Articles in this section

Manage Single Sign-On

Avatar
Stephanie Rodriguez
  • Updated
Follow

SalesLoft supports the use of single sign-on identity providers (also called SSO or SAML). These are session and user authentication services, such as OneLogin, Okta or Active Directory, that permit a user to use one set of login credentials to access multiple applications. 

In this article, we provide a walkthrough of how to set up several popular IDPs, including:

Okta Instructions

To set up single sign-on to your Okta server follow these steps: 

1. Log into SalesLoft as you usually would and navigate to Single Sign-On in your Team Settings

2. Now, we need some information from Okta, as you can see:

2019-04-11_16-33-59.png

3. We need to configure the SalesLoft application there and find the RelayState. Open Okta in a new tab and navigate to Applications in the top menu.

Screen_Shot_2017-02-08_at_3.04.50_PM.png

4. Click the green Create New App button on the top left of the list. 

Screen_Shot_2017-02-08_at_3.06.51_PM.png

5. Select SAML 2.0 and click Create

Screen_Shot_2017-02-08_at_3.06.56_PM.png

6. You will be directed to the Create SAML Integration page. In the General Settings, enter the App name field SalesLoft and click Next

Screen_Shot_2017-02-08_at_3.09.40_PM.png

7. Now, you will Configure the SAML Settings with the following information:

OKTA_SAML_setup._Ignore_field_for_Default_RelayState.png

  • Single sign-on URL: https://accounts.salesloft.com/auth/saml-callback
  • Audience URI: SalesLoft

8. Click Next, and on the next screen, select "I'm an Okta customer adding an internal app." It is optional to complete the rest of this page, as it is information Okta collects to understand your app integration. 

Screen_Shot_2017-02-08_at_3.21.34_PM.png

9. Click Finish. You will be redirected to the Sign On page for the SalesLoft app in Okta.

10. Click the Identity Provider metadata link to download the metadata file.

Screen_Shot_2017-02-08_at_3.24.00_PM.png

11. Now, we need to associate the SalesLoft app with your Okta profile. From Okta navigate to Directory and select People, and click on your user. 

Screen_Shot_2017-02-08_at_3.31.05_PM.png

12. Click Assign Applications and click Assign next to the SalesLoft app. 

Screen_Shot_2017-02-08_at_3.33.10_PM.png

13. Click Save and Go Back, and you should see Assigned next to the SalesLoft app listing: 

Screen_Shot_2017-02-08_at_3.33.26_PM.png

14. Your user should now have the SalesLoft app assigned to them as well (like below): 

Screen_Shot_2017-02-08_at_3.34.41_PM.png

15. Go back into the SalesLoft Single-Sign On Settings page, and follow the instructions to Enable Single-Sign On

Salesforce IDP Instructions

In order to setup your Salesforce IDP, we need to configure the SalesLoft application in Salesforce and find the RelayState. Follow the instructions listed below to configure your Salesforce IDP:

1. Open Salesforce in a new tab and enter the word domain in the Quick Find/Search bar on the left side.

Screen_Shot_2017-07-13_at_12.24.41_PM.jpg

2. Select My Domain from the list, and follow the on-screen instructions to set up your domain.

Screen_Shot_2017-07-13_at_12.24.57_PM.jpg

3. Now, use the Quick Find bar on the left of the page and enter Apps. Or you can navigate to the page by selecting Build, then click Create, and, finally, Apps.

Screen_Shot_2017-07-13_at_12.28.44_PM.jpg

4. From the Apps page, scroll to the very bottom section and find Connected Apps. Click the New button. 

Screen_Shot_2017-07-13_at_12.33.02_PM.png

5. Now you will create a new app. Fill in the fields with the information below:

  • Connected App Name: SalesLoft
  • API Name: SalesLoft
  • Contact Email: Use the email address which matches your admin login in SalesLoft
  • Enable SAML: True (check checkbox)
  • Entity Id: SalesLoft
  • ACS URL: https://accounts.salesloft.com/auth/saml-callback
  • Subject Type: Username
  • Name ID Format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

Screen_Shot_2017-07-12_at_2.47.11_PM.jpg

6. Once the fields are completed, click Save at the bottom of the page. Now, the SalesLoft app has been saved.

7. Go to the quick search bar. Enter the word Identity Provider. Select Identity Provider nested under Security Controls.

