Configuring SAML for Salesforce

REQUIRED ACCOUNT/PERMISSION LEVEL

Bitium: All account levels; must be an Admin to set up

Salesforce: All account levels; must be an Admin to set up

In Bitium:

  1. Go to “Manage Apps.”

  2. Select “Salesforce” from the list of installed apps.

  3. Select the “Single Sign-On” tab.

  4. From the dropdown, select “SAML Authentication.”

    SAML Authentication in Bitium Example 1

  5. Download the Metadata XML and X.509 Certificate from Bitium.

    SAML Authentication in Bitium Example 2

In Salesforce:

  1. Log into Salesforce.com.

  2. Click your username in the upper right part of your screen and then select the “Setup” menu option.

    Salesforce Setup Menu

  3. Under “Administration Setup,” click the “Domain Management” option. Select “My Domain” and set the domain to whatever you like (This function may only be available to certain types of accounts/permissions in Salesforce. If you do not have access to it, it may already have been set automatically for your company).

    Salesforce Domain Example

  4. Under Security Controls select “Single Sign-On Settings.”

    Salesforce Single Sign-On Settings

  5. In the SAML Single Sign-On Settings section, click “New from Metadata File” and upload the metadata you downloaded from Bitium in Step 5 above.

    Salesforce Metadata

  6. Click “Edit” to set the Entity ID to the new domain value set in Step 3. If you did not set a domain in Step 3, enter the Entity ID as saml.salesforce.com. Copy the Entity ID.

    Salesforce Entity ID

  7. In the Endpoints section, copy the “Salesforce Login URL.” (Note: You cannot view this URL if you are still in “Edit” mode in Salesforce. If you are in “Edit” mode, save changes to view the URL.)

    Salesforce Login URL

  8. Upload the X.509 Certificate downloaded in step 5 into “Identity Provider Certificate” field in Salesforce.

    Salesforce X.509 Certificate

  9. Click “Save” in Salesforce.

In Bitium:

  1. Paste the Entity ID copied in Step 6 into the Entity ID field in Bitium.

  2. Paste the Salesforce Login URL copied in step 7 into the “ACS/Login URL” field in Bitium.

  3. Ensure the “Login URL” and “Logout URL” in Bitium matches with the “Identity Provider Login URL” and “Identity Provider Logout URL in Salesforce. If not, copy the values from Bitium into the corresponding fields in Salesforce.

    Bitium Salesforce SAML Configuration

  4. Click the “Save Changes” button in Bitium”