logo
Courses Blog About Contact Communities Membership Login

Secure your Salesforce CRM with Okta Single Sign On

Thu Jun 6, 2024

Integration of Salesforce CRM with Okta

In this article,  I am going to show you step by step instruction on securing your Salesforce instance using Okta Single Sign On SAML protocol. We will configure the app in identity provider (Okta) and enable SAML authentication for your workforce.

SAML (Security Assertion Markup Language) is a protocol designed to exchange identities between two system, Identity Provider and a Service Provider. 
Identity Provider authenticates the user and generates SAML Assertion with required identity attributes which is parsed by Service Provider to identify the user and authorization.

Step 1: Configure Okta

  1. Log in to Okta:
    • Go to your Okta dashboard and log in with your admin credentials.
  2. Add the Salesforce Application:
    • In the Okta Admin console, navigate to Applications.
    • Click Browse App Catalog and search for Salesforce.
    • Click Add next to the Salesforce app.
  3. General Settings:
    • Assign the name for your Salesforce app in Okta.
    • Click Next.
  4. Sign-On Options:
    • Choose SAML 2.0 as the Sign-On method.
    • Click View Setup Instructions to see the details needed for Salesforce configuration.
  5. Configure SAML Settings:
    • Fill in the required fields:
      • Single Sign-On URL: This is the URL where Okta sends the SAML assertion. (This URL will be provided by Salesforce)
      • Audience URI (SP Entity ID): Typically, this is the Salesforce URL.
      • Default Relay State: Leave this blank unless specified by Salesforce.
      • Name ID Format: Usually, this is set to EmailAddress.
      • Application Username: Okta username format, typically set to Email.
  6. Attributes (Optional):
    • Add any additional SAML attributes if required by Salesforce.
  7. Finish and Save:
    • Click Done to save your settings.

Step 2: Configure Salesforce

  1. Log in to Salesforce:
    • Log in to Salesforce with your admin credentials.
  2. Setup Single Sign-On Settings:
    • Go to Setup.
    • In the Quick Find box, type Single Sign-On Settings, and select it.
    • Click Edit and then enable SAML Enabled.
    • Save the settings.
  3. New SAML Single Sign-On Setting:
    • Click New to create a new SAML SSO setting.
    • Fill in the required fields:
      • Name: A descriptive name for the SSO setting.
      • Issuer: This is the Okta SAML issuer URL.
      • Identity Provider Certificate: Upload the certificate from Okta (this is provided in the setup instructions from Okta).
      • Identity Provider Login URL: This is the Single Sign-On URL from Okta.
      • Identity Provider Logout URL: Optional, if you want to configure SLO (Single Logout).
      • Service Provider Initiated Request Binding: Typically HTTP POST.
  4. Entity ID and ACS URL:
    • Copy the Entity ID and Assertion Consumer Service (ACS) URL from Salesforce to the respective fields in Okta.
  5. Name ID Format:
    • Ensure the Name ID format matches what you configured in Okta (typically EmailAddress ).
  6. Save Settings:
    • Save the SAML SSO settings in Salesforce.

Step 3: Test the Integration

  1. Assign Users:
    • In Okta, assign users or groups to the Salesforce application.
  2. Test SSO:
    • Attempt to log in to Salesforce from the Okta dashboard.
    • If configured correctly, users should be redirected to Salesforce without needing to enter additional credentials.

Azad Shaik
Okta Enthusiast!

Launch your GraphyLaunch your Graphy
100K+ creators trust Graphy to teach online
askmeidentity 2025 Privacy policy Terms of use Contact us Refund policy