8. Click the Enable Identity Provider button. 

Screen_Shot_2017-07-13_at_2.48.43_PM.jpg

9. In the Quick Find/Search bar on the left side, enter the word app. Select Connected Apps.

Screen_Shot_2017-07-13_at_12.41.13_PM.jpg

10. From the Connected Apps page, locate the SalesLoft app you've just created, and select it.

11. Scroll down to the SAML Login Information section and copy the IdP-Initiated Login URL.

12. Click the Edit Policies button at the top of the page. Paste the URL you just copied into the Start URL field.

SalesForceIDP-_Leave_relay_state_off_Start_URL.png

13. Click Save.

14. Scroll to the bottom of the screen and find the Profiles. Click the Manage Profiles button.

15. Select profiles for any types of users in Salesforce who will need SSO access in SalesLoft. Click Save.

Screen_Shot_2017-07-13_at_3.02.54_PM.jpg

16. Copy the entire URL in the Start URL field (you may need to "edit policies" to get to a longer URL).

17. Go to the Apps page (Search for "Apps" in the quick find or return to Build>Create>Apps).

18. Under Connected Apps, click the SalesLoft app listed.

19. Confirm that the Start URL is present in the Web Apps section. If it is not, click the edit button and then paste in the URL you just copied.

20. Delete any text in the Issuer field.

21. From the Connected Apps section, select the SalesLoft app. Scroll to the SAML Login Information section and click the Download Metadata button. 

Screen_Shot_2017-07-13_at_3.10.07_PM.jpg

22. Go back into the SalesLoft Single-Sign On Settings page, and follow the instructions to Enable Single-Sign On.

OneLogin Instructions

We need to configure the SalesLoft application from OneLogin and find the RelayState. Follow the instructions below to configure and find the RelayState:

1. Open OneLogin in a new tab.

2. Navigate to Apps and then Add Apps in the top menu: 

Screen_Shot_2017-02-13_at_8.49.17_AM.png

3. Click the blue Add App button on the top right.

Screen_Shot_2017-02-13_at_8.50.21_AM.png

4. Search for Test connector and select SAML Test Connector (IdP).

Screen_Shot_2017-02-13_at_8.56.44_AM.png

5. Enter SalesLoft (IdP) as the display name and click Save

Screen_Shot_2017-02-13_at_8.57.55_AM.png

6. Now select Configuration. Enter the following field information:

OneLogin_-_Ignore_field_for_RelayState.png

  • Audience: SalesLoft
  • Recipient: https://accounts.salesloft.com/auth/saml-callback
  • ACS (Consumer) URL Validator: ^https:\/\/accounts\.salesloft\.com
  • ACS (Consumer) URL: https://accounts.salesloft.com/auth/saml-callback

7. Click Save.

8. On the next screen, select More Actions. Click SAML Metadata to download the Metadata XML file. You will need this on the SalesLoft Single Sign-In configuration page.

Screen_Shot_2017-02-13_at_9.06.15_AM.png

9. Go back into the SalesLoft Single-Sign On Settings page, and follow the instructions to Enable Single-Sign On.

Google SSO through SAML

To set up SAML for Google SSO, follow these steps:

Things to Note: You must be a Google Admin in order to complete the setup.   

