Skip to Content
Information

This site will undergo maintenance on Friday, 26 September at 2:00 AM CDT / 12:30 PM IST and may experience a short period of instability during that time.

Default language.

Federated Single Sign-On using OneLogin

Federated SSO configuration using OneLogin requires performing the following:

Getting the Salesforce Organization ID

To get the Salesforce Organization ID, use one of the following methods:

  1. From the Getting Started tab:
    1. Go to the Getting  Started tab.
    2. Under the Enhance BMC Helix Remedyforce Performance section, note the Salesforce Organization ID.
  2. From the Setup option:
    1. Click Setup. A left pane displaying various sections appears.

    2. In the Administer section, expand Company Profile and click Company Information. The Company Information page displaying the Salesforce Organization ID appears.
      The following image shows the Company Information page displaying the Salesforce Organization ID.

      SSO_Fig 43-The Company Information page displaying the Salesforce Organization ID.png

 

Warning

Note

The Salesforce Organization ID is required while configuring the Identity Provider (OneLogin).

Configuring the Identity Provider (OneLogin)

Warning

Notes

  • For OneLogin credentials, you need to register on the OneLogin website.
  • You can go to www.onelogin.com and opt for a free trial.
  • You may also get in touch with the IT Team to check if your company is already a OneLogin customer/partner

To configure the Identity Provider (OneLogin), perform the following steps:

  1. Login to OneLogin by entering the following URL: https://app.onelogin.com/login.

  2. Enter your login credentials and click LOG IN. The OneLogin home page appears.

    The following image shows the OneLogin Home page.

    SSO_Fig 44-The OneLogin home page.png 

  3. On the navigation bar, hover to Apps. A drop-down list appears.
    The following image shows the Apps drop-down list.

    SSO_Fig 45-The Apps drop-down list.png

  4. Click Add Apps. The Find Applications page appears.
    The following image shows the Find Applications page.

    image2019-3-21_14-17-30.png

  5. In the search box, enter Remedyforce. A list of applications based on the search appears.

    The following image shows the list of the searched applications.

     image2019-3-6_19-16-42.png


  6. Click Remedyforce Enterprise or Remedyforce [Sandbox] based on your requirement. The Add Remedyforce [Sandbox] page displaying the Configuration tab appears.

    The following image shows the Add Remedyforce [Sandbox] page displaying the Configuration tab

     image2019-3-21_14-20-3.png

  7. In the Portal section, enter an appropriate Display Name for the application.
  8. Click Save. The Info tab appears.
    The following image shows the Remedyforce [Sandbox] Info tab.

    image2019-3-21_14-23-45.png

  9. Click the Configuration tab. 
    The following images shows the Remedyforce [Sandbox] Configuration tab.

    2019-03-21_14-37-15.png

  10. In the Application Details section, enter your Salesforce Organization ID and in the API Version field, click the latest version of API. 

  11. In the API Connection section, enter your Salesforce credentials.
    Click Enable. The API Status displays the status as Enabled.

    Warning

    Note

    The Enabled status indicates that OneLogin has successfully established connection with your Salesforce org using your Salesforce credentials.

  12. Click the Parameters tab.
    The following image shows the Remedyforce [Sandbox] Parameters tab.

    SSO_Fig 51-The Remedyforce [Sandbox] Parameters tab.png

  13. Select Configured by admin.
  14. Select the specified values for the following Remedyforce [Sandbox] fields:
    • Phone: From the drop-down list, select the value Phone.
    • User ID: From the drop-down list, select the value Email.

  15. Click the SSO tab. The SSO tab displaying the X.509 Certificate, Issuer URL, SAML 2.0 Endpoint, and SLO Endpoint (HTTP) appears.
    The following image shows the Remedyforce [Sandbox] SSO tab.

    new.png
    The Issuer URL and SAML 2.0 Endpoint (HTTP) are auto-generated.

