SAML Single Sign On Setup Guides for SAML SSO Salesforce Current: SalesForce With Manual Provisioning SalesForce With Manual Provisioning GoalAfter completing this setup guide, you will have a setup for SalesForce as Identity Provider and your Atlassian product for the SAML SSO app. Additionally, you will enable the SSO redirection and test SSO.PrerequisitesTo use the SAML SSO app with SalesForce, you need the following:A SalesForce admin accountA (trial) subscription for the SAML SSO appAdmin access to your Atlassian productStep-By-Step Setup GuideInstall The SAML SSO AppIn your Atlassian product, open the in-product marketplace as described in the Atlassian documentation. Search for "resolution saml" and click "Install" for SAML Single Sign On (SSO) by resolution Reichert Network Solutions GmbH. After the installation is complete, click on Manage, then choose Configure. Now, you are on the Add-on/app configuration page, and the first step of the setup wizard will appear.First Steps - WizardAfter you click "Configure", the Wizard will be triggered. If not, or if you want to add another Identity Prover (IdP) to your existing configuration, click on "+ Add IdP". This guide assumes, that there is no IdP configured.The Wizard greets you with information, click on "Add new IdP" to proceed.For the IdP Type, choose "Salesforce.com". You can also choose a name. Click on "Next" to continue.In the next step, you will configure SalesForce Identity Provider. Please keep this tab open or copy the information.Configure SalesForce as IdP For SAML SSOCreating A DomainNavigate to My Domain page under the Company Settings section in the left panel.For Step 1, write down your domain name, and click on Check Availability to validate that it's available. Then click on Register Domain.You should see your domain name in Step 2, after which you should wait for the domain to be registered.In Step 3, click on Deploy Domain button, which would take you to the final Step 4, having the domain deployed to users.Configure The Identity ProviderNavigate to Identity Provider page under the Identity section in the left panel, and click on Enable Identity Provider button.Configure The Service Provider / Connected AppAfter enabling the Identity Provider, you can click on "Service Providers are now created via Connected Apps. Click here." link on the same page to proceed.Alternatively, navigate to the App Manager page under the User Interface section from the left panel, then click on New Connected App button on the top right.Fill in the below details un the Basic Information section:Connected App NameAPI NameContact EmailFill in the below details under the Web App Settings section:Entity Id: use the URL from the plugin configuration wizard - https://<baseURL>/plugins/servlet/samlssoACS URL: use the URL from the plugin configuration wizard - https://<baseURL>/plugins/servlet/samlssoName ID Format: choose "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" from the dropdown listIssuer: use your domain that you have created on SalesForceIdP Certificate: choose your certificateThen Save your settings.Navigate to the App Manager page under the User Interface section from the left panel.For the Connected App that you've just created, click on the arrow button on the right, and click on Manage.Scroll down to the Profiles section, and click on Manage Profiles button to add the desired profiles that you need to give access through the Connected App.Below is an example.Get IdP Metadata URLNavigate to Identity Provider page under the Identity section in the left panel, and copy the link of the Salesforce Identity, since we are going to use it in the plugin configuration.The configuration in SalesForce is now finished. In the next step, we will finish the configuration in the SAML SSO wizard.Finishing The Configuration - WizardNow, paste the Salesforce Identity Metadata XML link that you have obtained before, in the Metadata URL field.Click on Import, then Next.Click on Next.For the User Update Method, leave it in "No User update" option as per the default.Click on Save & Next button.Testing SSOThe wizard also allows testing the Single Sign On. Just follow the steps to test if the login works as expected.Click on "Start test" to proceed.Copy the red marked link, and open a new incognito/private tab or a different web browser. Then, paste the link and navigate to it. You will now be redirected to SalesForce's login page. Please log-in with your username and password.If everything works fine, you will be logged in into your Atlassian product. In the other tab/browser in which you were configuring the SAML SSO plugin, you can also see the "SUCCESS" status. Click Next to proceed.SSO RedirectionAs a last step, you can set the Enable SSO Redirect option. If set, all users will be redirected to Single Sign On, thus they will be logged in via the IdP. Click on Save & Close to finish the configuration.