SSO with Salesforce

Tenfold SSO Configuration with Salesforce

To set up SSO with Salesforce as the Identity Provider for Tenfold, follow these updated steps:

1. Enable Identity Provider in Salesforce:
   • From Setup, use the Quick Find box to search and select Identity Provider.
   • Configure a domain name: Enter a subdomain name and check its availability. If available, click Register Domain.
   • Test the domain and deploy it to users.
2. Download Identity Provider Metadata and Certificate:
   • Once Identity Provider is enabled, download the certificate and metadata file for later use in Tenfold.
3. Create a Connected App for SAML Integration:
   • Search for and select App Manager in the Quick Find box, then click New Connected App.
   • In the Basic Information and Web App Settings sections, provide the following:
     1. Connected App Name: Set this to Tenfold.
     2. Enable SAML.
     3. Enter the following:
        • ACS URL (Assertion Consumer Service URL): https://dashboard.tenfold.com/corporate-login/callback
        • Entity ID: sso.tenfold.com
     4. Set Subject Type to Username.
     5. Set Name ID Format to urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress.
     6. Select your IDP Certificate from the dropdown.
   • Click Save.
4. Assign Profiles to the Connected App:
   • After saving, click Manage Profiles.
   • Select all the profiles that need access to use SSO with Tenfold.
5. Enable SAML Settings:
   • In Setup, search for Single Sign-On Settings in the Quick Find box.
   • Check the box to Enable SAML.
6. Add Attribute Statements:
   • Add additional Attribute Statements for proper user profile creation in Tenfold:
     • Name: firstName → Value: user.firstName
     • Name: lastName → Value: user.lastName 
       • Note: Although additional attribute statements are optional, they ensure that user profiles in Tenfold match Salesforce user names correctly. Failing to include Email, firstName, and lastName may result in inconsistencies.
7. Configure SSO in Tenfold Dashboard:
   • In the Tenfold dashboard, navigate to the Single Sign-On configuration page.
   • Set the Domain to the value that users will enter when logging in (e.g., acme.org).
   • Upload the Metadata XML file downloaded in Step 2.
   • Click Save.
8. Test the Corporate Login via Tenfold:
   • On the Tenfold login page, navigate to the Corporate Login tab and enter the configured domain name from Step 7.
   • Enter your Salesforce login credentials. After successful login, you will be redirected to the Tenfold dashboard.

You are now ready to authenticate Tenfold users using Salesforce as the Identity Provider.

Multi-tenant configuration

Overview: If your organization leverages multiple, disparate Tenfold environments you will need to enable Multi-tenant within the Single Sign On feature setup to enable connectivity from a single Identity Provider (Salesforce) to the various Tenfold environments. This will allow Tenfold to know which specific environment a user should authenticate into on sign on within Salesforce

• Select the 'Enable Multi-Tenant' setting at the bottom of the Single-Sign On page for each of the Tenfold environments that will be leveraging SSO from a single Identity Provider.
• Within the connected application within Salesforce, at the bottom of the setup page, you will note a section to configure 'Custom Attributes' for SAML. Create a new 'Custom Attribute' which can be user to associate users to the proper Tenfold environment. 
  • This could be a new, custom field such as 'Tenfold Organization,' or an existing field such as Call Center ID. What is important is that the value should be unique and align 1:1 with which Tenfold environment they are using. Each user should have the value entered that aligns with the proper Tenfold environment on their Salesforce user record.

• Select the desirable field from the 'User' object. The field should be a free text, or formula field. Some fields, such as picklist fields, may not be emitted in the SAML payload.

• Save your changes within Salesforce.
• Re-upload the SAML metadata file to each of the Tenfold environments following the above changes.
• Select the 'Custom Field' drop down from each of the Tenfold environments you are enabling Multi-tenant SSO. Enter in the Custom Field that you configured in the Custom Attribute section of the Salesforce Connected app. 
  • Note: that custom fields with Salesforce will need to be entered exactly as the API field is written ie "tenfold_organization__c". Enter in the unique value into the value section that aligns with the user population groups in Salesforce associated to that Tenfold environment. Ensure that each Tenfold environment has its own unique 'Domain' name.

• Press Save in Tenfold.