How to Configure Salesforce as an Identity Provider for User Access Manager

Follow

Integrating Salesforce with User Access Manager via OAuth 2.0 allows users to authenticate using their Salesforce credentials, streamlining access without the need for traditional Identity Provider (IdP) setup in Salesforce. This guide will outline how to configure this integration.

Prerequisites

Ensure you have administrative access to both Salesforce and User Access Manager.

Step 1: Create a Connected App in Salesforce

• Navigate to App Manager: In Salesforce, go to Setup -> Apps -> App Manager.
  
  
• Create New Connected App: Click on ‘New Connected App’. Fill in the essential details:
  • Name: DataClarity SSO
  • API Name: Automatically filled based on the name.
  • Contact Email: Your email address.
    
    
• Enable OAuth Settings: Check ‘Enable OAuth Settings’. Specify the Callback URL from User Access Manager.
  • • Callback URL: The URL where Salesforce will send the user after authentication (provided by User Access Manager).
    • https://<your-dataclarity-url>/auth/realms/<your-dataclarity-tenant>/broker/salesforce/endpoint
    • 
      Selected OAuth Scopes: Choose scopes such as ‘Access and manage your data (api)’ and ‘Perform requests on your behalf at any time (refresh_token, offline_access)’.
      The following scopes are recommended to be included:
      • Access the identity URL service (id, profile, email, address, phone)
      • Access unique user identifiers (openid)
      • Perform requests at any time (refresh_token, offline_access)
    •  
• Save and Note Credentials: After saving, record the Consumer Key and Consumer Secret.

1. Step 2: Configure Salesforce in User Access Manager

   1. Log into User Access Manager: Access the admin console.
   2. Add Identity Provider:
      • Go to Identity Providers and select ‘Add provider’.
      • Choose ‘OpenID Connect v1.0’.
   3. Input Configuration Details:
      • Alias: salesforce
      • Client ID: The Consumer Key from Salesforce.
      • Client Secret: The Consumer Secret.
      • Authorization URL: https://<your-salesforce-domain>.my.salesforce.com/services/oauth2/authorize
      • Token URL: https://<your-salesforce-domain>.my.salesforce.com/services/oauth2/token
      • User Info URL: https://<your-salesforce-domain>.my.salesforce.com/services/oauth2/userinfo
      • Default Scopes: Match these to those configured in Salesforce. Minimum (id profile email openid)
      • Client authentication: Client secret sent as post

2. Step 3: Map User Attributes (optional)

   1. Create Mappers:
   2. In the Salesforce identity provider settings within User Access Manager, select ‘Mappers’ -> ‘Create’. Set up mappers for attributes like first name, last name, and email.
   3. Mapper Type: Attribute Importer
   4. User Attribute: Correspond to User Access Manager attributes (e.g., firstName, lastName, email).

Step 4: Test the Integration

1. Assign default role: Go to Roles -> Assigned Roles and select a Consumer role that will be automatically granted to newly provisioned users,
2. Initiate a Login: Attempt to log in using Salesforce credentials.
3. Check for Seamless Authentication: Ensure that user user data is accurately fetched and populated. You should see the newly user added to the Users list.

Conclusion

By following these streamlined steps, you can set up Salesforce as an OAuth Identity Provider, enhancing both security and user experience across your applications with effective Single Sign-On capabilities.