Salesforce

Creating a connection

To allow PingFederate to act as an identity provider and manage users in Salesforce, create a service provider (SP) connection:

Steps

  1. In the PingFederate administrator console, create a new SP connection:

    Choose from:

    • For PingFederate 10.1 or later: Go to Applications > Integration > SP Connections. Click Create Connection.

    • For PingFederate 10.0 or earlier: Go to Identity Provider > SP Connections. Click Create Connection.

  2. Configure the basic connection details with the Salesforce quick connection template:

    1. On the Connection Template tab, select Use a template for this connection.

    2. In the Connection Template list, select Salesforce Provisioner.

    3. On the Metadata File row, upload the SAMLSP-xxxxxxxxxxxxxxx.xml file that you saved in Registering PingFederate as an SSO provider in Salesforce. Click Next.

    4. On the Connection Type tab, select Browser SSO Profiles and Outbound Provisioning. Click Next.

    5. On the Connection Options tab, click Next.

    6. On the General Info tab, if you configured a custom entity ID in the Issuer field in Registering PingFederate as an SSO provider in Salesforce, enter the name in the Virtual Server IDs field and then click Add.

    7. In the Connection Name field, enter a name that you choose. Click Next.

  3. On the Browser SSO page, configure browser SSO with the following details.

    You can find more information in Configuring IdP Browser SSO and Configure SSO token creation in the PingFederate documentation.

    If you want to integrate with Salesforce Communities, set your Salesforce Communities URL as the default for SSO:

    1. On the Browser SSO > Protocol Settings > Assertion Consumer Service URL tab, find your Salesforce Communities URL.

    2. In the Actions column, click Edit.

    3. In the Default column, select the checkbox. Click Update.

  4. On the Credentials page, configure the digital signature settings with the following details:

    1. On the Digital Signature Settings page, in the Signing Certificate list, select your certificate.

    2. Select Include the certificate in the signature <keyinfo> element. Click Done.

      Learn more about Configuring credentials in the PingFederate documentation.

  5. On the Outbound Provisioning page, configure provisioning with the following details:

    Learn more about Configuring outbound provisioning in the PingFederate documentation.

    1. On the Target tab, in the Client ID field, enter the Consumer Key that you noted in Registering PingFederate as a connected app in Salesforce.

    2. In the Client Secret field, enter the Consumer Secret that you noted in Registering PingFederate as a connected app in Salesforce.

    3. In the OAuth Access Token field, enter the Access Token that you noted in Getting an API access token from Salesforce.

    4. In the OAuth Refresh Token field, enter the Refresh Token that you noted in Getting an API access token from Salesforce.

    5. If you want to provision to Salesforce Communities, select Enable Communities.

    6. Under Provisioning Options, customize the provisioning connector behavior. Click Next.

      Learn more about Provisioning options reference.

    7. On the Manage Channels > Attribute Mapping tab, at the bottom of the attribute list, click Refresh Fields to get fields and specifications from your Salesforce site. Complete the attribute mappings by referring to Supported attributes reference.

      You can learn more in Managing channels in the PingFederate documentation.

      If you’re provisioning to Salesforce Communities, you must map attributes for any Salesforce fields that are required, including custom fields in users and contacts.

  6. On the Activation and Summary page, above the Summary section, note the SSO Application Endpoint.

    Use this value for the Identity Provider Login URL of the provider that you configured in Registering PingFederate as an SSO provider in Salesforce.

  7. Turn on the connection and then click Save.