You are here:
< Back

This page shows you how to add multifactor authentication to your Salesforce suite using the Octopus Authenticator to gain more control and security over how users log into your network.

  • Login to Octopus Authenticator Console
  • Select Services from the left pane
  • Select Add Service
  • Click Generic SAML service template


General Information

The following field and values are displayed

Fields nameFields Value
Service nameSalesforce
Issuer Salesforce
Service status Enable
Display icon
Login page URL<https://<Enterprise Base URL>/generic-saml/<No.>/login>




The following field and values are displayed

Field nameField value
loginLogin method for Octopus Authenticator server
Name IDSalesforce login username
MethodSSO binding method <POST or Redirect>
Assertion Consumer Service (ACS) URLSalesforce OAuth 2.0 Token Endpoint URL
 Audience Salesforce SAML Entity ID URL
+ Add parameterDo not add any parameters


Sign On

The following fields and values are displayed


Field nameField value
Multi Factor Authentication (MFA) Off (default)
Sign-on Method SAML 2.0
X.509 Certificate Octopus Authenticator Salesforce service’s X.509 Certificate
SAML signature algorithm SHA-1 (default)
Single Sign On (SSO) Off (default)
Issuer URL http://<Enterprise base URL>/generic-saml/<No.>
SAML 2.0 Endpoint (HTTP)http://<Enterprise base URL>/generic-saml/login
Custom message

Note: Secret Double Octopus recommendation is to leave the default field values as displayed.



To configure the users of the service

  • Select users either from “Local Users” or “LDAP Users” lists
  • You can select either:
    • A group of users to import, by clicking on the dot next to one of the folders
    • An individual user to import, by clicking on the dot next to that user

The corresponding dot will then be colored blue. When you select only some of the users in the group, the dot adjacent to the group will be colored partially.

Following the SAVE SETTINGS approval, the selected users will be enrolled in the service



Salesforce 3rd Party IdP Prerequisites

Salesforce 3rd Party IdP Prerequisites Octopus Authenticator Salesforce SAML Service Sign-On Metadata

To retrieve the Octopus Authenticator Salesforce service’s SAML Metadata, please login to the Octopus Authenticator Management Console:

  • Select “Services” from the left pane
  • Select Salesforce Generic SAML
  • At the “Sign On” tab click SAML Metadata button to download the SAML_Metadata (FederationMetada.xml) file


Setup SSO for Salesforce Using Octopus Authenticator Identity Provider

  • Login to your Salesforce Admin account


  • Under Home tab -> Toolbar, select Setup



  • From the Administrator left pane -> Expand Security Controls category -> Select Single Sign-on Settings



  • From the Single Sign-On Settings page -> Click “New from Metadata file” 



  • At the SAML Sigle Sign-On Settings page:
    • Choose Metadata file
    • Upload the Octopus Authenticator Salesforce Service’s Metadata (FederationMetadata.xml)
    • Click “Create”



Field nameField value
Name Octopus Authenticator Server Name
Sign-on Method SAML 2.0
Issuer Octopus Authenticator Issuer URL
Identity Provider CertificateOctopus Authenticator X.509 Certificate file
Request Signing Certificate SelfSignedCert_<dd_mmm_yyyy>_<mmddyy>
Request Signature MethodRSA-SHA1
Assertion Decryption CertificateAssertion not encrypted
SAML Identity TypeAssertion contains the User’s Salesforce username
SAML Identity LocationIdentity is in the Name Identifier element of the Subject statement
Service Provider Initiated Request BindingHTTP POST
Identity Provider Login URL  Octopus Authenticator SAML 2.0 Endpoint URL (https://<Enterprise base URL>/generic-saml/<No.>/login)
Identity Provider Logout URLOctopus Authenticator SAML 2.0 Endpoint Logout URL (https://<Enterprise base URL>/generic-saml/<No.>/login)
Custom Error URLOctopus Authenticator SAML 2.0 Endpoint Error URL (https://<Enterprise base URL>/generic-saml/<No.>/login)
Entity IDOctopus Authenticator Issuer URL (https://<Enterprise base URL>/generic-saml/<No.>/login)


  • Click ‘Save’


Octopus Authenticator Salesforce SAML Parameters Setup

To complete the Octopus Authenticator Salesforce SAML service integration, login to the Octopus Authenticator Management Console:

  • Select “Services” from the left pane
  • Select the Salesforce service
  • Go to “Parameters” tab:
    • Set the “ACS URL” with the created Salesforce OAuth 2.0 Token Endpoint URL
    • Set the “Audience” with the creates Salesforce Entity ID URL