To add Salesforce as a SAML 2.0 external integration, you must create a connected app with SAML configuration in the Salesforce organization to enable trust with the service provider (Conga Auth Service). After creating the app, you need external_organization_id, Metadata Location URL, and Organization ID Claim Type details. 

To set up Salesforce as a SAML identity provider, enable your organization as an identity provider and integrate your service provider as a connected app. 

Step 1: Enable identity provider setting

  1. Log in to Salesforce.
  2. Go to Setup, then search and select Identity Provider.
  3. Click Enable Identity Provider.
  4. Select the self-signed certificate from the dropdown menu.
  5. Click Save.

Step 2: Enable single sign-on setting

  1. Search and select Single Sign-On Settings.
  2. Click Edit.
  3. Check the SAML Enabled checkbox.
  4. Click Save.

Step 3: Create a SAML-enabled connected app

  1. Search and select App Manager.
  2. Click New Connected App.
  3. Enter the following details in the Basic Information section:

    Field

    Description

    Connected App NameEnter the connected app’s name, which is displayed in the App Manager.
    API NameThe API name is generated automatically based on the name of the Connected App.
    Contact EmailEnter the email address of the administrator managing the Connected App.
  4. Fill in the following details in the Web App Settings section. Leave the other field as is.

    Field

    Description

    Enable SAMLSelect the Enable SAML checkbox.
    Entity Id

    The globally unique ID of the service provider. Enter the following URL per your environment:

    ACS URL

    (Assertion Consumer Service) The service provider’s endpoint that receives SAML assertions. Enter the following URL per your environment:

    Name IF FormatSpecify the email address as the format attribute sent in SAML messages.
    Singing Algorithm for SAML MessagesSelect the SHA256 option.
  5. Click Save.
  6. Open the connected app that is created for the SAML identity provider.
  7. Click Edit Policies.
  8. Go to the Custom Attributes section and make sure to add the custom attribute with the external_organization_id as an attribute key and the organization ID as an attribute value.
  9. Click Save.
  10. Go to the User Accounts section and add a user account.
  11. Go to the Profiles and Permission Sets sections and add profiles and permission sets to provide connected app access to Salesforce users.

With setup complete, you must get the information needed to configure an external integration.

Step 4: Get the external_organization_id and Metadata Location URL details

  1. Search and select Manage Connected Apps.
  2. Open the connected app that is created for the SAML identity provider.
  3. Go to the Custom Attributes section and make sure the custom attribute is created with the external_organization_id as an attribute key and the organization ID as an attribute value.
  4. Go to the SAML Login Information section.
  5. Copy the Metadata Discovery Endpoint which is the metadata location URL.

    • To use Salesforce as an SSO, use the organization's metadata discovery endpoint.
    • To use Salesforce Community as an SSO, use the Community's metadata discovery endpoint.

Step 5: Add Salesforce as an external integration

  1. Log in to the Conga Platform as an admin user.
  2. Click the App Launcher () icon from the top-left corner > Admin Console > Organization.
  3. Go to the External Integrations tab.
  4. Click Add New.
    The Add New External Integration screen appears.
  5. Choose SAML 2.0 from the drop-down list.

  6. Enter values in the following fields as per your SAML 2.0 external integration:

    Field

    Description

    Choose IDP Metadata Setup

    You can either enter the metadata location URL or upload the XML file.

    • URL Input: Select this option and enter the App Federation Metadata Url that you copied in Step 4.
    • XML File Upload: Select this option and upload your metadata XML file.
    External ID

    Enter the Salesforce Organization ID (18 digits). For more information on how to get the 18-digit organization ID, see Getting Salesforce Organization ID.

    Type

    Enter the type of this integration. It is a free-form text field. You can add types such as Dev, QA, UAT, Prod, etc.

    Organization ID Claim Type

    Leave this field blank.

    DescriptionAdd the description.
    Default IDP

    Enable the toggle to make it a Default External Integration IdP.

    A user will be created for the external integration set as the Default IdP for the organization. For example, if you have set Salesforce, a SAML Identity Provider, as the Default IdP, all the new users will be created with the Salesforce IdP.

  7. Click Save.