This documentation supports the 20.19.01 version of Remedyforce.

To view the latest or an earlier version, select the version from the Product version menu.

BMC Remedyforce and Single Sign-On


This section is provided “as is” with no express or implied warranty. The information provided here is based on setting up the configurations in a controlled lab environment. Production environments, depending on needs, will vary. 

The purpose of this section is to provide a starting point for setting up ADFS or OneLogin with Salesforce/Remedyforce. 

Please note that if you have deeper questions around ADFS, we would highly recommend reaching out to a Microsoft Partner with experience around ADFS.  While we will try our best, the ultimate responsibility lies with the customer to have access to the necessary Microsoft resources who will be better equipped with assisting with a full design, configuration, and setup.


The purpose of this section is to serve as a reference point for users, who require setup and configuration procedures for Single Sign-On and Salesforce. This section provides a detailed description along with easy instructions for the required user tasks needed for the implementation of a Single Sign-On solution (SSO).

Intended audience

This section is intended for users who require the details and procedures needed to setup and configure Single Sign-On for use with Salesforce within a lab or test environment. These users are typically system administrators.

Terms used

The following table contains definitions of terms which are frequently used in the context of Single Sign-On.



Security Assertion Markup Language (SAML)

An XML-based standard, which communicates the authentication decisions between   one service and another. It underlies many Web Single Sign-On (SSO) solutions. Salesforce supports SAML for SSO into Salesforce from a corporate portal or an identity provider.

Identity Provider (IDP)

A trusted provider, which enables the user to use Single Sign-On to access   other websites. IDP provides identifiers such as SAML Assertions, which helps users to interact with a Service Provider. For example: Websites that allow users to login using Google or Facebook credentials. Facebook and Google act   as IDP.

Service Provider (SP)

A website or an application that provides service to the end user. SP either authenticates the user itself or calls an IDP for authentication.

Certification Authority (CA)

An entity that issues digital certificates. A digital certificate certifies the ownership of a public key by User ID of the certificate.

CA Signed Certificate

The Certification Authority Signed certificates are issued by a CA to itself or to a second CA to define a relationship between the two CAs.

Self-Signed Certificate

An identity certificate, which is signed by the entity provider itself.

Assertion Consumer Service URL

A URL where an IDP sends a SAML response.


A method or way to identify or validate a user using the entered user credentials. These user credentials are verified against the credentials stored in a database.


A set of policies that determine the activities, which a user may perform after logging into the system.

Entity Id

The Salesforce recipient URL, which is used for assertions received from the Identity Provider.

If the domains are not deployed in Salesforce, the Entity ID value must be set to: If the domains are deployed in Salesforce, use your custom domain name.

Identity Provider Certificate

An authentication certificate such as AFDS 2.0 or OneLogin, which an IDP issues.


OAuth is the abbreviation for Open Authentication. OAuth is an open source protocol that allows secure API authorization in a simple and standard method through desktop and web application. It allows a website (End-user) to access protected resources from another web service (Service Provider) through an API.

The section contains the following topics:

Was this page helpful? Yes No Submitting... Thank you