Learn how to configure Salesforce as your identity provider to work with SSO authentication for Firebolt.
Salesforce is a cloud-based customer relationship management platform that offers applications for sales, marketing, commerce and IT. Salesforce supports implementing secure login systems with authentication methods including single-sign on (SS0).
To integrate Salesforce with Firebolt’s platform, you must configure your Salesforce organization as a SAML identity provider (IdP) for an external service. Then, you must configure Firebolt’s SSO to work with Salesforce. Detailed instructions can be found in the following sections:
.crt
to a local drive.openssl x509 -in original.crt -out sfcert.pem -outform PEM
In the previous code example, replace original.crt
with the name of your downloaded certificate.Open the downloaded xml file and find the SingleSignOnService binding, Location attribute, which ends with ../HttpPost
. It will look like: https://<your-salesforce-account>.my.salesforce.com/idp/endpoint/HttpPost
. Save this value to be used as the SignOnURL in Firebolt SSO configuration.
3. Select Download Certificate, and convert the downloaded .crt file to PEM format. You could do this using the following command:
openssl x509 -in original.crt -out sfcert.pem -outform PEM
where original.crt
is the name of the downloaded .crt file.
4. Select on the provided link to create a new connected app in Salesforce.
5. You will be redirected to the Manage Connected Apps / New Connected App view. Fill in required fields Connected App Name, API Name (for instance, type ‘Firebolt’) and Contact email.
6. Move to Web App Settings, and check the Enable SAML box.
7. Fill in the Entity Id field with value: urn:auth0:app-firebolt-v2:<organization_name>-<provider>
,
where
<organization_name>
is the name of the organization in Firebolt, and<provider>
is the IdP name, ‘salesforce’ in this case
For example:
urn:auth0:app-firebolt-v2:acmeorg-salesforce
https://id.app.firebolt.io/login/callback?connection=<organization_name>-<provider>&organization=<organization_identifier>
For example:
https://id.app.firebolt.io/login/callback?connection=acmeorg-salesforce&organization=org_82u3nzTNQPA8RyoM
<org_name>
represents the Organizational name used to create your Firebolt Account. The org name is referenced in your vanity URL.
<provider>
represents the provider we’re configuring as our IdP.<organization_identifier>
is the unique identifier for your Organization. To retrieve your<organization_identifier>
, you can navigate to Configure > SSO in the Firebolt UI, and Click Copy organization SSO identifier.
Once your Identity Provider(IdP) is configured, you can now configure Firebolt to integrate with your IdP. This can be done using either the Firebolt UI, or using SQL.
To configure the Firebolt SSO integration with Salesforce using the UI, Navigate to Configure > SSO in Firebolt.
Once there, enter your Sign-on URL, Issuer, Provider, Label, Certificate, and field-mappings, where
signOnUrl
: The sign-on URL, provided by the SAML identity provider, to which Firebolt sends the SAML requests. The URL is IdP-specific and is determined by the identity provider during configuration.
signoutUrl(optional)
: The sign-out URL, provided by the application owner, to be used when the user signs out of the application.```
issuer
: A unique value generated by the SAML identity provider specifying the issuer value.
provider
: The provider’s name - for example: Salesforce
.
label
: The label to use for the SSO login button. If not provided, the Provider field value is used.
certificate
: The certificate to verify the communication between the identity provider and Firebolt. The certificate needs to be in PEM or CER format, and can be uploaded from your computer by choosing Import certificate or entered in the text box.
field mapping
: Mapping to your identity provider’s first and last name in key-value pairs. If additional fields are required, choose Add another key-value pair. Mapping is required for Firebolt to fill in the login’s given and last names the first time the user logs in using SSO.
Here’s an example of how to set up field mapping:
In the previous code example, given_name
is your first name, and is mapped to the “name” field from the IDP. The family_name
is your last name, and is mapped from the “surname” field.
Values for SQL to create the SSO connection are as follows:
where
signOnURL
is the SAML 2.0 endpoint value copied during Salesforce setup,issuer
is the name of the issuer, ‘salesforce’ in this case,provider
is the IdP name, ‘salesforce’ in this case,label
is text that will appear on the Sign in form (this defaults to <organization_name>-<provider>
if a value is not provided, for instance acme-salesforce), andcertificate
is the X.509 certificate in PEM format downloaded during setup.