This article describes how to configure OneLogin to provide single sign-on (SSO) for your Salesforce users using SAML.
For an overview, check out this video training series:
Starting in the OneLogin admin dashboard portal, do the following:
The URL will take the form of https://login.salesforce.com?so=<Your Organization ID>. If you are unsure of your Salesforce Organization ID, go to Company Profile > Company Information within Salesforce to find it.
To set up an API for Salesforce, please see Provisioning for Salesforce.
In the next task, you'll input the Issuer URL, SAML Endpoint, and X.509 Certificate into Salesforce to confirm the SAML SSO connection.
Starting in the Salesforce admin dashboard, do the following:
With OneLogin and Salesforce setup complete, OneLogin and Salesforce are connected through SAML.
Troubleshooting an Email Mismatch
In some cases, the Salesforce account admin email may not match the OneLogin admin email. This can be remedied by doing the following:
Here you may overwrite the default fields for your Salesforce login and insert the correct information to match your OneLogin credentials with your Salesforce credentials.
By default, a user is authenticated in Salesforce using the email address she is registered with in OneLogin. However, in some cases it is not practical or even possible to use the email address as the user ID. For example, the user mght have access to multiple Salesforce accounts.
You can specify another ID for a user by editing the user's login record in OneLogin. Go to Users > All Users and select the relevant Salesforce-associated user to edit the user's login record.
If you click on a Salesforce link in an email you will be taken directly to the requested page in Salesforce. If you are not logged into OneLogin, the link will be followed upon successful authentication. Note that this will not work until Salesforce has successfully set a cookie in your browser, typically after the first successful log in.