System and System Line Configuration

This section provides all information which is relevant for the configuration of a System Line and a System of kind 'Salesforce'. It can be created and administrated in the Portal's menu System Lines.

System Line

The System Line configuration is equivalent to the other kinds of System Line configurations:

Kind: Salesforce
Authentication: Enabled
Short Name: As usual a descriptive and identifying name

System

The configuration for a specific Salesforce System is the same for all kind of Salesforce Objects.

System data

Short Name: A descriptive and identifying name
Location: Assign the System to a Location (has to be created and enabled before)
Authentication (further information in the section Authentication Configuration):
- Azure AD SAML
- OAuth2 Password Flow

After providing the System data information and saving additional information is required:

Technical Parameters

API_VERSION: Optional selection of the API version (e.g., '60.0'). If no version is provided, the default version is set, but changing the default value may cause compatibility issues. All available versions can be found here: https://<MyDomainName>.my.salesforce.com/services/data/
HOST_NAME: Salesforce base URL / hostname.

Authentication Configuration

The following authentication methods can be used for Systems of kind 'Salesforce'.

SAML (over Azure AD)

Identity Provider Name: Use Azure ActiveDirectory SAML SSO for all Virtual Datasets of this system.
SAML Version: e.g. SAML Version 2.0

Please configure Azure and Salesforce according to the Microsoft documentation:

Set up Single Sign-On with SAML

We recommend to use "user.userprincipalname" attribute as the Unique User Identifier (Name ID), but that depends on the SAML Identity Type in your Salesforce SAML configuration. We also recommend to store the user's E-Mail in the user's Federation ID and to select "Federation ID" for SAML Identity Type in the Salesforce SSO settings. Please be aware that the username - by default - is handled case sensitive by Salesforce. In Azure you can use the attribute transformation feature in the "Attribute & Claims" section to transform Name ID to lowercase or uppercase or (if you use "Federation ID") you can enable the setting "Make Federation ID case-insensitive" in Salesforce.

Please make sure to enable "Federated Single Sign-On Using SAML".

In case of problems or errors, please use the "SAML Validator" in the "Single Sign-On Settings" section of your Salesforce administration.

Azure AD Configuration

If you followed the instructions, you should see "Salesforce" in your App Registrations. In Section "Expose an API" you need to add "VDP Global SignIn" with Client ID "4bcd414f-a74c-47dc-84c6-3c867d6515b2" to the "Authorized client applications" with an authorization for the impersonation scope.

In the Enterprise Applications you need to decide wether 1) all your users should be able to use the SAML Authentication or 2) only dedicated users.

Go to the Salesforce Enterprise Application: For 1) In "Properties" set "Assignment required" to "No" For 2) In "Users and Groups" add the users or groups who should be able to use SAML.

After "Save and Enable" the System is available and can be connected by using Functions.

OAuth2 Password Flow

OAuth2 User Name
OAuth2 Password
OAuth2 Client ID
OAuth2 Client Secret

System Line​

System​

Authentication Configuration​

SAML (over Azure AD)​

Azure AD Configuration​

OAuth2 Password Flow​