The purpose of this document is to introduce Rublon Authentication (Rublon Access Gateway) into Salesforce authentication process and enable Two-Factor authentication process for Salesforce users. To be able to achieve that, it is required to create Rublon Access Gateway application as well as registrate domain, configure Single Sign-On and enable SAML authentication in Salesforce . All needed steps will be described within this document.
Download Rublon Access Gateway metadata
- Sign in into your Rublon Access Gateway instance using administrator password
- Open “Applications” tab.
- At the bottom of page you’ll find “Download XML metadata” button. Click it to get your metadata.
- You could also download certificate which Rublon Access Gateway will use to sign and encrypt SAML messages.
- If your application doesn’t support XML importing you could also manually copy metadata values.
- Sign into Salesforce as an administrator.
- In the right corner select a cog icon. Select “Setup” from menu.
You have to configure Salesforce domain first if you want to use Single Sign-On with Rublon Access Gateway.
If you don’t have domain configured yet you have to do it using “Register domain” button.
- In “Settings” area toggle “Company Settings” section and select “My Domain”.
After domain registration you’ll receive confirmation e-mail and you’ll have to log in again using registered domain. After successful login open “My domain” page again and select “Deploy to Users” button.
- To enable SAML in Salesforce open “Single Sign-On Settings” and:
- Select “Edit” button,
- Check “SAML Enabled”,
Setup Rublon Access Gateway integration
Salesforce has built in module which handles Single Sign-On with using SAML standard. With using this feature you could integrate your Salesforce instance with Rublon Access Gateway.
- Under “Settings” section toggle “Identity” and select “Single Sign-On Settings”.
- Click on the “New from Metadata File” button. Select XML file with Rublon Access Gateway metadata. Select “Create” button.
- You’ll see a form with Rublon Access Gateway data
- Change “Name” and “API Name” to “Rublon”
- Set “Service Provider Initiated Request Binding” to preferred value: “HTTP POST”
- You can also change “Entity ID” to the name which will uniquely identify your Salesforce application. This name will be visible in Rublon Access Gateway.
- Copy Logout URL from Rublon Access Gateway metadata page to “Identity Provider Single Logout URL”
- This feature enables to automatically logout the user from all applications integrated with Rublon Access Gateway.
- Set “Single Logout Request Binding” to value: “HTTP POST”
- Save settings. If any error will occur then resolve it using Rublon Access Gateway metadata.
Enable SAML authentication
- Open “My domain” page which is under “Company Settings” menu.
- In the “Authentication Configuration” section select “Edit” button.
- By default Rublon option is inactive in “Authentication Service” area. Activate and “Save” it to enable Rublon Access Gateway usage on Salesforce login page.
- If you leave unchecked “Login Form” you wont be able to login if something goes wrong. Make sure everything works before you decide to disable this method!
SAML security (optional – recommended)
For better security you can generate new CA-signed or use existing certificate which will be used to sign SAML messages and optionally encrypt them.
- Open “Certificate and Key Management” page in “Security” area of Settings menu.
- There’s an existing self-signed certificate, but we recommend you to create new one (the best option is CA-Signed certificate) or import existing and trusted one which you have.
- If you changed certificate to be used in Rublon Access Gateway SAML communication then you have to update SAML Single Sign-On settings: select new certificate from “Request Signing Certificate” list.
To strengthen SAML communication security you can enable “Assertion Decryption Certificate” on Rublon Single Sign-On Settings page. Select the best certificate which you have to encryption. It could be another certificate than “Request Signing Certificate”.
Add application to Rublon Access Gateway
- Open “Single Sign-On Settings” page.
- Select “Rublon” name to open settings overview page.
- Select “Download Metadata” button. XML file will be downloaded.
- Sign into your Rublon Access Gateway instance and open “Applications” perspective and select “Import application metadata” tab.
- Enter name of your Salesforce instance, select downloaded XML file and click “Upload”.
- Your entry will appear on the applications list.
Check integration with Salesforce
- Go to your Salesforce domain login website e.g.: “my_domain.salesforce.com“
- You can login using address email and password to Salesforce or choose login by Rublon
Provide login and password
Please fill in with your organization’s account credentials(Active Directory, LDAP).