Loading
Salesforce now sends email only from verified domains. Read More
Identify Your Users and Manage Access
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Configure SSO from Salesforce to ADP

            You are here:

            1. Salesforce Help
            2. Docs
            3. Identify Your Users and Manage Access

            Configure SSO from Salesforce to ADP

            Let your users log in to ADP using single sign-on (SSO) from your Salesforce org configured as an identity provider.

            Required Editions

            Available in: Lightning Experience and Salesforce Classic
            Available in: Enterprise, Performance, Unlimited, and Developer Editions
            Note
            Note Configuring SSO for ADP is not a self-service process. ADP might offer SSO access based on service agreements or company size. In addition, ADP might require an evaluation or extra agreements. Contact your ADP representative to request more information.

            If ADP helps you set up SSO and you create a connected app in Salesforce, users can access ADP using their Salesforce login credentials. Follow these high-level steps to configure SSO for Salesforce to ADP.

            Set Up Your Salesforce Org as an Identity Provider

            With the My Domain feature, your Salesforce org is enabled as an identity provider. My Domain is required for all orgs, If you don’t like your org’s My Domain name or circumstances warrant a change, you can rename it.

            With the My Domain feature, your Salesforce org is enabled as an identity provider. My Domain is required for all orgs. If you don’t like your org’s My Domain name, you can change it.

            To download the Salesforce self-signed certificate:

            1. From Setup, enter Identity Provider in the Quick Find box, and select Identity Provider.
            2. Click Download Certificate.

            Provide SAML Settings to ADP

            To enable your Salesforce org to authenticate users to ADP, give this information to your ADP representative.

            • Assertion Issuer URL, for example, https://MyDomainName.my.salesforce.com/.
            • A signing certificate, such as the identity provider certificate that you downloaded.

            Create a Connected App in Salesforce

            1. In Salesforce, create a connected app.
              • In Lightning Experience, from Setup, enter App in the Quick Find box, and select App Manager. Click New Connected App.
              • In Salesforce Classic, from Setup, enter Apps in the Quick Find box, and select Apps. Under Connected Apps, click New.
            2. Configure the connected app Basic Information settings.
              1. Enter a name for the ADP connected app. Salesforce uses this name to populate the API name.
              2. Enter your email address in case Salesforce needs to contact you or your support team.
              3. Optionally, upload or specify a logo and icon to represent your ADP application in the Salesforce App Launcher.
            3. Configure the connected app Web App Settings.
              1. Select Enable SAML.
              2. For Entity Id, enter the URL for your ADP domain, for example, https://fed.adp.com.
              3. For ACS URL, enter the URL provided by your ADP representative.
              4. For Subject Type, select Persistent ID or Custom Attribute. The subject type is the method attribute by which a username in ADP maps to a Salesforce user identity. This field can contain a random value.
              5. For Name ID Format, select urn:oasis:names:tc:SAML:1.1:nameid-format:transient.
              6. For Issuer, keep the default value, which is your My Domain login URL.
              7. For IdP Certificate, keep the default (Default IdP Certificate).
            4. Save the settings.
            5. Configure a custom attribute for the connected app.
              1. From Setup, enter Apps in the Quick Find box.
                • If you’re using Lightning Experience, select Manage Connected Apps.
                • If you’re using Salesforce Classic, under Manage Apps, select Connected Apps.
              2. Click the name of your connected app for ADP. The connected app detail page appears.
              3. Under Custom Attributes, click New.
              4. Enter the attribute key PersonImmutableID with a value of $User.Id.
              5. Save the settings.
            6. On the connected app detail page, click Manage Profiles or Manage Permission Sets. Add profiles or permission sets for users who can access this app.
            7. In Salesforce, enter the start URL for the connected app.
              1. On the connected app detail page, under SAML Login Information, copy the IdP-initiated login URL.
              2. On the connected app detail page, click Edit Policies.
              3. For Start URL, enter the IdP-initiated login URL. Optionally, add RelayState= with the parameter of the ADP service that you’re trying to access.
              4. Save the settings.

            Test the Connected App

            1. In Salesforce, from the App Launcher, find and open the ADP app. If you configured the ADP logo and icon for the connected app, the App Launcher displays them.
            2. If SSO is configured properly, Salesforce creates an application session.

            See Also

             
            Loading
            Salesforce Help | Article