We assume you have already set-up Salesforce as your Identity Provider, have created an Identify Provider Certificate and have a working knowledge of Salesforce.
1 – Login to your Salesforce administration website.
2 – Navigate to your App Manager (Platform Tools/Apps/App Manager) and create a ‘New Connected App’.
3 – Complete the ‘Connected App Name’ and ‘API Name’ fields (e.g. Tribal Habits) and the contact email field (your Tribal Habits administrator). Under Web App Settings, check the Enable SAML box.
4 – Login to your Tribal Habits platform, switch to Admin view. Go to the Account area and select Configure SAML. Copy your Single Sign On URL from the panel on the right. It will look like https://myorg.tribalhabits.com/saml/auth or similar.
5 – Return to the Connect App set up in Salesforce and…
- Paste the Tribal Habits URL into the ‘Start URL’, ‘Identity ID’ and ‘ACS URL’ fields as below.
- For ‘Name ID Format’ select ‘SAML 2.0 format:persistent” or similar.
- For ‘IdP Certificate’ select the required certificate (created when you established Salesforce as an Identity Provider).
6 – Select Save to create the Connect App.Select the Manage Connect Apps option from the menu (Platform Tools/Apps/Connected Apps/Manage Connected Apps) and select this connected app. Scroll to the end of that page to Custom Attributes.
7 - Create three new custom attributes for first name, last name, username and email. Note that the correct case of each letter is important.
- Key: FirstName. Attribute: $User:FirstName
- Key: LastName. Attribute: $User:LastName
- Key: Email. Attribute: $User:Email
8 – Scroll back to the top of the Connect App page and selected Edit Policies. At the bottom of that page, check ‘Enable User Provisioning’ and save.
9 – Return to the Configure SAML page in Tribal Habits and…
- Check the box to ‘Enable’ SAML.
- Paste your Salesforce URL into the ‘Identity Provider Entity ID’ field (e.g. https//myorg.my.salesforce.com).
- Paste the SP-Initiated Redirect Endpoint URL (from your Connect App) into the ‘Identity Provider SSO URL’ field (e.g. https://myorg.my.salesforce.com/idp/endpoint/HttpRedirect).
- Paste your IdP certificate, including the BEGIN and END certificate notes, into the ‘Identity Provider x.509 Certificate’ field (download your IdP certificate from Salesforce and open in Notepad or similar to obtain it).
10 – Select Update SAML Configuration.
At this point your SAML set-up is complete. Once you assign Profiles to your Tribal Habits connected app in Salesforce, your users can access the app from the App launch and will be logged directly into Tribal Habits.
If you need to troubleshoot your SAML settings, but cannot access your portal any longer, you can login with your Tribal Habits user details at yourorganisation.tribalhabits.com/accounts/sign_in_without_sso