specify the following URL:

      https://<dns_of_ag4c_appliance>/osp/a/t1/auth/saml2/metadata

      Identity Provider Certificate: Click Browse, then browse to and select the .pem file created in Step 5.a.

      Identity Provider Login URL: Specify the following URL:

      https://<dns_of_ag4c_appliance>/osp/a/t1/auth/app/its/salesforce

      Assertion Contains the Federation ID from the User Object: Select this option. This option is not selected by default.

      User ID is in the NameIdentifier element of the Subject statement: Select this option.

      Identity Provider Logout URL: Specify the following URL:

      https://<dns_of_ag4c_appliance>/osp/a/t1/auth/app/logout

  6. Click OK, then click Apply to commit the changes to the appliance.