Delegated Single Sign-On using OneLogin for Browser and Salesforce Mobile app

Delegated SSO configuration using OneLogin requires performing the following:

1. Configuring the Identity Provider (OneLogin)
2. Activating Delegated Authentication for Salesforce
3. Configuring the Service Provider (Salesforce)
4. Configuring the Service Provider for Delegated Authentication on Salesforce mobile app
5. Verifying the Single Sign-On Configuration with Delegated SSO using OneLogin

Configuring the Identity Provider (OneLogin)

For delegated authentication, there is no additional configuration required.

To configure the Identity Provider, refer to the following:

1. Getting the Salesforce Organization ID
2. Configuring the Identity Provider (OneLogin)

Activating Delegated Authentication for Salesforce

For activating delegated authentication for your Salesforce org, please see this link.

Configuring the Service provider (Salesforce)

To configure the Service Provider (Salesforce):

1. Login to Salesforce.
2. Click Setup. A left pane displaying various sections appears.
3. In the Administration Setup section, expand Security Controls and click Single Sign-On Settings. Single Sign-on Settings Page appears
   The Single Sign-On Settings page
   (Click the image to expand it.)
   
   
4. Click Edit. The page reloads enabling the Delegated Authentication and Federated Single Sign-On Using SAML sections.
   The Single Sign-On page displaying the enabled sections
   (Click the image to expand it.)
   
   
5. In the Delegated Authentication section, enter the following Delegated Gateway URL: https://app.onelogin.com/delegation/?app=salesforce
6. In the Federated Single Sign-On Using SAML section, select SAML Enabled.
7. Click Save. The URL is saved.
8. Click Setup. A left pane displaying various sections appears.
9. In the Administration Setup section, expand Manage Users and click Profiles. The User Profiles page appears.
   The User Profiles page
   (Click the image to expand it.)
   
   
10. Click the required name on the user profile. The Profile Detail of the selected user appears.
    The Profile Detail of the selected user
    (Click the image to expand it.)
    
    
11. Click Edit. The Profile Edit page appears.
    The Profile Edit page
    (Click the image to expand it.)
    
    
12. In the Administrative Permissions section, select Is Single Sign-On Enabled.
13. Click Save.

Configuring the Service Provider for Delegated Authentication on Salesforce Mobile application

To Configure Service Provider for Delegated Authentication on Salesforce Mobile application:

1. Refer to Step 8 to Step 11. 
2. In the Connected Apps Access section, select Salesforce1/Chatter for Android.
3. Click Save.

You can verify the configuration for delegated Single Sign-On for Browser and Salesforce Mobile Application.

Verifying the Configuration for Browser

To verify the configuration for browser:

1. Enter the required Salesforce login URL in a browser.
2. Enter your Identity Provider credentials.
   The IDP credentials are sent to the Delegated Gateway URL specified in Single Sign-On Settings for validation.

To verify the configuration for Salesforce Mobile Application:

1. Open the Salesforce Mobile Application on your mobile. 
2. Enter your Identity Provider credentials on the login screen. 
3. Re-enter your Identity Provider credentials on the Salesforce login page. The IDP credentials are sent to the Delegated Gateway URL specified in Single Sign-On Settings for validation. For more information, see Logging into Salesforce mobile app.