Setting up Single-Sign On (SSO)

Follow

We now support the use of single sign-on (also called SSO or SAML) identity providers, such as OneLogin, Okta or Active Directory. These are session and user authentication services that permit a user to use one set of login credentials to access multiple applications.

We provide a walkthrough of several popular IDPs here. Please note, you must be a SalesLoft admin to configure SSO within the app.

If you are using an internal IDP solution or another IDP not listed here, these are the credentials typically used for setup (please contact support@SalesLoft.com if we do not list a credential you need):

  • Audience/Audience URI: SalesLoft 
  • Recipient/ACS URL/Single sign on URL: https://accounts.salesloft.com/auth/saml-callback
  • ACS (Consumer) URL Validator: ^https:\/\/accounts\.salesloft\.com
  • RelayState: Use the RelayState listed at the top of your SalesLoft SSO Settings page, in red:

 

Okta Instructions

Log into SalesLoft as you usually would, using your user name and password, and navigate to Settings > Single Sign-On:

Now, we need some information from Okta, as you can see:

We need to configure the SalesLoft application there, and find the RelayState. Open Okta in a new tab and navigate to "Applications" in the top menu:

 

Now, click the green "Create New App" button on the top left of the list

 

 

And select "SAML 2.0" and click "create."

 

On this page, the only required field is an app name. Please enter "SalesLoft" and click "Next."

On this page, there are several fields to fill in:

  • Single sign on URL: https://accounts.salesloft.com/auth/saml-callback
  • Audience URI: SalesLoft
  • Default RelayState: Use the RelayState listed at the top of the SalesLoft SSO Settings page, in red:

Click Next, and on the next screen, select "I'm an Okta customer adding an internal app." It is optional to complete the rest of this page, as it is information Okta collects to understand your app integration.

Click Finish, and you will be redirected to the "Sign On" page for the SalesLoft app in Okta. Here, click the "Identity Provider metadata" link to download the metadata file.

We now need to associate the SalesLoft app with your Okta profile. Navigate to Directory > People, and click on your user.

Click "Assign Applications" and click "Assign" next to the SalesLoft app.

Then click "Save and Go Back," and the app should now say "Assigned" next to it:

You should now see that your user has the SalesLoft app assigned to it:

 

Now, go back into the SalesLoft Single-Sign On Settings page, and click the "Choose File" button to upload the metadata file from Okta.

Once the file has been uploaded, you can test that your configuration is correct by clicking the "Test SSO Login" button. If you have successfully configured your account, this will redirect your account to the new sign-in screen and log you into SalesLoft.

You can now click "Enable SSO Login to apply it to your entire team. Please note, this will take effect immediately for all team members!

Once you've enabled SSO, you can always disable it at a later point from the same settings page:

 

Salesforce IDP Instructions

Log into SalesLoft as you usually would, using your user name and password, and navigate to Settings > Single Sign-On:

Now, we need some Metadata information from Salesforce:

We need to configure the SalesLoft application there, and find the RelayState. Open Salesforce in a new tab and enter the word "domain" in the Quick Find/Search bar on the left side.

Screen_Shot_2017-07-13_at_12.24.41_PM.jpg

Select "My Domain" from the list, and follow the on-screen instructions to set up your domain:

Screen_Shot_2017-07-13_at_12.24.57_PM.jpg

 Now, use the Quick Find bar again and enter "Apps." Select Build>Create>Apps:

Screen_Shot_2017-07-13_at_12.28.44_PM.jpg

Scroll to the very bottom section, "Connected Apps," and click the "new" button.

Screen_Shot_2017-07-13_at_12.33.02_PM.png

 

We have several fields here to fill in 

  • Connected App Name: SalesLoft
  • API Name: SalesLoft 
  • Contact Email: Use the email address which matches your admin login in SalesLoft
  • Enable SAML: True (check checkbox)
  • Entity Id: SalesLoft
  • ACS URL: https://accounts.salesloft.com/auth/saml-callback
  • Subject Type: Username
  • Name ID Format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

Screen_Shot_2017-07-12_at_2.47.11_PM.jpg

Click "Save" at the bottom of the page.

Enter the word "Identity Provider" in the Quick Find/Search bar on the left side and select "Identity Provider" under "Security Controls."

Click the "Enable Identity Provider" button.

