Configuring SAML for Salesforce
REQUIRED ACCOUNT/PERMISSION LEVEL
Bitium: All account levels; must be an Admin to set up
Salesforce: All account levels; must be an Admin to set up
Go to “Manage Apps.”
Select “Salesforce” from the list of installed apps.
Select the “Single Sign-On” tab.
From the dropdown, select “SAML Authentication.”
Download the Metadata XML and X.509 Certificate from Bitium.
Log into Salesforce.com.
Click your username in the upper right part of your screen and then select the “Setup” menu option.
Under “Administration Setup,” click the “Domain Management” option. Select “My Domain” and set the domain to whatever you like (This function may only be available to certain types of accounts/permissions in Salesforce. If you do not have access to it, it may already have been set automatically for your company).
Under Security Controls select “Single Sign-On Settings.”
In the SAML Single Sign-On Settings section, click “New from Metadata File” and upload the metadata you downloaded from Bitium in Step 5 above.
Click “Edit” to set the Entity ID to the new domain value set in Step 3. If you did not set a domain in Step 3, enter the Entity ID as saml.salesforce.com. Copy the Entity ID.
In the Endpoints section, copy the “Salesforce Login URL.” (Note: You cannot view this URL if you are still in “Edit” mode in Salesforce. If you are in “Edit” mode, save changes to view the URL.)
Upload the X.509 Certificate downloaded in step 5 into “Identity Provider Certificate” field in Salesforce.
Click “Save” in Salesforce.
Paste the Entity ID copied in Step 6 into the Entity ID field in Bitium.
Paste the Salesforce Login URL copied in step 7 into the “ACS/Login URL” field in Bitium.
Ensure the “Login URL” and “Logout URL” in Bitium matches with the “Identity Provider Login URL” and “Identity Provider Logout URL in Salesforce. If not, copy the values from Bitium into the corresponding fields in Salesforce.
Click the “Save Changes” button in Bitium”