The guide takes you through the steps to setup Single Sign On between Salesforce and CustomerGauge



In Salesforce

  1. Salesforce domain
    To enable Salesforce as identity provider you need to have Salesforce domain, please create the domain before you proceed with the next steps
    • Find it here: Setup --> Security Controls --> Identity Provider

  2. x509 certificate
    You need to create a self-signed x509 certificate inside your Salesforce account. This certificate is used to secure the metadata sharing between Salesforce and CustomerGauge
    • Find it here: Setup --> Security Controls --> Certificate and Key Management
    • Click on the button "Create Self-Signed Certificate" and enter the following details
      • Label: CustomerGaugeSSOCertificate
      • Unique Name: CustomerGaugeSSOCertificate
      • Exportable private key: Yes
      • Key Size: 2048

    • Download the certificate

  3. Permission Sets
    In order to limit the Single-Sign-On only to part of your organization or to specific users, you will need to create a dedicated permission set and assign users you would like to benefit from this feature to it.
    • Find it here: Setup --> Manage Users --> Permission Sets
    • Click on the "New" button and enter following details
      • Label: CustomerGaugeSSO
      • API Name: CustomerGaugeSSO
    • To assign user to that permission sets, click  the "Manage Assignments" button you find on the top

  4. Enable Identity Provider
    • Find it here: Setup --> Security Controls --> Identity Provider
    • Click the button "Enable Identity Provider"

    • Select CustomerGaugeSSO certificate from the drop down

    • Save


  5. Connected Apps
    • Find it here: Setup --> Security Controls --> Identity Provider
    • In the Service Provider section, you will find the following link "Service Providers are now created via Connected Apps. Click here.", click on the link and enter the following details
      • Basic Information
        • Connected App Name: you can put any name that you wish
      • Webapp Settings
        • Enable SAML: Yes
        • Entity ID: Login to your CustomerGauge platform and go to the SingleSignOn Manager. Enable the SSO if it has not been enabled before and copy the Entity ID information you find there. Remember to remove the trailing slash from the URL when you paste it into your Salesforce

        • ACS URL: Login to your CustomerGauge platform and go to the SingleSignOn Manager. Enable SSO if it has not been enabled and copy the Assertion Consumer Service URL information you find there. Remember to remove the trailing slash from the URL when you paste it into your Salesforce

        • Subject type: Username

        • Name ID Format: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent

        • IdP certificate: CustomerGaugeSSOCertificate

        • Save

  6. Give permission to the Connected App
    In Setup->Build->Create->Apps, at the bottom in the Connected Apps section, find the connected app that you created and click on "Manage" under the "Permission Sets" section. Click "Manage Permission Sets" and mark the checkbox against CustomerGaugeSSO (the name given to the Permission Set in step 3).

  7. Identity Provider Metadata

    You will need to download the metadata file of the identity provider for later use


  8. Custom Attributes
    For a solid SSO integration between Salesforce and CustomerGauge we require some Custom Attributes to be set in the Connected App used for the CG integration. Below is the required attributes list:
    Attribute Key 
    		Atribute Value
    salesforce_organization_name (required)    
    		$Organization.Name
    This is essential for the integration to work. For security reasons, we will always cross check that each Salesforce user attempting to log in CustomerGauge will be connected to your Salesforce Organization Name
    salesforce_organization_id (required)    
    		$Organization.Id
    This is essential for the integration to work. For security reasons we will always cross check that each Salesforce user attempting to log in CustomerGauge will be connected to your Salesforce Organization ID
    customergauge_user_role
    		$User.{{custom_field_api_name}} e.g., $User.customergauge_user_role__c                                                        
    If you would like to define the CustomerGauge User Role from your Salesforce, you can use this attribute. To use this attribute, you need to create a custom field inside your User object
    1. Start by visiting Setup --> Customize --> Users --> Fields
    2. Click the "New" button on the "User Custom Fields" section
      1. Select text as the data type
      2. Field label: any label that you want to use, for the purpose of this guide we will use CustomerGauge User Role
      3. Length: 20
      4. Field Name: Leave it to default (Salesforce will create it for you)
      5. Save


    For each user that is included in the permission sets, you can specify their CustomerGauge role. The accepted role is as follows:

    • WorkflowUser
    • User
    • Admin

    This is not a mandatory field. If it is not set or CustomerGauge can not recognize the role, we will set the user's role as "User".

    salesforce_user_division
    		$User.Department
    It is particularly useful in case you have a hierarchy setup in CG.
    We will use this attribute to link the user to a specific division or department.
    salesforce_user_firstname
    		$User.FirstName
    salesforce_user_lastname    
    		$User.LastName        
    salesforce_user_country    
    		$User.Country
    salesforce_user_telephone    
    		$User.Phone



CustomerGauge

1. Go to the Single Sign-On Manager inside the CustomerGauge platform, it will be under the Setup Menu. If the SSO is disabled, please enable it first.



2. In the Identity Provider Configuration, please enter the following details

  • Entity ID: Copy the entity ID from the information you get in the CustomerGauge Service Provider Configuration section (please include the trailing slash)
  • Identity Provider: Salesforce
  • Single Sign On Service URL
    • Open the metadata file that you downloaded from the Salesforce (step 6 in the Salesforce section) in a text editor
    • Copy the location URL for the SingleSIgnOnService HttpRedirect

  • Certificate
    • Open the certificate file that you downloaded from the Salesforce in a text editor (step 2 in the Salesforce section)
    • Copy the content and paste it.

  • Certificate fingerprint
    • Go to this website https://www.samltool.com/fingerprint.php
    • Paste the certificate content to the X.509 CERT field, with -----BEGIN CERTIFICATE----- on the line above the certificate, and -----END CERTIFICATE----- on the line below the certificate
    • Chose sha-1 or sha-256 as the algorithm
    • Calculate the fingerprint
    • Copy the formatted fingerprint result
    • Paste it
  • Certificate fingerprint algorithm: sha-1 or sha-256
  • Saleforce Organization ID
    • From inside your Salesforce account, go to Setup → Company Profile → Company Information
    • Copy your organization ID
  • Save


Congratulations, now you can use Salesforce credentials to login to your CustomerGauge account.