Login   Sign Up Contact Us
Hello there!

Need Help? We are right here!
miniOrange Email Support
success

Thanks for your Enquiry.

If you don't hear from us within 24 hours, please feel free to send a follow-up email to info@xecurify.com

Search Results:

×

Multi-Factor Authentication (MFA) for Salesforce

Salesforce 2FA solution by miniOrange adds an additional layer of security to your Salesforce Login. With Salesforce 2FA being enabled, anyone trying to log in to your Salesforce account needs to pass two authentication factors to get access. Salesforce 2FA authentication starts with a user submitting his traditional username and password. Once the user successfully gets authenticated with the 1st step verification, configured 2FA (OTP over SMS, Push Notifications, YubiKey, TOTP, Google Authenticator, etc) method prompts for 2nd-step verification. A user who successfully completes both steps of authentication is given access to the Salesforce account. Enabling 2FA will stop someone from using the Salesforce account even if cyber attackers get your login information.

miniorange provides 15+ 2FA methods and solutions for various use cases. Organizations can set up specific authentication and configuration options in addition to security, including

  • Role-Based 2FA
  • Password restrictions
  • Restrict sign-in methods
  • Passwordless Authentication
  • Offline 2FA Support


Get Free Installation Help


miniOrange offers free help through a consultation call with our System Engineers to Install or Setup Salesforce SSO & MFA solution in your environment with 30-day free trial.

For this, you need to just send us an email at idpsupport@xecurify.com to book a slot and we'll help you in no time.




Pre-requisite

  • Login to your Salesforce account.
  • Click on the Setup icon in the top-right section of page.
    • Salesforce 2FA/MFA : Salesforce Admin Dashboard- Setup

  • Now in the search field, search for the My Domain Settings.
  • Choose your domain name, check for availability and if available, proceed by saving the settings.
    • Salesforce 2FA/MFA : Register domain

  • Search for Company Information in the search bar.
  • Copy the Organization Id. (This will be required later)
    • Salesforce 2FA/MFA : copy organization id

  • Salesforce Metadata: After you have set up the SSO settings in Salesforce Admin Dashboard, you will get the Salesforce Metadata File. Click Download Metadata to download an XML file of your SAML configuration settings to send to your identity provider. The identity provider can then upload these configuration settings to connect to your Experience Cloud site.
    • Salesforce 2FA/MFA : Download Salesforce Metadata

Follow the Step-by-Step Guide given below for Salesforce Single Sign-On (SSO)

  • Enter the following values in the respective fields.

    • Application Name Salesforce
    SP Entity ID or Issuer https://[yourdomain].my.salesforce.com/
    ACS URL https://[yourdomain].my.salesforce.com/?so=[organization_id]
    Single Logout URL https://customdomain.my.salesforce.com
    Sign Response ON

    Salesforce SSO (Single Sign-On) add IdP basic settings

  • Click Next. Now, in the Attribute Mapping, Click on Add Atribute and enter the attribute names with their values as shown below.

    (Follow the steps given here to find out Salesforce profileId.)

    • Salesforce SSO save configuration

  • Click on Save.
  • Your application is saved successfully. Now click on the Select button against your newly created application. Go to Metadata.
    • Salesforce SSO (Single Sign-On) Select Metadata for SAML

  • On the Metadata page, click on Show Metadata Details and choose either of the two Metadata options :
    • If you want to use miniOrange as User-Store i.e., your user identities will be stored in miniOrange then download the metadata file under the heading 'INFORMATION REQUIRED TO SET MINIORANGE AS IDP'.
    • If you want to authenticate your users via any external Identity Provider (IDP) like Active Directory, Okta, OneLogin, Google, Apple ID, etc then download the Metadata file under the heading 'INFORMATION REQUIRED TO AUTHENTICATE VIA EXTERNAL IDPS'.
    Salesforce SSO (Single Sign-On) View IdP metadata

  • Keep SAML Login URL, SAML Logout URL, IdP Entity ID or Issuer and click on the Download Certificate button to download the certificate which you will require in Step 2.
    • Configure Salesforce 2FA/MFA : Select Metadata details external IDP or miniOrange as IDP



2. Configure SSO in Salesforce Admin Account

  1. Log in to your Salesforce account as Account Admin.
  2. Select either Salesforce Classic: Navigate to Setup > Security Controls > Single Sign-On Settings.

    3. setup salesforce as sp-classic

  3. Or Salesforce Lightening Experience: Click the gear icon, then navigate to Setup > Identity > Single Sign-On Settings.

    4. setup salesforce as sp-lightning

  4. On the Single Sign-On Settings page, click on Edit.

    5. sso settings salesforce as sp-sso settings

  5. Check the SAML Enabled box to enable the use of SAML Single-Sign On, then click on Save.

    6. sso settings salesforce- enable saml salesforce as sp

  6. Click New to open SAML Single Sign-On Settings.

    7. sso salesforce as sp

  7. Configure the following details as given below:
    8. Issuer IDP Entity ID/Issuer in miniorange metadata
    Entity ID https://[yourdomain].my.salesforce.com
    Identity Provider Certificate Upload Certificate from miniOrange metadata
    Request Signature method RSA-SHA256
    Assertion Decryption Certificate Not encrypted
    *SAML Identity Type Assertion contains the User's Salesforce username
    *SAML Identity Location Identity is in the NameIdentifier element of the Subject statement
    *Service Provider Initiated Request Binding HTTP Redirect
    Identity Provider Login URL SAML Login URL in miniOrange metadata
    Custom Logout URL https://[yourdomain].my.salesforce.com
  8. Click on Save.

    9. enter info sso salesforce as sp

  9. Copy your Login URL value.

    10. copy login url salesforce as sp

External References