Add the Salesforce application your PingOne for Enterprise Dock from the application catalog.
- In the PingOne for Enterprise admin console, go to .
- Optional: In the Search field, search for the application.
- Click the Salesforce application line to expand it, and then and click Setup.
- On the SSO Instructions tab, click Download to download the signing certificate.
- In a separate tab or window, sign on to the Salesforce admin portal.
- In Salesforce, go to .
- Select the SAML Enabled check box.
- In the Name field, enter a name for the connection to PingOne.
- In the Issuer field, enter the Issuer value from PingOne.
- On the Identity Provider Certificate line, click Browse to upload the signing certificate you downloaded in step 4.
- From the SAML Identity Type list, select Assertion contains User's salesforce.com username.
- From the SAML Identity Location list, select Identity is in the NameIdentifier element of the Subject Statement.
- In the API Name field, enter a unique name for the API.
In the Entity ID field, enter
If you have a Salesforce.com My Domain URL, you can enter it into this field instead.
- Optional: In the Identity Provier Login URL, enter https://sso.connect.pingidentity.com/sso/idp/SSO.saml2?idpid=<IdP ID>, replacing <IdP ID> with the IdP ID value from PingOne.
- Optional: In the Identity provider Logout URL field, enter https://sso.connect.pingidentity.com/sso/terminatesession.aspx?page=https://www.salesforce.com.
In the Custom Error URL, enter a URL to redirect users
to when an error occurs.
If your identity bridge is AD Connect with IIS, you can enter https://<AD Connect IIS Server URL>/ADconnect/error.aspx.
Keep the Salesforce tab open, as you will need values from it for the next steps.