Last updated on July 30th, 2020
The purpose of this document is to introduce Rublon Authentication (Rublon Access Gateway) into the Salesforce authentication process and enable the Two-Factor authentication process for Salesforce users. In order to achieve that, it is required to create a Rublon Access Gateway application as well as registrate a domain, configure Single Sign-On, and enable SAML authentication in Salesforce . All needed steps will be described within this document.
Download the Rublon Access Gateway metadata
- Sign in to your Rublon Access Gateway instance using the administrator password.
- Open the “Applications” tab.
- Click the “Download XML metadata” button at the bottom of the page to get your metadata.
- You can also download the certificate which Rublon Access Gateway will use to sign and encrypt SAML messages.
- If your application doesn’t support XML importing, you can also manually copy the metadata values.
- Sign into Salesforce as an administrator.
- Select the cog icon in the top right corner. Select “Setup” from the menu.
You have to configure your Salesforce domain first if you want to use Single Sign-On with Rublon Access Gateway.
If you haven’t configured a domain yet, please do it by using the “Register domain” button.
- In the “Settings” area toggle the “Company Settings” section, and select “My Domain”.
After the domain registration is finished, you’ll receive a confirmation e-mail and you’ll have to log in again using the registered domain. After a successful login, open “My domain” page again and click the “Deploy to Users” button.
- To enable SAML in Salesforce, open “Single Sign-On Settings” and:
- Select the “Edit” button,
- Check “SAML Enabled”,
Setup the Rublon Access Gateway integration
Salesforce has an in-built module which handles Single Sign-On using the SAML standard. You can use this feature to integrate your Salesforce instance with Rublon Access Gateway.
- Under “Settings” section toggle “Identity”, and select “Single Sign-On Settings”.
- Click the “New from Metadata File” button. Select the XML file with Rublon Access Gateway metadata. Click the “Create” button.
- You’ll see a form with Rublon Access Gateway data.
- Change the “Name” and “API Name” to “Rublon”
- Set “Service Provider Initiated Request Binding” to preferred value: “HTTP POST”
- You can also change “Entity ID” to the name which will uniquely identify your Salesforce application. This name will be visible in Rublon Access Gateway.
- Copy the Logout URL from Rublon Access Gateway metadata page to “Identity Provider Single Logout URL”
- This feature allows for automatically logging out the user from all applications integrated with Rublon Access Gateway.
- Set “Single Logout Request Binding” to “HTTP POST”.
- Save the settings. In case of any errors, please resolve them using the Rublon Access Gateway metadata.
Enable SAML authentication
- Open the “My domain” page in “Company Settings” menu.
- Select the “Edit” button in the “Authentication Configuration” section.
- The Rublon option in the “Authentication Service” area is inactive by default. Activate and “Save” it to enable the use of Rublon Access Gateway on the Salesforce login page.
- If you leave “Login Form” unchecked, you won’t be able to login if something goes wrong. Make sure everything works before you decide to disable this method!
SAML security (optional – recommended)
For better security you can generate a new CA-signed certificate, or use an existing one which will be used to sign SAML messages and optionally encrypt them.
- Open the “Certificate and Key Management” page in the “Security” area of the Settings menu.
- A ready-made self-signed certificate is available, but it’s highly recommended that you create a new one (the best option is a CA-Signed certificate), or import an existing and trusted one.
- If you changed the certificate to be used in Rublon Access Gateway SAML communication, you have to update the SAML Single Sign-On settings: select the new certificate from “Request Signing Certificate” list.
To strengthen the security of the SAML communication, you can enable “Assertion Decryption Certificate” on the Rublon Single Sign-On Settings page. Select the best available certificate for encryption. It can be different from the certificate you’ve used in “Request Signing Certificate”.
Add an application to Rublon Access Gateway
- Open the “Single Sign-On Settings” page.
- Select the “Rublon” name to open the settings overview page.
- Select the “Download Metadata” button. An XML file will be downloaded.
- Sign into your Rublon Access Gateway instance, open the “Applications” perspective and select the “Import application metadata” tab.
- Enter the name of your Salesforce instance, select the downloaded XML file and click “Upload”.
- Your entry will appear on the applications list.
Validate the integration with Salesforce
- Go to your Salesforce domain login website e.g.: “my_domain.salesforce.com“
- You can either login to Salesforce using your email address and password, or choose to login using Rublon
Provide your login and password
Please fill in with your organization’s account credentials (Active Directory, LDAP).
Choose one of the available authentication methods to complete Rublon second factor authentication
Get access to Salesforce account
If you encounter any issues with your Rublon integration, we’re here to help! Just contact us at [email protected].