1. Log into your Admin G-Suite Account.

Screen_Shot_2018-02-22_at_3.12.08_PM.png

2. Navigate to Apps.

3. Select SAML Apps.

Screen_Shot_2018-02-22_at_3.12.27_PM.png

4. Hit the Yellow Plus (+) in the bottom right corner to add a new SAML app.

5. Select Setup my own custom app.

6. Download the IDP metadata file, this is the file we need to upload to SalesLoft

7. Hit Next

8. Enter the Application Name: SalesLoft.

9. (Optional) Add SalesLoft logo

10. Hit Next.

11. Update the Service Provider Details with the following URL information.

googleSSO_11.png

12. Hit Next.

13. Hit Finish.

14. Select SAML Apps on the top Navigation bar. 

15. Find your newly created SAML and select the three vertical dots to the right. 

16. Select Turn on for everyone or for the specific group you need. 

17. Go back into the SalesLoft Single-Sign On Settings page, and follow the instructions to Enable Single-Sign On

Microsoft Azure Instructions

In order to set up SSO for Microsoft Azure, we need to add a new application to Azure AD, configure the SalesLoft application with Microsoft Azure, and upload the metadata to SalesLoft. Follow the instructions listed below to configure your Microsoft Azure SSO:

1. Click Azure Active Directory.

2. Click Enterprise applications.

AD_Panel_-_final.png

3. Click + New application at the top of the panel.

4. Select Non-gallery application

Add_your_own_app.png

5. Name it "SalesLoft" and click the Add button at the bottom.

6. Select Single sign-on from the navigation panel.

 App_Panel.png

7. Set the Single Sign-on Mode to SAML-based Sign-on.

8. Set the Identifier (Entity ID) to "SalesLoft".

Microsoft_Azure_-_Leave_relay_state_off_Reply_URL_and_leave_field_for_Relay_State__optional__blank..png

9. Set the User Identifier to user.mail.

2019-02-11_14-29-49.png

10. Copy the App Federation Metadata URL. 

Metadata.png

11. In your web browser, navigate to the url that you copied.

12. Click File and then Save As to save the file. You can name it whatever you like as long as it has a .xml extension.

13. Go back into the SalesLoft Single-Sign On Settings page, and follow the instructions to Enable Single-Sign On

Enabling and Disabling Single Sign-On

Once everything is set up on the application end, you can enable single sign-on in your SalesLoft account. Follow the instructions below:

1. Go to the SalesLoft Single-Sign On Settings page.

2. Click the Choose File button to upload the metadata file from your provider. 

Screen_Shot_2017-02-13_at_10.01.53_AM.png

3. Once the file has been uploaded, you can test that your configuration is correct by clicking the Test SSO Login button. If you have successfully configured your account, this will redirect your account to the new sign-in screen and log you into SalesLoft. 

Screen_Shot_2017-02-08_at_3.37.39_PM.png

4. Click Enable SSO Login to apply it to your entire team. Things to Note: this will take effect immediately for all team members! 

Screen_Shot_2017-02-08_at_3.38.35_PM.png

Once you've enabled SSO, you may disable it at any time from the same settings page. 

Screen_Shot_2017-02-13_at_9.08.24_AM.png

What If My Solution Is Not Listed?

If you are using an internal IDP solution or another IDP not listed here, these are the credentials typically used for setup (please contact support@SalesLoft.com if we do not list a credential you need):

  • Audience/Audience URI: SalesLoft
  • Recipient/ACS URL/Single sign-on URL: https://accounts.salesloft.com/auth/saml-callback
  • ACS (Consumer) URL Validator: ^https:\/\/accounts\.salesloft\.com

SSO Troubleshooting

Relay State is not required: If you have an existing Relay State, then you may leave it as is. If you are configuring SAML/SSO for SalesLoft for the very first time, it is advised to leave the Relay State blank.

I get an error message that says, "Sorry, you can't access SalesLoft because you are not assigned this app in Okta," when I click "Test SSO Login." This means you have not assigned this application to your profile during setup in Okta. Go back to this step and assign the app, and then try again.

I get an error message that says, "There was an error while trying to parse your metadata file. Please try again." Typically this happens when you uploaded the wrong file or file type, such as a CSV. Please check that you are uploading the metadata XML file you downloaded from Okta. This could also happen if your metadata file is corrupted; when this happens, you can usually re-download a fresh copy of the metadata file and try again.

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk