< Back
You are here:

HOW TO CONFIGURE OCTOPUS AUTHENTICATION SERVICE FOR SALESFORCE

This page shows you how to add multifactor authentication to your Salesforce suite using the Octopus Authenticator to gain more control and security over how users log into your network.

  • Login to Octopus Authenticator Console
  • Select Services from the left pane
  • Select Add Service
  • Click Generic SAML service template

 


General Information

The following field and values are displayed

Fields name Fields Value
Service name Salesforce
Issuer Salesforce
Description
Service status Enable
Display icon
Login page URL <https://<Enterprise Base URL>/generic-saml/<No.>/login>

 

 


Parameters

The following field and values are displayed

Field name Field value
login Login method for Octopus Authenticator server
Name ID Salesforce login username
Method SSO binding method <POST or Redirect>
Assertion Consumer Service (ACS) URL Salesforce OAuth 2.0 Token Endpoint URL
 Audience  Salesforce SAML Entity ID URL
+ Add parameter Do not add any parameters

 


Sign On

The following fields and values are displayed

 

Field name Field value
Multi Factor Authentication (MFA) Off (default)
Sign-on Method SAML 2.0
X.509 Certificate  Octopus Authenticator Salesforce service’s X.509 Certificate
SAML signature algorithm SHA-1 (default)
Single Sign On (SSO) Off (default)
Issuer URL http://<Enterprise base URL>/generic-saml/<No.>
SAML 2.0 Endpoint (HTTP) http://<Enterprise base URL>/generic-saml/login
Custom message

Note: Secret Double Octopus recommendation is to leave the default field values as displayed.

 


Users

To configure the users of the service

  • Select users either from “Local Users” or “LDAP Users” lists
  • You can select either:
    • A group of users to import, by clicking on the dot next to one of the folders
    • An individual user to import, by clicking on the dot next to that user

The corresponding dot will then be colored blue. When you select only some of the users in the group, the dot adjacent to the group will be colored partially.

Following the SAVE SETTINGS approval, the selected users will be enrolled in the service

  • Click SAVE SETTINGS

 


Salesforce 3rd Party IdP Prerequisites

Salesforce 3rd Party IdP Prerequisites Octopus Authenticator Salesforce SAML Service Sign-On Metadata

To retrieve the Octopus Authenticator Salesforce service’s SAML Metadata, please login to the Octopus Authenticator Management Console:

  • Select “Services” from the left pane
  • Select Salesforce Generic SAML
  • At the “Sign On” tab click SAML Metadata button to download the SAML_Metadata (FederationMetada.xml) file

 


Setup SSO for Salesforce Using Octopus Authenticator Identity Provider

  • Login to your Salesforce Admin account

 

  • Under Home tab -> Toolbar, select Setup

 

 

  • From the Administrator left pane -> Expand Security Controls category -> Select Single Sign-on Settings

 

 

  • From the Single Sign-On Settings page -> Click “New from Metadata file” 

 

 

  • At the SAML Sigle Sign-On Settings page:
    • Choose Metadata file
    • Upload the Octopus Authenticator Salesforce Service’s Metadata (FederationMetadata.xml)
    • Click “Create”

 

 

Field name Field value
Name Octopus Authenticator Server Name
Sign-on Method SAML 2.0
Issuer Octopus Authenticator Issuer URL
Identity Provider Certificate Octopus Authenticator X.509 Certificate file
Request Signing Certificate SelfSignedCert_<dd_mmm_yyyy>_<mmddyy>
Request Signature Method RSA-SHA1
Assertion Decryption Certificate Assertion not encrypted
SAML Identity Type Assertion contains the User’s Salesforce username
SAML Identity Location Identity is in the Name Identifier element of the Subject statement
Service Provider Initiated Request Binding HTTP POST
Identity Provider Login URL  Octopus Authenticator SAML 2.0 Endpoint URL (https://<Enterprise base URL>/generic-saml/<No.>/login)
Identity Provider Logout URL Octopus Authenticator SAML 2.0 Endpoint Logout URL (https://<Enterprise base URL>/generic-saml/<No.>/login)
Custom Error URL Octopus Authenticator SAML 2.0 Endpoint Error URL (https://<Enterprise base URL>/generic-saml/<No.>/login)
Entity ID Octopus Authenticator Issuer URL (https://<Enterprise base URL>/generic-saml/<No.>/login)

 

  • Click ‘Save’

 


Octopus Authenticator Salesforce SAML Parameters Setup

To complete the Octopus Authenticator Salesforce SAML service integration, login to the Octopus Authenticator Management Console:

  • Select “Services” from the left pane
  • Select the Salesforce service
  • Go to “Parameters” tab:
    • Set the “ACS URL” with the created Salesforce OAuth 2.0 Token Endpoint URL
    • Set the “Audience” with the creates Salesforce Entity ID URL