Versions Compared

Old Version 1

changes.mady.by.user Adam Darwin

Saved on

compared with

New Version Current

changes.mady.by.user Adam Darwin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Sign into Saleforce console

Image Added

Click the Setup icon on the top-right corner, then select Setup

Image Added

Create a New Permission Set for STS

Expand

Navigate to ADMINISTRATION | Users | Permission Sets 

Image Added

Click the New button

Image Added

Enter the Lebel and API Name

Click Save to create this new permission set

Image Added

Click the newly created permission set, e.g. SafeID Token Service

Image Added

Scroll down to the System section

Image Added

Click the System Permissions link

Image Added

Click the Edit button

Image Added

Scroll down until you see the option "Manage Multi-Factor Authentication in API"

Image Added

Enable the option "Manage Multi-Factor Authentication in API" and "Manage Multi-Factor Authentication in User Interface"

Image Added

Scroll up to the top

Image Added

Click the "Save" button to save the settings.

Create the Access User for STS

Expand

Navigate to ADMINISTRATION | Users | Users

Image Added

Click New User

Image Added

Fill out the new user's properties, and make sure the User License must be set as Salesforce

Click Save to create the new user

You will receive an email from Saleforce

Image Added

Click Verify Account to verify your account and set the password of the account

Assign the STS permission set to the STS access user

Expand

In the Salesforce console, navigate to ADMINISTRATION | Users | Users

Image Added

Click the newly created user account, e.g. API

Image Added

Click "Permission Set Assignments

Image Added

Click "Edit Assignments"

Image Added

Select the permission set you created earlier for STS, e.g. SafeID Token Service

Image Added

Click the Save button to save the settings

If you get an error at this time, then make sure the user has a license that allows the Permission Set to be assigned

Create a new App for STS

Expand

Navigate to PLATFORM TOOLS | Apps | App Manager 

Image Added

Click "New Connected App"

Image Added

Fill in App Name, API Name and Contact Email

Enable the option "Enable OAuth Settings"

Add “Access the identity URL service" and "Manage User data via APIs” in the selected OAuth Scopes section.

Click the Save button to create this new app

Image Added

Click Continue

Image Added

Once you’ve been redirected to the page for the App you just created take a copy of the Consumer Key and also Consumer Secret in the API section.

Configure IP Relaxation for STS

Expand

To allow the STS server to communicate with Salesforce, you either need to set the IP relaxation to “Relax IP Restrictions” or add the IP range of the Azure servers to your security settings.

To change the IP Relaxation follow the directions below.

Navigate to PLATFORM TOOLS | Apps | Connected Apps | Manage Connect Apps

Image Added

Click Edit against the STS app

Image Added

You can select "Relax IP restrictions", or "Enforce IP restrictions"

If you select Enforce IP restrictions, then you must add the IP address range of Azure servers to the trusted IP list

Navigate to SETTINGS | Security | Network Access

Image Added

Click New to create a new set of trusted IP ranges

Image Added