{"type":"doc","content":[{"type":"paragraph","content":[{"text":"This article describes how to set up Salesforce as an Identity Provider in a service initiated flow; this means users can log in directly to Pricefx using Salesforce credentials without running the Salesforce app. If you want to run Pricefx as an app in Salesforce, follow the guide at ","type":"text"},{"text":"Create and Configure an App in Salesforce Classic","type":"text","marks":[{"type":"link","attrs":{"__confluenceMetadata":{"isRenamedTitle":true,"linkType":"page","contentTitle":"Create and Configure an App in Salesforce Classic","versionAtSave":"19"},"href":"https://pricefx.atlassian.net/wiki/spaces/UNITY/pages/5482283637"}}]},{"text":".","type":"text"}]},{"type":"paragraph","content":[{"text":"Read the ","type":"text"},{"text":"Configure SAML in Pricefx","type":"text","marks":[{"type":"link","attrs":{"__confluenceMetadata":{"isRenamedTitle":true,"linkType":"page","contentTitle":"Configure SAML in Pricefx","versionAtSave":"63"},"href":"https://pricefx.atlassian.net/wiki/spaces/UNITY/pages/5482709697"}}]},{"text":" section first. Salesforce documentation can be found here: ","type":"text"},{"text":"Salesforce as a SAML Identity Provider","type":"text","marks":[{"type":"link","attrs":{"href":"https://help.salesforce.com/articleView?id=sf.sso_sfdc_idp_saml_parent.htm&type=5"}}]}]},{"type":"paragraph","content":[{"text":"In this section:","type":"text"}]},{"type":"extension","attrs":{"layout":"default","extensionType":"com.atlassian.confluence.macro.core","extensionKey":"toc","parameters":{"macroParams":{"_parentId":{"value":"5481759431"}},"macroMetadata":{"macroId":{"value":"ad5c7dd5-22f8-4de8-98b0-3ee5b45fb8f9"},"schemaVersion":{"value":"1"},"title":"Table of Contents"}},"localId":"42cc5672-5fa7-4e60-ac9f-f910ee59731d"}},{"type":"heading","attrs":{"level":1},"content":[{"text":"Create Connected Application","type":"text"}]},{"type":"orderedList","attrs":{"order":1},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Log in to Salesforce as administrator.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Go to Build > Create > Apps and click 'New'.","type":"text"},{"type":"hardBreak"},{"type":"inlineExtension","attrs":{"extensionType":"com.atlassian.confluence.migration","extensionKey":"inline-media-image","parameters":{"width":"933","id":"4d59a7ea-1d73-42cb-b676-433749c2ddd9","collection":"contentId-5481759431","height":"400"}}}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Fill in the following fields in the Basic Information section:","type":"text"}]},{"type":"orderedList","attrs":{"order":1},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Connected App Name – The unique name of your application, e.g., Quote Configurator.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"API Name – Application name used by the API (cannot contain spaces or special characters), so e.g., Quote_Configurator.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Contact Email – ","type":"text"},{"text":"support@pricefx.com","type":"text","marks":[{"type":"link","attrs":{"href":"mailto:support@pricefx.com"}}]}]}]}]},{"type":"mediaSingle","attrs":{"layout":"center","width":55.0},"content":[{"type":"media","attrs":{"__fileSize":33138,"__fileMimeType":"image/png","width":716,"id":"335733ef-12e9-4f43-9cd9-d0e92a90e42c","collection":"contentId-5481759431","type":"file","__fileName":"CreateAndConfigureAnAppInSalesforce01.png","height":271},"marks":[{"type":"border","attrs":{"size":2,"color":"#091e4224"}}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Check the Enable OAuth Settings box and:","type":"text"}]},{"type":"orderedList","attrs":{"order":1},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Enter the Callback URL: https://","type":"text"},{"text":"","type":"text","marks":[{"type":"em"}]},{"text":".pricefx.com/sdk/callback.html (it can be different, please ask the Pricefx support).","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Add 'Full access (full)' as the Selected OAuth Scope.","type":"text"}]}]}]},{"type":"mediaSingle","attrs":{"layout":"center","width":55.0},"content":[{"type":"media","attrs":{"__fileSize":84691,"__fileMimeType":"image/png","width":817,"id":"e86fe34c-bec9-4a62-9d04-e0f75c1e3a26","collection":"contentId-5481759431","type":"file","__fileName":"CreateAndConfigureAnAppInSalesforce02.png","height":482},"marks":[{"type":"border","attrs":{"size":2,"color":"#091e4224"}}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"In the Web App Settings section: ","type":"text"}]},{"type":"orderedList","attrs":{"order":1},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Check the Enable SAML box.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Enter the Entity Id: https://","type":"text"},{"text":"","type":"text","marks":[{"type":"em"}]},{"text":".pricefx.com/pricefx/","type":"text"},{"text":"","type":"text","marks":[{"type":"em"}]},{"text":"/saml/consume/","type":"text"},{"text":"","type":"text","marks":[{"type":"em"}]},{"text":" (customize for your partition. You can omit SAML Configuration Name, in that case Configuration Name \"DEFAULT\" will be used).","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Enter the ACS URL: https://","type":"text"},{"text":"","type":"text","marks":[{"type":"em"}]},{"text":".pricefx.com/pricefx/","type":"text"},{"text":"","type":"text","marks":[{"type":"em"}]},{"text":"/saml/consume/","type":"text"},{"text":"","type":"text","marks":[{"type":"em"}]},{"text":" (customize for your partition. You can omit SAML Configuration Name, in that case Configuration Name \"DEFAULT\" will be used).","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"If you want all users to use the same RelayState parameter, append ?RelayState=","type":"text"},{"text":"","type":"text","marks":[{"type":"em"}]},{"text":" (use your relay state name as the value, e.g. ?RelayState=quoteConfigurator) to the end of both URLs above. If you don't specify it in the URLs, you need to provide the RelayState parameter in the signon URL that will be given to the end users.