Salesforce as a SAML Identity Provider

To add Salesforce as a SAML 2.0 external integration, you must create a connected app with SAML configuration in the Salesforce organization to enable trust with the service provider (Conga Auth Service). After creating the app, you need external_organization_id, Metadata Location URL, and Organization ID Claim Type details. 

To set up Salesforce as a SAML identity provider, enable your organization as an identity provider and integrate your service provider as a connected app. 

Step 1: Enable identity provider setting

1. Log in to Salesforce.
2. Go to Setup, then search and select Identity Provider.
3. Click Enable Identity Provider.
4. Select the self-signed certificate from the dropdown menu.
5. Click Save.

Step 2: Enable single sign-on setting

1. Search and select Single Sign-On Settings.
2. Click Edit.
3. Check the SAML Enabled checkbox.
4. Click Save.

Step 3: Create a SAML-enabled connected app

1. Search and select App Manager.
2. Click New Connected App.

3. Enter the following details in the Basic Information section:
   

   Field	Description
   Connected App Name	Enter the connected app’s name, which is displayed in the App Manager.
   API Name	The API name is generated automatically based on the name of the Connected App.
   Contact Email	Enter the email address of the administrator managing the Connected App.

4. Fill in the following details in the Web App Settings section. Leave the other field as is.
   

   Field	Description
   Enable SAML	Select the Enable SAML checkbox.
   Entity Id	The globally unique ID of the service provider. Enter the following URL per your environment: Preview environment: https://login-rlspreview.congacloud.com/api/v1/auth Production environment: https://login-rls.congacloud.com/api/v1/auth
   ACS URL	(Assertion Consumer Service) The service provider’s endpoint that receives SAML assertions. Enter the following URL per your environment: Preview environment: https://login-rlspreview.congacloud.com/api/v1/auth/Saml2/Acs Production environment: https://login-rls.congacloud.com/api/v1/auth/Saml2/Acs
   Name IF Format	Specify the email address as the format attribute sent in SAML messages.
   Singing Algorithm for SAML Messages	Select the SHA256 option.

5. Click Save.
6. Open the connected app that is created for the SAML identity provider.
7. Click Edit Policies.
8. Go to the Custom Attributes section and make sure to add the custom attribute with the external_organization_id as an attribute key and the organization ID as an attribute value.
9. Click Save.
10. Go to the User Accounts section and add a user account.
11. Go to the Profiles and Permission Sets sections and add profiles and permission sets to provide connected app access to Salesforce users.

With setup complete, you must get the information needed to configure an external integration.

Step 4: Get the external_organization_id and Metadata Location URL details

1. Search and select Manage Connected Apps.
2. Open the connected app that is created for the SAML identity provider.
3. Go to the Custom Attributes section and make sure the custom attribute is created with the external_organization_id as an attribute key and the organization ID as an attribute value.
4. Go to the SAML Login Information section.

5. Copy the Metadata Discovery Endpoint which is the metadata location URL.

   

   • To use Salesforce as an SSO, use the organization's metadata discovery endpoint.
   • To use Salesforce Community as an SSO, use the Community's metadata discovery endpoint.

Step 5: Add Salesforce as an external integration

1. Log in to the Conga Platform as an admin user.
2. Click the App Launcher () icon from the top-left corner > Admin Console > Organization.
3. Go to the External Integrations tab.
4. Click Add New.
   The Add New External Integration screen appears.

5. Choose SAML 2.0 from the drop-down list.

6. Enter values in the following fields as per your SAML 2.0 external integration:
   

   Field	Description
   External ID	Enter the Salesforce Organization ID (18 digits). For more information on how to get the 18-digit organization ID, see Getting Salesforce Organization ID.
   Metadata Location URL	Enter the Metadata URL that you copied in Step 4.
   Type	Enter the type of this integration. It is a free-form text field. You can add types such as Dev, QA, UAT, Prod, etc.
   Organization ID Claim Type	Leave this field blank.
   Description	Add the description.
   Default IDP	Enable the toggle to make it a Default External Integration IdP. A user will be created for the external integration set as the Default IdP for the organization. For example, if you have set Salesforce, a SAML Identity Provider, as the Default IdP, all the new users will be created with the Salesforce IdP.

7. Click Save.