The below steps outline how you can leverage your SalesForce Account as a SAML IdP with Stackla, allowing your users to log into Stackla using the same credentials they use for SalesForce CRM and other SalesForce products.
1. Enable your SalesForce My Domain
If you haven't done so already, in order to leverage SalesForce as your IdP you will need to setup a 'My Domain' for your CRM instance.
My Domain allows you to setup a custom domain for your SalesForce URL which can be branded specifically for your company.
To do this, simply go to 'Setup > Administration Setup > My Domain'.
Enter in a domain for your organisation and Deploy for all users.
2. Download your IdP Metadata File
Next step is to download the Federated Metadata file for your SalesForce instance. To do this, simply go to 'Setup > Administration Setup > Security Controls > Identity Provider'.
This page will provide a high level overview of the Identity Providers setup on your SalesForce instance. Simply click on the 'Download Metadata' button and keep the XML file provided. You will need this to provide to Stackla later.
3. Provide your IDP Metadata File & Domain to Stackla
Next step is to provide the downloaded IDP Metadata File and domain to Stackla.
To do this, simply email your Customer Success Account Manager with the following details:
IDP Metadata File (The XML File you downloaded earlier)
Domain (ie. stackla.com)
The domain(s) will determine which users are forced to sign in via SalesForce moving forward. Stackla will provide as a follow up to this the relevant Entity ID, ACS URL and Single Logout URL you require to complete the next step.
4. Setup your Connected App
Final step in the process is to build a Connected App. To do this go to 'Setup > Manage Apps > Connected Apps' and click on 'New'.
From here you must first name your App and provide it with an Icon and then provide the Web App settings.
Values like Entity ID, ACS URL and Single Logout URL will be unique per SalesForce instance. Values which will be consistent are:
Start URL: https://my.stackla.com
Enable SAML: Yes
Enable Single Logout: Yes
Single Logout Binding: HTTP Redirect
Subject Type: Username
Name ID Format: urn:oasis:name:tc:SAML:1.1:nameid-format:emailAddress
IDP Certificate: Default IDP Certificate
Once populated you can now hit Save and elect which users will be able to see the Connected App and connect through this to Stackla.