Table of Contents



Salesforce Salesforce Inc. is a cloud computing company. It is best known for their CRM products and social networking applications.

It allows one to use SAML to authenticate users. It can deal with both SP and IdP initiated modes.

This page presents the SP initiated mode.

To work with LL::NG it requires:


You should have configured LL::NG as a SAML Identity Provider.

Create Salesforce domain

For using SP-initiated mode, you must create your salesforce domain. Creation can take up to 1 hour. (if it is superior to 1h, then there is a problem. Problems are generally resolved in up to 72 hours)

Then you must deploy this domain in order to go on with the configuration.

Finally, just ensure that at least:

match with the correct values. (adapt the domain if necessary)

For now, the authentication service parameter has no domain available. You must come back later to fill this parameter. Once SAML cinematics are working, you can then put your domain, and delete the login form, and you'll have an automatic redirection to your Identity Provider (no need for the user to click). Note that you can always access Salesforce by the general login page:

SAML settings

Salesforce is not able to read metadata, you must fill the information into a form.

Go to the SAML Single Sign On settings, and fill these information:

Configure Federation ID

Finally, configure for each user his Federation ID value. It will be the link between the SAML assertion coming from LemonLDAP::NG (the IdP) and a given user in Salesforce. Here, the mail has been chosen as the user Name ID.

Once this is completed, click to export the Salesforce metadata and import them into LemonLDAP::NG, into the declaration of the Salesforce Service Provider.

See Register partner Service Provider on LemonLDAP::NG configuration chapter.