Loading
Salesforce now sends email only from verified domains. Read More
Identify Your Users and Manage Access
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Configure SSO from Salesforce to Juniper Networks Instant Virtual Extranet

            You are here:

            1. Salesforce Help
            2. Docs
            3. Identify Your Users and Manage Access

            Configure SSO from Salesforce to Juniper Networks Instant Virtual Extranet

            Let your users log in to Juniper Networks IVE using single sign-on (SSO) from your Salesforce org configured as an identity provider.

            Required Editions

            Available in: Lightning Experience and Salesforce Classic
            Available in: Enterprise, Performance, Unlimited, and Developer Editions

            When you set up Juniper as a service provider and create a connected app in Salesforce, users can access Juniper using their Salesforce login credentials. Juniper supports the SAML protocol for both identity provider–initiated and service provider–initiated SSO.

            Follow these high-level steps to configure SSO for Salesforce to Juniper.

            See Also

            Set Up Your Salesforce Org as an Identity Provider

            With the My Domain feature, your Salesforce org is enabled as an identity provider. My Domain is required for all orgs. If you don’t like your org’s My Domain name, you can change it.

            The My Domain feature also creates a certificate and key pair. The certificate establishes trust between your Salesforce org and ADP. Optionally, you can use another self-signed certificate or import a CA-signed certificate.

            To download the Salesforce self-signed certificate:

            1. From Setup, enter Identity Provider in the Quick Find box, and select Identity Provider.
            2. Click Download Certificate.

            Configure SAML Settings in Juniper

            1. Log in to your Juniper account as a SAML-enabled administrator.
            2. Under Authentication and Signing In, go to the Sign-in SAML page.
            3. In Juniper, to configure SAML settings for Salesforce as the identity provider, select Identity Provider.
            4. To add Salesforce as a SAML peer, under Peer Service Provider Configuration, click Add SP.
              add Salesforce as a SAML peer
            5. Configure the peer service provider settings.
              1. For Entity ID, enter https://saml.salesforce.com.
                Configure the peer service provider
              2. Select Customize IdP Behavior.
              • Select Override Default Configuration.
              • Select Accept unsigned AuthnRequest.
              • For Session Lifetime, select Role Based.
              • Enter a sign-in policy that Salesforce uses for authentication.
              • For Subject Name Format, select Email Address.
              • For Subject Name, to restrict access to users in a domain, enter a domain name as a part of the name template.
              select Customize IdP Behavior
            6. Under Authentication and Signing In, go to the SAML page and click New Metadata Provider.
              select New Metadata Provider
            7. Configure settings for the authorization server.
              • For SAML Version, select 2.0.
              • For SA Entity Id, enter the URL for your Juniper entity.
              • For Configuration Mode, select Metadata.
              • For Identity Provider Entity Id, enter the URL for your Salesforce identity provider, such as https://MyDomainName.my.salesforce.com. For example, https://identitydemo.my.salesforce.com.
              • For Identity Provider Single Sign On Service URL, enter https://MyDomainName.my.salesforce.com/idp/endpoint/HttpRedirect.
              • For SSO Method, select Post.
              • Select the Salesforce identity provider certificate that you downloaded earlier.
              configure the identity provider settingsselect the certificate
            8. Save the settings.

            Create a Connected App in Salesforce

            1. In Salesforce, create a connected app.
              • In Lightning Experience, from Setup, enter App in the Quick Find box, and select App Manager. Click New Connected App.
              • In Salesforce Classic, from Setup, enter Apps in the Quick Find box, and select Apps. Under Connected Apps, click New.
            2. Configure the connected app Basic Information settings.
              1. Enter a name for the Juniper connected app. Salesforce uses this name to populate the API name.
              2. Enter your email address in case Salesforce must contact you or your support team.
              3. Optionally, upload or specify a logo and icon to represent your Juniper application in the Salesforce App Launcher.
              basic settings for the connected app
            3. Configure the connected app Web App Settings.
              1. Select Enable SAML.
              2. For Entity Id, enter the URL for your Juniper entity. For example, https://connect5.acmegizmo.com/dana-na/auth/saml-endpoint.cgi?p=sp1.
              3. For ACS URL, enter a URL for the Juniper assertion consumer service. For example, https://connect5.acmegizmo.com/dana-na/auth/saml-consumer.cgi.
              4. For Subject Type, select Federation ID. A federation ID is a unique value assigned to the user across multiple web services and Salesforce orgs.
              5. For Name ID Format, keep the default value.
              6. For Issuer, keep the default value, which is your My Domain login URL.
              7. For IdP Certificate, keep the default (Default IdP Certificate).
              web app settings for the connected app
            4. Save the settings.
            5. Configure profiles and permission sets for the connected app.
              1. From Setup, enter Apps in the Quick Find box.

                If you’re using Lightning Experience, select Manage Connected Apps.

                If you’re using Salesforce Classic, under Manage Apps, select Connected Apps.

              2. Click the name of your connected app for Juniper. The connected app detail page appears.
              3. Click Manage Profiles or Manage Permission Sets, and add profiles or permission sets for users who can access this app.
            6. In Salesforce, enter the start URL for the connected app.
              1. On the connected app detail page, under SAML Login Information, copy the IdP-initiated login URL.
              2. On the connected app detail page, click Edit Policies.
              3. For Start URL, enter the IdP-initiated login URL, appending the URL encoding of the SP-initiated login URL with the RelayState attribute. For example, https://MyDomainName.my.salesforce.com/idp/login?app=0spi00000008OJX&RelayState=https%3A%2F%2Fconnect5.acmegizmo.com%2Fsfidentity.
              4. Save the settings.

            Test the Connected App

            1. In Salesforce, from the App Launcher, find and open the Juniperapp. If you configured the Juniper logo and icon for the connected app, the App Launcher displays them. If identity provider–initiated SSO is configured properly, Salesforce creates an application session.
              select the Juniper logo from the App Launcher
            2. To test service provider–initiated SSO, enter the URL to log in to your Juniper Networks IVE domain. If SSO is configured properly, you’re prompted to log in to your Salesforce org. After you log in successfully with your Salesforce credentials, Salesforce redirects you to your initial request URL. You’re logged in to your Juniper account.
             
            Loading
            Salesforce Help | Article