Loading
Service Degradation: Knowledge Search and Agent ResponsesRead More
Own from Salesforce
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Enable Asserted Encryption with SSO

            You are here:

            1. Salesforce Help
            2. Docs
            3. Own from Salesforce

            Enable Asserted Encryption with SSO

            In order to meet FAL2 requirements, your IdP may need to sign assertions it generates. Find the variables you need to enter in your IdP to enable encrypted assertion.

            Encrypted assertion is not supported for the FedRAMP region.

            Create an Encryption Certificate

            1. Follow the enablement steps in Single Sign On (SSO), until your unique parameters are generated in Own.
            2. Click Download XML File.
            3. Open the downloaded file in a text editor that supports XML.
            4. In the file that opens, use Ctrl + F to search for “<ds:X509Certificate>”.
            5. Copy the value in between the “<ds:X509Certificate>” and “</ds:X509Certificate>” tags (without including the tags). This is your encryption certificate.
            6. Open a new text file and paste the content into it. Save the file as a .pem file (for Azure Entra ID, save the file as a .cer file).
              You now have an encryption certificate file to upload to your IdP. Some IdPs also request the Encryption Algorithm and/or Key Transport Algorithm. The algorithms we use are:

              Encryption Algorithm: AES256-CBC

              Key Transport Algorithm: RSA-OAEP

            Continue setting up your SAML app within your IdP.

            Set Up SAML App

            Proceed according to your Identity Provider.

            1. Okta - In the app's SAML Settings:
              1. Click Show Advanced Settings.
              2. In the Asserted Encryption drop-down, select Encrypted.
              3. In the Encryption Algorithm drop-down, select AES256-CBC.
              4. In the Key Transport Algorithm drop-down, select RSA-OAEP.
              5. Click Browse files… next to the Encryption Certificate field and upload your encryption certificate.
            2. Azure Entra ID - In the application page:
              1. Select Token encryption.
              2. Click Import Certificate to upload your encryption certificate.
              3. Click the … menu next to the thumbprint status and select Activate token encryption certificate.
            3. Salesforce - In the connected app page:
              1. Select Encrypt SAML Response to upload the encryption certificate.
              2. In the Encryption Method field, enter AES-256.
            4. Ping - In the app’s Configuration tab:
              1. Select Encryption.
              2. Select AES_256 as your algorithm for encrypting assertions.
              3. Import your encryption certificate.
             
            Loading
            Salesforce Help | Article