Salesforce: SAML SSO Step By Step Instructions

Considerations Before Setting Up

• For Single Sign-On (SSO) to work correctly, Salesforce usernames and Engage usernames must match. Engage username is the user's email address.
• These instructions assume that a Salesforce Connected App has already been created (see Salesforce: Integration Step By Step Instructions)

Setup Process

1. In Salesforce, go to Settings :: Identity :: Identity Provider
   1. Click Enable Identity Provider (If necessary)
   2. Create a new certificate  (If necessary)  Suggested name: "ProteusEngageSSO"
   3. Download the Identity Provider Metadata and send to your contact at Proteus
2. In Salesforce, go to Settings :: Apps :: App Manager and select Edit on the Engage Connect App.
   
   1. Check Enable SAML checkbox in the Web App Settings area (right below API (Enable OAuth Settings) area)
   2. In both Entity Id and ACS URL fields, enter: https://api.proteusengage.co/ws/saml-proxy-sp
   3. Change Name ID Format to be the one that ends with emailAddress
   4. Use the drop-down to choose the certificate just created under SAML
   5. Click Save
3. In Engage, Configure SSO (by an Engage support staff)
   1. Add a SAML component to the regular admin login page
   2. Use the HttpRedirect URL from SalesForce IDP
   3. SAML Proxy URL should be set to https://api.proteusengage.co/ws/saml-proxy-sp 

Questions? Please let us know!  Email engage@proteus.co or your Client Success Manager.