Configure direct Salesforce sign-on using PingFederate (SP-initiated sign-on) plus single logout (SLO)
Before you begin
-
You must first enable IdP-initiated sign-on.
Enable PingFederate authentication in Salesforce
-
Sign on to your Salesforce domain as an administrator.
-
Click the Gear icon, then go to Setup → Company Settings → My Domain.
-
Make a note of your domain name, such as
https://your-company.my.salesforce.com. -
In the Authentication Configuration section, click Edit.
-
In the Authentication Service list, select YourPingFederate. Click Save.
The "YourPingFederate" entry was created as a result of the IdP-initiated login tasks above.
Configuration is complete.
Salesforce will now redirect to PingFederate for authentication of all new sessions.
You should also select the Login Form check box during the testing phase in case of authentication issues. Testers will be offered the option of the standard Salesforce login form or PingFederate authentication. After you’ve successfully tested authentication against PingFederate, you can clear the Login Form check box so that authentication automatically defaults to PingFederate.
Test the PingFederate SP-initiated SSO integration
-
Go to your Salesforce domain.
If the Login Form check box is still selected, the Salesforce sign on screen still displays, and you’re offered a choice of Salesforce sign on or PingFederate sign on, select PingFederate.
If you’ve cleared the Login Form check box, you’re not offered a choice.
-
When you are redirected to PingFederate, enter your PingFederate username and password.
After successful authentication, you’re redirected back to Salesforce.