  16. Click Save. The configuration is saved.

    Warning

    Notes

    • X.509 Certificate, Issuer URL, SAML 2.0 Endpoint, and SLO Endpoint are auto-generated.
    • Copy the auto-generated Issuer URL and SAML 2.0 Endpoint (HTTP), which are required in the Salesforce Single Sign-On Settings.

  17. In the Enable SAML 2.0 section, click View Details

    image2019-3-22_10-39-21.png 

    The Standard Strength Certificate (2048-bit) page appears.

    The following image shows the Standard Strength Certificate (2048-bit) page.
    SSO_Fig 53-The Standard Strength Certificate (2048-bit) page.png


  18. Click Download and save the certificate to your local machine.

    Warning

    Note

    The downloaded Standard Strength Certificate is imported while configuring the Single Sign-On Settings on Salesforce. 

Configuring the Service Provider (Salesforce)

To configure the Service Provider (Salesforce):

  1. Login to Salesforce and see Step1 to Step 4.

  2. Enter appropriate information in the fields given in the table below:

    Field

    Description

    Name

    Enter an appropriate name for the SSO Setting.

    API Name

    The API name is generated automatically based upon the name specified for the SSO Setting.

    Issuer

    Enter the Issuer URL generated in OneLogin

    For example: https://app.onelogin.com/saml/metadata/453901

    Entity Id

    Enter https://saml.salesforce.com if you do not have any domain deployed. If domain is deployed, use the MyDomain URL.

    For example:

    https:// test-sso--x1.cs22.my.salesforce.com

    Identity Provider Certificate

    Browse and select the certificate downloaded from OneLogin.

    For example: X.509 PEM Certificate

    Request Signing Certificate

    From the drop-down list, select Default Certificate.

    Request Signature Method

    From the drop-down list, select RSA-SHA1.

    Assertion Decryption Certificate

    From the drop-down list, select Assertion not encrypted.

    SAML Identity Type

    Select the Assertion contains the Federation ID from the User object option.

    SAML Identity Location

    Select the Identity is in the NameIdentifier element of the Subject statement option.

    Identity Provider Login URL

    Enter the URL of your OneLogin SAML endpoint, to which Force.com sends SAML requests for SP-initiated login.

    Identity Provider Logout URL

    Enter the URL that you want the logged out user to receive.

    Custom Error URL

    Enter the URL of a custom page, to which the user is redirected in case of any error in login.

    For example: www.testdomain.com/ErrorPage

    Service Provider Initiated Request Binding

    Select the HTTP POST option.

      

    Warning
    • Fields marked with red_side_bar.gif are mandatory.
    • You can edit the auto-generated API name.
    • If you are not able to view Service Provider Initiated Request Binding, please check if My Domain feature is enabled for your organization. If My Domain is not enabled, please raise a case with Salesforce for enabling it.
  3. Click Save. The configuration is saved. It updates and displays the certificate expiration date.
    The SAML SSO Setting page displaying the expiration date
    (Click the image to expand it.)

    SSO_Fig 54-The SAML S_S_O Setting page displaying the expiration date.png

Verifying the Single Sign-On Configuration with Federated SSO using OneLogin

To verify that Single Sign-On has been configured correctly, you can perform the following procedure each for IDP and SP initiated login.

Identity Provider initiated login

To verify IDP initiated login:

Enter the OneLogin login URL in a browser.

For example: https://psl.onelogin.com/trust/saml2/http-post/sso/453901

If you are already logged in to the IDP, the browser follows a set of redirection instructions and logs you into Salesforce. If you are not logged into the IDP, enter your login credentials on the IDP login page. This will redirect you to Salesforce. 

Warning

Note

In case of a Force.com login error, navigate to SSO Setting in Salesforce and use the SAML Validation Tool. This displays the last failed SAML login.

Service Provider initiated login

To verify SP initiated login:

Enter the following domain specific URL in a browser: https://test-sso--x1.cs22.my.salesforce.com.

The page redirects to IDP for authentication. 

Warning

Note

If your user credentials are already validated, you will be redirected to Salesforce. If the user credentials are not validated, the IDP will prompt you to enter your credentials.


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

Remedyforce 20.23.01