This guide walks through the steps required to set up Single Sign On with Salesforce as the Identity Provider and GetAccept as the service provider. Once completed, your users should have the ability to log in to the GetAccept integration in Salesforce with one click, given that they will already be signed in to Salesforce.
Step 1: Enable Salesforce as the identity provider
The following steps explain how to setup Salesforce as the identity provider. More information on these steps can be found in Salesforce’s documentation here.
1. Navigate to Setup | Identity Provider. Enable Identity provider (if it is disabled)
2. Create a new certificate (if none currently exist)
3. Download certificate and save for use in a later step
Step 2: Create a connected app with SAML
The following steps explain how to create a connected app using SAML. This is based on Salesforce’s documentation which can be found here.
1. Navigate to Setup | App Manager and click on New Connected App.
2. Go through the steps of creating the connected app as follows:
The subject should be Federation ID, which is set to the email address used to log in to GetAccept
The Service Provider Entity Id should be:
https://app.getaccept.com/auth/saml/{entityId}/api/metadata.xmlThe Service provider ACS Url should be:
https://app.getaccept.com/auth/saml/{entityId}/api/acsName ID Format: emailAddress
IdP Certificate - the same as the one created in the previous step
3. Create the connected app, then click manage to see the details, which should look like the following:
Step 3: Set up SAML auth in GetAccept
1. In GetAccept, navigate to Settings | Integrations | Provisioning and SSO and click Connect SAML Authentication.
2. Fill in the SAML Authentication Form. It will require “SAML Login Information” from the created Connected app in the previous step and should look as follows:
Select the option “GetAccept platform and API or Integration
Enable SAML for all entities if you wish for this setup to work for all of your entities
Identity provider Issuer URL: Connected app - Issuer
SSO Login Redirect URL: Connected app - IdP-Initiated Login URL
Certificate: Paste in contents of previously downloaded IDP certificate
Step 4: Create permission set for managed connected app
1. Navigate to Setup | Permission sets and create a new permission set.
2. Once the permission set is created, assign the previously created Connected App to this perm set.
3. Finally assign all relevant users to this permission set.
Step 5: Enable SSO in setup section
1. In Salesforce, navigate to App launcher | GetAccept Admin | Setup | Basic settings.
2. On this page you will find the SSO Settings section near the bottom of this page. Add entity id to the SSO entity ID section and enable SSO.
3. Optionally enforce SSO so one can only log in as that user.
4. You can now navigate to the GetAccept integration and test the login with SSO.