cancel
Showing results for 
Search instead for 
Did you mean: 

Setting up salesforce.com (SFDC) as an External IdP for Broker

UnboundID MohammedM

There are two main steps to configure salesforce.com (SFDC) as an external Identity Provider (IDP) for UnboundID Data Broker:

 

  1. Creating Salesforce Connected App in the Salesforce developer site.
  2. Creating External Identity Provider in the UnboundID Broker Console.

 

We are going to use the following information to setup SFDC as external IDP for Broker:

 

Broker Info:

Broker URL: https://<servername>:<port>

External Identity Provider Name (IDP Name): Salesforce

Please note that you can use any name to represent the IDP Name.

Salesforce Info:

Connected App Name: UnboundID Broker (A name for your App)

Callback URL: https://<servername>:<port>/oauth/account/idpCallback/Salesforce

The format of this field has to follow the following syntax:

<Broker URL>/ oauth/account/idpCallback/<IDP Name>

 

OAuth Scopes:

Allow access to your unique identifier (openid)

Access your basic information (id, profile, email, address, phone)

 

Creating SalesForce App:

 

  • Go to https://developer.salesforce.com and login or Sign Up for a developer account if you do not have one.
  • After you are logged In, click on your name and select your developer account as shown below:

p1.png 

 

 

p2.png

 

  • After you are logged In, click on Create>Apps as shown below:

 

 p3.png

  • Under Connected Apps section, click on New to create new app

 

p4.png

 

  • Enter the following information:

 

Basic Information

 

Connected App Name: A given name to your app. (UnboundID Broker)

Contact Email: Your e-mail.

 

API (Enable OAuth Settings)

 

Enable OAuth Settings: Make sure this box is checked to enable the OAuth2.

Callback URL: This depends on your Broker setup and the name you used for your IDP. It uses the following syntax:

<Broker URL>/ oauth/account/idpCallback/<IDP Name>

(https://<servername>:<port>/oauth/account/idpCallback/Salesforce)

 

The rest of the parameters are optional. Please see below:

 

 p5.png

  • Click Save when you are done. The Connected App should be created and more App info should be displayed.
  • Copy the Consumer key and the Consumer Secret. Click on Revel to make the Consumer Secret We will need that info in Broker when we create the External Identity Provider. Please see below:

 

 p6.png

  • At this point, you are done from the first step.

 

Creating External Identity Provider in Broker:

 

p7.png

 

  • Click on New External Identity Provider and select OIDC External Identity Provider as shown below:

 

p8.png

 

  • Enter the following information:

 

Name: A name of the External Identity Provider. You can choose any name (Salesforce)

Enabled: Make sure this check box is checked to enable this IDP

Client ID: Use the Consumer key that you have copied from Salesforce connected App you have created.

Client Secret: Use the Consumer secret that you have copied from Salesforce connected App you have created.

Scope: You can additional scopes that you need to request authorization for. The openid scope is always request. (email)

Client Auth Method: Select post

Issuer: https://login.salesforce.com

Authorization Endpoint: https://login.salesforce.com/services/oauth2/authorize

Token Endpoint: https://login.salesforce.com/services/oauth2/token

Userinfo Endpoint: https://login.salesforce.com/services/oauth2/userinfo

 

Then click on Save To Broker Cluster as shown below:

 

p9.png

 

  • Enter the External Identity Provider Attribute Mappings

This part is to map Salesforce attributes/scopes to UnboundID Broker attributes/scopes

 

We used the following attributes/scopes:

 

UnboundID

Salesforce

emails[type eq “other”].value

email

name.familyName

family_name

name.formatted

name

name.givenName

given_name

userName

preferred_username

 

Please note that you need to click on the plus sign “+” to add each attribute mapping. This will open the External Identity Provider Attribute Mapping.

 

p10.png

 

When you click on the plus sign “+” the External Identity Provider Attribute Mapping window will be displayed as shown below:

 

p11.png

 

Add the attribute mapping info based in your need. See the table above. When you are done, click Save To Broker Cluster to save the entered attribute mapping.

 

Repeat this step until you add all the attribute mappings then click Done to save and finish creating the External Identity Provider.

 

  • At this point you are done from the second step and the setup for “com (SFDC) as external Identity Provider” is completed.