How to set up Single Sign-On with Salesforce

This article outlines the steps required to set up Single Sign-On [SSO] with Salesforce authentication.  Users can then use Salesforce authentication to access the Spoke Phone mobile app, desktop app and account portal.

You will need to have an account with admin access to Salesforce to complete this configuration.

Contents

Setup Salesforce Identity Provider

Create and configure a Salesforce Connected App

Assign users to the Salesforce Connected App

Complete your Spoke Phone SSO configuration

User Provisioning

 

Setup Salesforce Identity Provider

The first step is to set up a self-signed certificate in salesforce to enable salesforce as an Identity Provider for Spoke Phone SSO.

  1. Navigate to Setup > Settings > Security > Certificate and Key Management

  2. Click Create Self-Signed Certificate

    2021-08-11_16_36_42-SSO.png

  3. Complete the Certificate and Key Edit fields as follows:
    Label =  
    salesforceSSO

    Unique Name  =  
    salesforceSSO

    Key Size 2048

  4. Ensure the Exportable Private Key is ticked and click Save

    2021-08-11_16_37_54-SSO.png

  5. Navigate to Setup > Settings > Identity > Identity Provider and choose Enable Identity Provider

    2021-08-11_16_39_25-SSO.png

  6. In the Identity Provider Setup screen choose SalesforceSSO in the dropdown and click Save

    2021-08-11_16_39_41-SSO.png

Create and configure a Salesforce Connected App

  1. Navigate to Setup > Administration > Apps > App Manager and select New Connected App 

    2021-08-11_16_40_53-SSO.png

  2. In the New Connected App screen complete the Basic Information section as follows:

    2021-08-11_16_41_52-SSO.png

  3. Still within the New Connected App screen complete the Web App Settings section as follows:

    Entity ID =  
    urn:amazon:cognito:sp:us-east-1_QElIJGlYT

    ACS URL =  
    https://sso.spokephone.com/saml2/idpresponse

    SubjectType = Select the option Username

    Name ID Format = Select the option emailAddress




    2021-08-13_10_45_49-SSO.png

  4. Click Save at the bottom of the screen

  5. You should now be in Setup > Apps > Connected Apps > Manage Connected Apps > Spoke Phone screen 

  6. Scroll to the bottom of this page and click New in the Custom Attributes section
    Attribute Key=  
    firstname

    Attribute Value =  Select Insert Field and choose User > First Name and click Insert

  7. Click Save
  8. Click New in the Custom Attributes section
    Attribute Key=  
    lastname

    Attribute Value =  Select Insert Field and choose User > Last Name and click Insert

  9. Click Save and check you have the following completed

    2021-08-13_10_49_52-SSO.png

  10. You should still be in Setup > Apps > Connected Apps > Manage Connected Apps > Spoke Phone screen 
  11. Find and select the button Download Metadata and save the file locally

    2021-08-13_13_08_50-SSO.png

Assign users to the Salesforce Connected App

  1. Navigate to Setup > Administration > Users > Profiles

  2. Select Edit against a profile that you wish to be enabled for Spoke Phone SSO

  3. Tick the Spoke Phone option in the Connected App Access section and then choose Save

    2021-08-13_13_04_12-SSO.png

Complete your Spoke Phone SSO configuration

  1. Go to your Spoke Phone account portal online and login

  2. Navigate to Other > Advanced and select the SINGLE SIGN-ON tab at the top of the Advanced page

  3. Enter in a Company Name and select Check availability

  4. Select Upload and choose the file (e.g.) SAMLIdP-xxxxx000000xxxx.xml you saved earlier

  5. Complete the SAML Response Mapping in the Spoke Phone Account Portal as follows:
    Email =  
    email

    First Name =  
    firstname

    Last Name =  
    lastname

User Provisioning

Currently, Spoke Phone SSO does not auto-provision users.  You will need to ensure you have created the users in the Spoke Phone Account portal with the matching email addresses in your Identity Provider.

TIP: You can download a list of salesforce users, manipulate the file and then easily upload users directly into the Spoke Account portal. 

 

Was this article helpful?
0 out of 0 found this helpful