Integration Guide by AskmeIdentity - Identity Experts:

https://www.youtube.com/watch?v=75bFlR5SELo&list=PLLtgG_DQlifXL2TYeYpzn-AnF5yEJ1OQQ&index=14

Prerequisites

Before you begin, ensure you have the following:

1. Okta Admin (Dev) Account: Access to the Okta Admin Console.

2. Salesforce Admin (Dev) Account: Administrator privileges in Salesforce.

Step-by-Step Instructions

1. Set Up Okta Application for Salesforce

1. Log into Okta Admin Console:

   • Navigate to Applications > Applications.

   • Click Create App Integration.

   • Select Protocol: SAML 2.0

   • Click Next.

2. Configure General Settings:

   • App name: Your_App_Name.

   • Change App logo/visibility if desired (optional).

   • Click Next.

3. SAML Configuration:

   • Note: You will not have this information yet. Enter mock information and proceed.

     1. Single sign-on url (ACS URL):

     2. Audience URI (SP Entity ID):

     3. Click Next.

   • Provide feedback (optional)

     1. This information tells Okta why you are not using the built-in integration wizard.

   • Click Finish.

   • Scroll down to SAML Signing Certificates. View IDP metadata for active certificate. Save metadata in xml format. You will need this information for the next steps.

2. Configure SAML Settings in Salesforce

1. Log into Salesforce:

   • Navigate to Setup.

   • Search for Single Sign-On Settings.

   • Click Edit to enable Single Sign-On if it is not already enabled.

2. Create a New SAML Configuration:

   • Click New from Metadata File or New to enter details manually.

   • The following information should populate from the xml file:

     • Identity Provider Certificate: Upload the certificate from Okta.

     • Issuer (Entity ID): Found in Okta SAML setup instructions.

     • SAML Single Sign-On Service URL: Okta’s Single Sign-On URL.

   • Enter desired name and api name. Click Save.

3. Download Salesforce metadata.

   • Return to Okta Application.

   • Select General and Edit SAML Settings.

   • Copy ACS and Audience URI from Salesforce metadata xml file.

   • Return to Salesforce and single sign-on settings. The settings page should look different now.

   • Select Edit.

   • Select SAML Enabled and Save.

4. Update Domain.

   • Search Domain.

   • Scroll down to My Domain.

   • Scroll down to Authentication Configuration. Select Edit.

   • Select your_app_name and Save.

3. Assign Users

1. Navigate to Salesforce in Okta:

   • Go to Applications > Salesforce.

   • Click Assignments.

2. Assign Users or Groups:

   • Select and assign the application to the relevant users or groups.

3.      Assign Users in Salesforce:

o    Okta user information and Salesforce user information should match.

1.      Profile: Salesforce Platform User.

2.      Ensure you mark account as active.

4. Test the Integration

1. Initiate SSO:

   • Log into Okta. (use the audience url/ entity ID url)

   • Once you successfully enter your user credentials you should be redirected to Salesforce.

Note: The Salesforce user profile will be blank if your user does not have any Salesforce permissions assigned.

Troubleshooting Tips

• User Profile Mismatch: Ensure user identifiers match between Okta and Salesforce.

• Certificate Errors: Verify the IDP metadata uploaded to Salesforce. 

Key Learning Objective

By completing these steps, you will have successfully integrated Okta with Salesforce using SAML, enabling secure and seamless user authentication.