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Leave the default settings for the other options.","type":"text"}]}]}]},{"type":"mediaSingle","attrs":{"layout":"align-start","width":46.0},"content":[{"type":"media","attrs":{"__fileSize":55695,"__fileMimeType":"image/png","width":652,"id":"b7bd53d0-91ef-49cc-a40b-3fca2bfd7593","collection":"contentId-5481759431","type":"file","__fileName":"CreateAndConfigureAnAppInSalesforce03.png","height":300},"marks":[{"type":"border","attrs":{"size":2,"color":"#091e4224"}}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Save the settings.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Go to Apps > Connected Apps > Manage Connected Apps and find your new application in the list.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Click Edit and set OAuth Policies to 'Admin approved users are pre-authorized'.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Click Save and in the list of applications click your application's name.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"In the Profiles section, click Manage Profiles and add all profiles which will use this application and click Save.","type":"text"}]},{"type":"mediaSingle","attrs":{"layout":"center","width":87.0},"content":[{"type":"media","attrs":{"__fileSize":220119,"__fileMimeType":"image/png","width":1682,"id":"b14bde0c-147a-4aa2-a7eb-cb41cd72f342","collection":"contentId-5481759431","type":"file","__fileName":"Profiles access.png","height":913},"marks":[{"type":"border","attrs":{"size":2,"color":"#091e4224"}}]}]}]}]},{"type":"heading","attrs":{"level":1},"content":[{"text":"Configure SAML SSO in Pricefx","type":"text"}]},{"type":"paragraph","content":[{"text":"Take the following steps:","type":"text"}]},{"type":"orderedList","attrs":{"order":1},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"In Salesforce, go to Setup > Identity > Identity Provider and click Download Certificate to get the public certificate of the Identity Provider.","type":"text"},{"type":"hardBreak"},{"type":"inlineExtension","attrs":{"extensionType":"com.atlassian.confluence.migration","extensionKey":"inline-media-image","parameters":{"width":"700","id":"9489c8e7-c106-4eb2-8aa9-eaea61771012","collection":"contentId-5481759431","height":"402"}}}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"In Pricefx, go to Configuration > System Configuration > External Systems > ","type":"text"},{"text":"SAML Configuration","type":"text","marks":[{"type":"link","attrs":{"__confluenceMetadata":{"isRenamedTitle":true,"linkType":"page","contentTitle":"Configure SAML in Pricefx","versionAtSave":"63"},"href":"https://pricefx.atlassian.net/wiki/spaces/UNITY/pages/5482709697"}}]},{"text":" and create a new configuration (\"DEFAULT\" or any other name).","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"In this new SAML configuration in Pricefx make the following settings:","type":"text"}]},{"type":"orderedList","attrs":{"order":1},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Select 'email' in NameID Mapping.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Enter the 'IdP Initiated Login URL' of the SAML SSO page of the Identity Provider. This can be found in Salesforce > Setup > Settings > Identity > Single Sign-On Settings if SSO is enabled.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Paste the previously downloaded public certificate into the IdP Certificate field. Use the following commands to convert the certificate file from .crt to .pem format.","type":"text"}]},{"type":"paragraph","content":[{"text":"Mac","type":"text","marks":[{"type":"strong"}]}]},{"type":"codeBlock","attrs":{"language":"shell"},"content":[{"text":"openssl x509 -in SelfSignedCert_13Jul2017.crt -outform PEM -out o.pem\ncat o.pem","type":"text"}]},{"type":"paragraph","content":[{"text":"Windows","type":"text","marks":[{"type":"strong"}]}]},{"type":"codeBlock","attrs":{"language":"shell"},"content":[{"text":"type SelfSignedCert_13Jul2017.cr","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Add a new relay state:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Set relayStateName to ","type":"text"},{"text":"\"quoteConfigurator\"","type":"text","marks":[{"type":"em"}]},{"text":" (or any other name).","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Set relayStateURL to where the canvas app is located. The pattern will be as follows: https://","type":"text"},{"text":"","type":"text","marks":[{"type":"em"}]},{"text":".pricefx.com/app/?partition=","type":"text"},{"text":"","type":"text","marks":[{"type":"em"}]},{"text":"&applicationEnvironment=standalone&confName=","type":"text"},{"text":"","type":"text","marks":[{"type":"em"}]}]}]}]}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Click ","type":"text"},{"text":"Save","type":"text","marks":[{"type":"strong"}]},{"text":".","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Once all this is configured, you can provide this specific URL to the users to log in: ","type":"text"},{"type":"hardBreak"},{"text":"https://.pricefx.com/pricefx//saml/signon","type":"text","marks":[{"type":"code"}]},{"text":" ","type":"text"},{"type":"hardBreak"},{"text":"If you did not set up the RelayState parameter in the web app settings, append ","type":"text"},{"text":"?RelayState=","type":"text","marks":[{"type":"code"}]},{"text":" (use your relay state name as the value, e.g. ?RelayState=quoteConfigurator) to the end of both URLs above. Only then the SSO login will work. If you go to the regular Pricefx home page URL, e.g. https://.pricefx.com, there will still be the Pricefx login screen.","type":"text"},{"type":"hardBreak"},{"text":"Note that this sign-on link is different for each partition.","type":"text"}]}]}]}],"version":1}

Browser not supported