This Integration Guide will walk through the steps required to activate Salesforce as a Service Provider within Access Gateway.

Access Gateway IDP Setup

Follow these instructions to prepare your Access Gateway Instance for IDP Setup and Configuration.

You must have an admin login for the Access Gateway Admin Console. You must have a properly configured Access Gateway instance.

Adding Local Auth Module

Once you verify that Access Gateway is up and functioning properly, begin by adding a Local Auth Module.

  1. In Settings tab, select Auth Modules.

  2. Click + and select Local Auth to add the module.

  3. Under the Accounts sub-heading, enter a User Name and Password.

  4. Under the Attributes section, be sure to enter the Salesforce User’s lastName and email.

    Click Okay.

    Note: It can be helpful to add a description to help end users when logging in to the Auth Module.

  5. After creating the Local Auth Module, click the Investigator Icon to simulate user access.

Adding Local SAML IDP

  1. Navigate to the Identity Providers tab.

  2. Click the + button and select Local SAML IDP.

  3. Enter a Name, host and Cookie domain for the for the Local SAML IDP.
    Note: Cookie domain must include host and host must be unique to the environment.

  4. Select Local from theDefault Auth Module drop down.

  5. Select email and Email Address as the app attributes for the Name Attribute and Name Attribute format fields.

  6. Click Okay.

Setup Salesforce as Service Provider

Salesforce Service Provider Initiated Setup

  1. Once you have configured the Local SAML IDP, click Download to view the metadata.

  2. Log in to your Salesforce Org and search for the Single-Sign-On settings.

  3. Enable Federated Single Sign-On Using SAML, if not already enabled.

  4. Click create New Entry from Metadata File.

  5. Upload your IDP Metadata File into Salesforce.

  6. On the SAML Single Sign-On Settings page, click Save.

    Salesforce will create a unique SSO Policy for your local IDP.

  7. click Download Metadata.

Adding SAML Remote Service Provider Application

  1. Return to Access Gateway Browser, click the Applications tab, and select + Add.

  2. Scroll down, select the SAML Remote Service Provider App, and click Create.

  3. In the Settings tab under Label, name your Remote SAML App.

  4. Open the Salesforce Metadata File you previously downloaded in a text editor.

  5. Copy the Salesforce Metadata from the text editor, and click Register SP Metadata.

  6. Paste the Salesforce Metadata into the SAML Upload Wizard, and click Validate.

  7. Click Done.

  8. In the Attributes Tab, select Email Address for the Name ID Format, and select email for the Value.

  9. Click Okay, and then Click Done.

  10. Once completed, you can test the Salesforce Integration via the Topology Tab.


Add the local IDP Host name in the Management Console

In order to verify the Local IDP Hostname, you must add it in the Management Console.

  1. Start the Access Gateway VM and open a terminal window. The default credentials for the Management Console are listed below.

    Username: oag-mgmt
    Password: "default password"
  2. In the Management Console, Press 1 to enter Network Settings.

  3. Press 4 to navigate to Edit /etc/hosts

  4. Click Add Entry and enter the IP Address and Hostname of your local IDP.

  5. Press C to commit these changes to /etc/hosts Editor.

  6. Press R to Restart the Network.

  7. Return to the browser to finish the IDP Integration.