Connect Dropbox with Salesforce as IdP
An identity provider is a system entity that creates, maintains, and manages identity information for principals while providing authentication services to relying applications. An identity provider is “a trusted provider that lets you use single sign-on (SSO) to access other websites".
When you log into trailhead by clicking 'Log in with Facebook', 'Log in with Google+' or 'Log in with Linkedin' then that's the example of Google, Facebook, Linkedin acting as trusted identity provider, and authenticating you on behalf of trailhead.
Identity provider saves your time spent in creating and maintaining your credentials and helping third party websites from storing and protecting your information.
Salesforce supports
- Identity provided-initiated login - when Salesforce logs in to a server provider at the initiation of the end user.
- Service provider-initiated login - when the service provider requests Salesforce to authenticate a user, at the initiation of the user.
Salesforce as Identity provider: Salesforce can act as identity provider to service providers, allowing end users to easily and securely access many web and mobile applications with one login. When using SAML for federated authentication, enable Salesforce as an identity provider and then set up connected apps.
Steps to enable Salesforce as Identity Provider with DropBox:
Prerequisite
DropBox account: if you already have dropbox account then verify if it is personal? if yes then enable Dropbox for Business from bottom left corner,it is free for 30 days. Once Dropbox for Business is enabled follow the steps below. Make sure you select DropBox Business Advance option.
1. From setup, enter Identity provider in the quick find box and click 'Enable Identity Provider' (if not enabled).
2. Go to Dropbox and click Admin Console.
3. Click Setting.
4. Under Authentication settings, click Single sign-on.
5. Choose whether SSO is optional or required.
6. Dropbox displays information about SSO setup, including a URL for service provider–initiated SSO, for example, https://www.dropbox.com/sso/11272027. Save this URL to use later when you test the configuration.
7. For Identity provider sign-in URL, enter the HttpRedirect endpoint, for example, https://yourdomain.my.salesforce.com/idp/endpoint/HttpRedirect, where yourdomain is your My Domain subdomain.
8. Optionally, for Identity provider sign-out URL, enter the URL to which the user is redirected after logout.
9. For X.509 certificate, upload your Salesforce certificate. You can download your certificate from Setup -> Identity Provider -> Click on Download certificate button.
Create a Connected App in Salesforce:
1. In Lightning goto App Manager, click New Connected App and in classic goto Apps under Connected Apps and click New.
2. Enter Connected App basic information.
2.a. Enter Connected App name as Dropbox and Contact Email.
3. Configure Web App Settings
3.a. Select Enable SAML.
3.b. Entity Id: Dropbox
3.c. ACS: https://www.dropbox.com/saml_login
3.d. Subject type: Federation Id.
3.d. For Name ID, Issuer, Idp Certificate keep the default.
4. Save the Settings.
5. Configure profiles and permission sets for Connected Apps.
5.a. From Setup enter Apps, in the Quick Find box.
- Lightning: select Manage Connected Apps.
- Classic: select Connected Apps.
5.b. Click on the name of your connected App (Dropbox) to open detail page.
5.c. Click Manage Profiles or Manage Permission Sets and add profile and permission sets for those users who can access this app.
6. In Salesforce, enter the start URL for connected App.
6.a. On the connected app detail page, under SAML Login Information, copy the IdP-initiated login URL.
6.b. On the connected app detail page, click Edit Policies.
6.c. For Start URL, paste the IdP-initiated login URL.
6.d. Save the settings.
Testing
1. From App Launcher choose Dropbox application, you will see a screen like the one below.
Special Thanks to Krishna and Harleen.
No comments:
Post a Comment