The guide takes you through the steps to setup Single Sign On between Salesforce and CustomerGauge
In Salesforce
- Salesforce domain
To enable Salesforce as identity provider you need to have Salesforce domain, please create the domain before you proceed with the next steps- Find it here: Setup --> Security Controls --> Identity Provider
- Find it here: Setup --> Security Controls --> Identity Provider
- x509 certificate
You need to create a self-signed x509 certificate inside your Salesforce account. This certificate is used to secure the metadata sharing between Salesforce and CustomerGauge- Find it here: Setup --> Security Controls --> Certificate and Key Management
- Click on the button "Create Self-Signed Certificate" and enter the following details
- Label: CustomerGaugeSSOCertificate
- Unique Name: CustomerGaugeSSOCertificate
- Exportable private key: Yes
- Key Size: 2048
- Download the certificate
- Permission Sets
In order to limit the Single-Sign-On only to part of your organization or to specific users, you will need to create a dedicated permission set and assign users you would like to benefit from this feature to it.- Find it here: Setup --> Manage Users --> Permission Sets
- Click on the "New" button and enter following details
- Label: CustomerGaugeSSO
- API Name: CustomerGaugeSSO
- To assign user to that permission sets, click the "Manage Assignments" button you find on the top
- Enable Identity Provider
- Find it here: Setup --> Security Controls --> Identity Provider
- Click the button "Enable Identity Provider"
- Select CustomerGaugeSSO certificate from the drop down
Save
- Connected Apps
- Find it here: Setup --> Security Controls --> Identity Provider
- In the Service Provider section, you will find the following link "Service Providers are now created via Connected Apps. Click here.", click on the link and enter the following details
- Basic Information
- Connected App Name: you can put any name that you wish
- Webapp Settings
- Enable SAML: Yes
- Entity ID: Login to your CustomerGauge platform and go to the SingleSignOn Manager. Enable the SSO if it has not been enabled before and copy the Entity ID information you find there. Remember to remove the trailing slash from the URL when you paste it into your Salesforce
ACS URL: Login to your CustomerGauge platform and go to the SingleSignOn Manager. Enable SSO if it has not been enabled and copy the Assertion Consumer Service URL information you find there. Remember to remove the trailing slash from the URL when you paste it into your Salesforce
Subject type: Username
Name ID Format: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
IdP certificate: CustomerGaugeSSOCertificate
Save
- Basic Information
Identity Provider Metadata
You will need to download the metadata file of the identity provider for later use
- Custom Attributes
For a solid SSO integration between Salesforce and CustomerGauge we require some Custom Attributes to be set in the Connected App used for the CG integration. Below is the required attributes list:Attribute Key Atribute Value salesforce_organization_name (required) $Organization.Name It is essential for the integration to work. For security reasons, we will always cross check that each Salesforce user attempting to log in CustomerGauge will be connected to your Salesforce Organization Name salesforce_organization_id (required) $Organization.Id It is essential for the integration to work. For security reasons we will always cross check that each Salesforce user attempting to log in CustomerGauge will be connected to your Salesforce Organization ID customergauge_user_role $User.{{custom_field_api_name}} e.g., $User.customergauge_user_role__c If you would like to define the CustomerGauge User Role from your Salesforce, you can use this attribute. To use this attribute, you need to create a custom field inside your User object - Start by visiting Setup --> Customize --> Users --> Fields
- Click the "New" button on the "User Custom Fields" section
- Select text as the data type
- Field label: any label that you want to use, for the purpose of this guide we will use CustomerGauge User Role
- Length: 20
- Field Name: Leave it to default (Salesforce will create it for you)
- Save
For each user that is included in the permission sets, you can specify their CustomerGauge role. The accepted role is as follows:
- WorkflowUser
- User
- Admin
This is not a mandatory field. If it is not set or CustomerGauge can not recognize the role, we will set the user's role as "User".
salesforce_user_division $User.Department It is particularly useful in case you have a hierarchy setup in CG.
We will use this attribute to link the user to a specific division or department.salesforce_user_firstname $User.FirstName salesforce_user_lastname $User.LastName salesforce_user_country $User.Country salesforce_user_telephone $User.Phone
CustomerGauge
1. Go to the Single Sign-On Manager inside the CustomerGauge platform, it will be under the Setup Menu. If the SSO is disabled, please enable it first.
2. In the Identity Provider Configuration, please enter the following details
- Entity ID: Copy the entity ID from the information you get in the CustomerGauge Sevice Provider Configuration section (please include the trailing slash)
- Identity Provider: Salesforce
- Single Sign On Service URL
- Open the metadata file that you downloaded from the Salesforce (step 6 in the Salesforce section) in a text editor
- Copy the location URL for the SingleSIgnOnService HttpRedirect
- Certificate
- Open the certificate file that you downloaded from the Salesforce in a text editor (step 2 in the Salesforce section)
- Copy the content and paste it.
- Certificate fingerprint
- Go to this website https://www.samltool.com/fingerprint.php
- Paste the certificate content to the X.509 CERT field, with -----BEGIN CERTIFICATE----- on the line above the certificate, and -----END CERTIFICATE----- on the line below the certificate
- Chose sha-1 or sha-256 as the algorithm
- Calculate the fingerprint
- Copy the formatted fingerprint result
- Paste it
- Certificate fingerprint algorithm: sha-1 or sha-256
- Saleforce Organization ID
- From inside your Salesforce account, go to Setup → Company Profile → Company Information
- Copy your organization ID
- Save
Congratulations, now you can use Salesforce credentials to login to your CustomerGauge account.