Salesforce Configuration [SF]

Setup Domain

1. Log into the SalesForce Console, i.e. “https://login.salesforce.com”
   
   
2. Click the “Setup” icon, Expand “Settings\Company Settings” and click “My Domain”
3. 
   
   
   
4. Follow the steps and deploy the new domain to your organization
   
   

Configure Single Sign-On Service

1. Click “Setup” icon, Expand “Identity” and click “Single Sign-On Settings”
   
   
   
   
2. Turn on the “SAML Enabled” option
   
   
   
3. Click “New”
   
   
   
   
4. In “Name” and "API Name", enter the name of your DualShield SSO server, e.g. "DualShield"
5. In "Issuer", enter the EntityID for your DualShield IdP. By default, this is the FQDN of your DualShield, e.g. “https://dualshield.opensid.net”
6. In "Entity ID", enter your SalesForce's FQDN, e.g. "https://deepnet.my.salesforce.com". This will be used as the SP's EntityID of your SaleForce.
7. In "Identity Provider Certificate", click “Choose file” to upload your DualShield IdP certificate that you downloaded in the previous step.
8. In SAML Identity Type, select “Assertion contains the User’s Salesforce username” 
9. SAML Identity Location, select “Identity is in the Name Identifier element of the Subject statement” 

10. In "Identity Provider Login URL", enter the Login URL of your DualShield SSO, e.g. “https://dualshield.opensid.net:8074/appsso/login”

    If your DualShield's version is 5.9.4 or earlier, then you need to append the application name to the end of the Login URL, e.g.

    https://dualshield.opensid.net:8074/appsso/login?DASApplicationName=SalesForceSAML

    The value of the DASApplicationName is the name of the web application that created on DualShield Management Console for SalesForce SAML

11. In "Identity Provider Logout URL" enter the Logout URL of your DualShield SSO, e.g.  “https://dualshield.deepnetid.com:8074/appsso/logout”

12. In "Service Provider Initiated Request Binding", select "HTTP Redirect"

13. Click "Save"

    

    
    

Download the Metadata 

Click "Download Metadata" and save it to a local file, e.g. Salesforce.xml

Configure Authentication Service

1. Click “Setup” icon, Expand “Company Settings” and click “My Domain”
   
   
   
2. Scroll down to the "Authentication Configuration" section
   
3. Click “Edit”
   
   
   
   

4. In "Authenticatrion Service", turn on the newly created single sign-on service, i.e. “DualShield”
   
   

   The "Login Form" service is the SalesForce's original login form. Once you have fully tested the new SSO logon service with 2FA enabled, e.g. "DualShield" you will want to turn off the "Login Form" option.

5. Click "Save"