×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')

Note

 

This documentation supports the 20.20.02 version of BMC Helix Remedyforce.

To view an earlier version, select the version from the Product version menu.

BMC Helix Remedyforce 20.20.02 ... Administering BMC Remedyforce and Single Sign-On Configuring Single Sign-On Configuring Single Sign-On using OneLogin

Federated Single Sign-On using OneLogin

Federated SSO configuration using OneLogin requires performing the following:

Getting the Salesforce Organization ID

To get the Salesforce Organization ID, use one of the following methods:

  1. From the Getting Started tab:
    1. Go to the Getting  Started tab.
    2. Under the Enhance BMC Helix Remedyforce Performance section, note the Salesforce Organization ID.
  2. From the Setup option:
    1. Click Setup. A left pane displaying various sections appears.

    2. In the Administer section, expand Company Profile and click Company Information. The Company Information page displaying the Salesforce Organization ID appears.
      The following image shows the Company Information page displaying the Salesforce Organization ID.

Note

The Salesforce Organization ID is required while configuring the Identity Provider (OneLogin).

Configuring the Identity Provider (OneLogin)

Notes

  • For OneLogin credentials, you need to register on the OneLogin website.

  • You can go to www.onelogin.com and opt for a free trial.
  • You may also get in touch with the IT Team to check if your company is already a OneLogin customer/partner

To configure the Identity Provider (OneLogin), perform the following steps:

  1. Login to OneLogin by entering the following URL: https://app.onelogin.com/login.

  2. Enter your login credentials and click LOG IN. The OneLogin home page appears.

    The following image shows the OneLogin Home page.

     

  3. On the navigation bar, hover to Apps. A drop-down list appears.
    The following image shows the Apps drop-down list.

     

  4. Click Add Apps. The Find Applications page appears.
    The following image shows the Find Applications page.



  5. In the search box, enter Remedyforce. A list of applications based on the search appears.

    The following image shows the list of the searched applications.

     


  6. Click Remedyforce Enterprise or Remedyforce [Sandbox] based on your requirement. The Add Remedyforce [Sandbox] page displaying the Configuration tab appears.

    The following image shows the Add Remedyforce [Sandbox] page displaying the Configuration tab

     

  7. In the Portal section, enter an appropriate Display Name for the application.
  8. Click Save. The Info tab appears.
    The following image shows the Remedyforce [Sandbox] Info tab. 

     

  9. Click the Configuration tab. 
    The following images shows the Remedyforce [Sandbox] Configuration tab.



  10. In the Application Details section, enter your Salesforce Organization ID and in the API Version field, click the latest version of API. 

  11. In the API Connection section, enter your Salesforce credentials.
    Click Enable. The API Status displays the status as Enabled.

    Note

    The Enabled status indicates that OneLogin has successfully established connection with your Salesforce org using your Salesforce credentials.

  12. Click the Parameters tab.
    The following image shows the Remedyforce [Sandbox] Parameters tab.

     

  13. Select Configured by admin.
  14. Select the specified values for the following Remedyforce [Sandbox] fields:
    • Phone: From the drop-down list, select the value Phone.
    • User ID: From the drop-down list, select the value Email.

  15. Click the SSO tab. The SSO tab displaying the X.509 Certificate, Issuer URL, SAML 2.0 Endpoint, and SLO Endpoint (HTTP) appears.
    The following image shows the Remedyforce [Sandbox] SSO tab.


    The Issuer URL and SAML 2.0 Endpoint (HTTP) are auto-generated.

  16. Click Save. The configuration is saved.

    Notes

    • X.509 Certificate, Issuer URL, SAML 2.0 Endpoint, and SLO Endpoint are auto-generated.
    • Copy the auto-generated Issuer URL and SAML 2.0 Endpoint (HTTP), which are required in the Salesforce Single Sign-On Settings.

  17. In the Enable SAML 2.0 section, click View Details. 

     

    The Standard Strength Certificate (2048-bit) page appears.

    The following image shows the Standard Strength Certificate (2048-bit) page.


  18. Click Download and save the certificate to your local machine.

    Note

    The downloaded Standard Strength Certificate is imported while configuring the Single Sign-On Settings on Salesforce. 

Configuring the Service Provider (Salesforce)

To configure the Service Provider (Salesforce):

  1. Login to Salesforce and see Step1 to Step 4.

  2. Enter appropriate information in the fields given in the table below:

    Field

    Description

    Name

    Enter an appropriate name for the SSO Setting.

    API Name

    The API name is generated automatically based upon the name specified for the SSO Setting.

    Issuer

    Enter the Issuer URL generated in OneLogin

    For example: https://app.onelogin.com/saml/metadata/453901

    Entity Id

    Enter https://saml.salesforce.com if you do not have any domain deployed. If domain is deployed, use the MyDomain URL.

    For example:

    https:// test-sso--x1.cs22.my.salesforce.com

    Identity Provider Certificate

    Browse and select the certificate downloaded from OneLogin.

    For example: X.509 PEM Certificate

    Request Signing Certificate

    From the drop-down list, select Default Certificate.

    Request Signature Method

    From the drop-down list, select RSA-SHA1.

    Assertion Decryption Certificate

    From the drop-down list, select Assertion not encrypted.

    SAML Identity Type

    Select the Assertion contains the Federation ID from the User object option.

    SAML Identity Location

    Select the Identity is in the NameIdentifier element of the Subject statement option.

    Identity Provider Login URL

    Enter the URL of your OneLogin SAML endpoint, to which Force.com sends SAML requests for SP-initiated login.

    Identity Provider Logout URL

    Enter the URL that you want the logged out user to receive.

    Custom Error URL

    Enter the URL of a custom page, to which the user is redirected in case of any error in login.

    For example: www.testdomain.com/ErrorPage

    Service Provider Initiated Request Binding

    Select the HTTP POST option.

      

    • Fields marked with  are mandatory.
    • You can edit the auto-generated API name.
    • If you are not able to view Service Provider Initiated Request Binding, please check if My Domain feature is enabled for your organization. If My Domain is not enabled, please raise a case with Salesforce for enabling it.

  3. Click Save. The configuration is saved. It updates and displays the certificate expiration date.
    The SAML SSO Setting page displaying the expiration date
    (Click the image to expand it.)

Verifying the Single Sign-On Configuration with Federated SSO using OneLogin

To verify that Single Sign-On has been configured correctly, you can perform the following procedure each for IDP and SP initiated login.

Identity Provider initiated login

To verify IDP initiated login:

Enter the OneLogin login URL in a browser.

For example: https://psl.onelogin.com/trust/saml2/http-post/sso/453901

If you are already logged in to the IDP, the browser follows a set of redirection instructions and logs you into Salesforce. If you are not logged into the IDP, enter your login credentials on the IDP login page. This will redirect you to Salesforce. 

Note

In case of a Force.com login error, navigate to SSO Setting in Salesforce and use the SAML Validation Tool. This displays the last failed SAML login.

Service Provider initiated login 

To verify SP initiated login:

Enter the following domain specific URL in a browser: https://test-sso--x1.cs22.my.salesforce.com.

The page redirects to IDP for authentication. 

Note

If your user credentials are already validated, you will be redirected to Salesforce. If the user credentials are not validated, the IDP will prompt you to enter your credentials.


Was this page helpful? Yes No Submitting... Thank you
Last modified by Sirisha Dabiru on Aug 30, 2022

Comments

Log in or register to comment.

Configuring Single Sign-On using OneLogin
Delegated Single Sign-On using OneLogin for Browser and Salesforce1
© Copyright 2010 - 2020 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.