Screen_Shot_2017-07-13_at_2.48.43_PM.jpg

Next, enter the word "app" in the Quick Find/Search bar on the left side and select "Connected Apps."

Screen_Shot_2017-07-13_at_12.41.13_PM.jpg

Locate the SalesLoft app you've just created, and select it. Scroll down to the "SAML Login Information" section and copy the IdP-Initiated Login URL.

Click the "Edit Policies" button at the top of the page. Enter the URL you just copied into the "Start URL" field, and then add this to the end of the URL: &RelayState=team-1000000000 (replace "team-1000000000" with the Relay State listed at the top of your SalesLoft SSO Settings page, in red)

Click Save.

Scroll to the bottom of the screen and click the "manage profiles" button. Select profiles for any types of users in Salesforce who will need SSO access in SalesLoft. Click save.

Screen_Shot_2017-07-13_at_3.02.54_PM.jpg

Now, copy the entire URL in the "Start URL" field (you may need to "edit policies" to get to a longer URL).

Search for "Apps" in the quick find and return to Build>Create>Apps. Scroll to the bottom and click the SalesLoft app listed under the Connected App section.

Confirm that the Start URL is present in the "Web Apps" section. If it is not, click the edit button and then paste in the URL you just copied. If there is any text in the "Issuer" field, delete it.

Search for "Apps" in the quick find again and return to the "Connected Apps" section. Select the SalesLoft app, and then click the "Download Metadata" button in the SAML Login Information section.

Screen_Shot_2017-07-13_at_3.10.07_PM.jpg

 

Now, go back into the SalesLoft Single-Sign On Settings page, and click the "Choose File" button to upload the metadata file from Salesforce.

Once the file has been uploaded, you can test that your configuration is correct by clicking the "Test SSO Login" button. If you have successfully configured your account, this will redirect your account to the new sign-in screen and log you into SalesLoft.

You can now click "Enable SSO Login" to apply it to your entire team. Please note, this will take effect immediately for all team members!

Once you've enabled SSO, you can always disable it at a later point from the same settings page:

 

OneLogin Instructions

Log into SalesLoft as you usually would, using your user name and password, and navigate to Settings > Single Sign-On:

Now, we need some information from OneLogin, as you can see:

We need to configure the SalesLoft application there, and find the RelayState. Open OneLogin in a new tab and navigate to "Apps" and then "Add Apps" in the top menu:

 

Now, click the blue "Add App" button on the top right.

Search for "test connector" and select "SAML Test Connector (IdP)."

 

Enter "SalesLoft (IdP) as the display name and click "Save."

 

Now select "Configuration." There are several fields to enter here: 

 

  • Audience: SalesLoft 
  • Recipient: https://accounts.salesloft.com/auth/saml-callback
  • ACS (Consumer) URL Validator: ^https:\/\/accounts\.salesloft\.com
  • ACS (Consumer) URL: https://accounts.salesloft.com/auth/saml-callback
  • RelayState: Use the RelayState listed at the top of the SalesLoft SSO Settings page, in red:

Click Save, and on the next screen, select "More Actions" and click "SAML Metadata" to download the Metadat XML file. You will need this on the SalesLoft Single Sign-In configuration page.

 

 

 

Now, go back into the SalesLoft Single-Sign On Settings page, and click the "Choose File" button to upload the metadata file from OneLogin.

Once the file has been uploaded, you can test that your configuration is correct by clicking the "Test SSO Login" button. If you have successfully configured your account, this will redirect your account to the new sign-in screen and log you into SalesLoft.

You can now click "Enable SSO Login to apply it to your entire team. Please note, this will take effect immediately for all team members!

Once you've enabled SSO, you can always disable it at a later point from the same settings page:

 

_______

Common configuration issues:

1. I get an error message that says, "Sorry, you can't access SalesLoft because you are not assigned this app in Okta," when I click "Test SSO Login." This means you have not assigned this application to your profile during setup in Okta. Go back to this step and assign the app, and then try again. 

2. I get an error message that says, "There was an error while trying to parse your metadata file. Please try again." Typically this happens when you uploaded the wrong file or file type, such as a CSV. Please check that you are uploading the metadata XML file you downloaded from Okta. This could also happen if your metadata file is corrupted; when this happens, you can usually re-download a fresh copy of the metadata file and try again.

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk