This section provides the configuration information on integrating Advanced Authentication with Salesforce. This integration secures the Salesforce connection.
The following diagram represents Advanced Authentication in Salesforce.
To configure the Advanced Authentication integration with Salesforce, perform the following configuration tasks:
Clickand select .
Click the created configuration (not for Edit).
Open the Advanced Authentication Administration portal.
Clickto add a new event.
Create an event with the following parameters.
Chains: select the required chains.
Clickto Upload SP SAML 2.0 metadata file. Open the Salesforce metadata file and click .
Set https://AdvancedAuthenticationServerAddress/ and replace AdvancedAuthenticationServerAddress with domain name or IP address of your Advanced Authentication server.to
NOTE:To use multiple Advanced Authentication servers with SAML 2.0, you must do the following:
Configure an external load balancer.
Specify the address with port number ininstead of specifying an address of a single Advanced Authentication server.
IMPORTANT:You must use the server name or IP address specified in thefield of Salesforce.
Clickin the Advanced Authentication Administration portal.
Verify whether the Signing Certificate is available and use the certificate.
If the certificate does not exist, then upload the certificate.
Navigate to> and click .
A new tab launches with the SAML 2.0 metadata that includes the certificate in x.509 format.
Find the tag <ds:X509Certificate> and copy the certificate that follows to a notepad file.
Add the ---BEGIN CERTIFICATE ------------ at the beginning and ---END CERTIFICATE------------ at end of the certificate in the notepad file.
Save the notepad file for further use.
Login to your Salesforce account.
Create a domain. If the domain is not created, then perform the following tasks:
Clickand select in the interface.
Scroll down the setup toolbar and navigate to.
Specify your domain name and click.
The domain is activated. Use your domain name to open Salesforce. For example, https://CompanyName.my.salesforce.com/. SAML provider requires the domain name.
Upload the Identity Provider Signing Certificate that you obtained in Step 7 of section 27.7.3.
Inclick and specify the following details:
: Advanced Authentication.
https://AdvancedAuthenticationServerAddress/osp/a/TOP/auth/saml2/metadata, where you must replace AdvancedAuthenticationServerAddress with the domain name or IP address of your Advanced Authentication server.:
Clickto open the Identity Provider certificate.
: Select .
: Select .
: Select .
Clickfor Federated Single Sign-On Using SAML.
Click userPrincipalName attribute in Active Directory. For example, email@example.com the required Salesforce users by adding for the user accounts. The Federation ID corresponds to
NOTE:The name that you specify inis case sensitive. The following error appears, if you ignore the case:
We can't log you in. Check for an invalid assertion in the SAML Assertion Validator (available in Single-Sign On Settings) or check the login history for failed logins.
Click your profile icon and click.
This mode is required to tune the domain options.
Clickto access the screen.
Open the URL https://CompanyName.my.salesforce.com/ and click to check the SAML 2.0 authentication.
NOTE:While logging in to Salesforce if an error message Single Sign-on error is displayed after succeeding all methods in the chain, you must change the in the Salesforce console.
For more information, see Error While Logging In to Salesforce.