Create a Connected App for SSO in Salesforce

To use Salesforce as your identity provider while using single sign on, configure the correct settings for your app integration.

Important Connected apps creation is restricted as of Spring ‘26. You can continue to use existing connected apps during and after Spring ‘26. However, we recommend using external client apps instead. If you must continue creating connected apps, contact Salesforce Support.

See New connected apps can no longer be created in Spring ‘26 for more details.

For additional information refer to Salesforce's Integrate Service Providers as Connected Apps with SAML 2.0 documentation.

To integrate a service provider with your Salesforce org, you can use a connected app that implements SAML 2.0 for user authentication. Salesforce supports SAML single sign-on (SSO) when the service provider or the identity provider initiates the flow. To use this option, configure a connected app with SAML 2.0 enabled for your service provider. Define your Salesforce org as the SAML identity provider.

To set up SSO into a SAML service provider, enable your org as a SAML identity provider, and integrate the service provider as a SAML-enabled connected app.

1. Log in to Salesforce.
2. In Setup go to Identity and select Identity Provider. If your org is not enabled as an IdP, click Enable Identity Provider, then click Save.
3. In Setup go to External Client Apps and select Settings.
4. Click New Connected App.
5. In the Basic Information section, enter a Connected App Name and Contact Email.
6. In the Web App Settings, select Enable SAML. The SAML options will appear.
7. In the ACS URLs field, enter any URL (it will be replaced with the correct parameter later on).
8. Enter any value in the Entity Id field.
9. Set the Subject Type to Email.
10. Set the Name ID Format to email address.
11. Set the Signing Algorithm for SAML Messages to SHA256.
12. Click Save.
13. (Optional) For an SP-Initiated SSO, note the SP-Initiated POST Endpoint URL.
14. In Setup go to Identity and select Identity Provider.
15. In the Details section, note the Issuer. This is the Identity Provider Issuer in the Own Data Platform.
16. Click Download Certificate.
17. Enter these values in the corresponding fields in the Own Data Platform.

    (Optional: To enable SP-Initiated sign in, enable the SP-Initiated checkbox, copy the SP-Initiated POST Endpoint URL value from Salesforce and paste it into the IdP SSO URL field.)

    Click Next.

    It may take a few minutes to verify your settings.

18. Once your settings are verified, the IdP Parameters will be displayed.
19. In Salesforce, in Setup go to Apps and select App Manager.
20. Select the newly created Connected App and click Edit.
21. Enter the IdP Parameters from the Own Data Platform in the corresponding fields.

    Parameter in Own	Parameter in Salesforce
    Audience URI (SP Entity ID)	Entity Id
    Single Sign-On URL	ACS URL
    Default RelayState	Start URL

22. Click Save.