For Single Sign-On (SSO) to work with your Higher Logic site, create a Security Assertion Markup Language (SAML)-connected app in your Salesforce environment. Follow the steps below to create the application.
To create the connected app, make sure that Salesforce is not using the new Lightning interface. To do this, follow the steps below:
- Navigate to the top right corner of the page and click the profile icon.
- Under OPTIONS, select Switch to Salesforce Classic.
This should revert the view into the traditional Salesforce UI. You should now be able to install the connected app following the steps below.
Create a connected application
- Click Setup in the upper part of the screen.
- On the left side of the page, scroll down to the Build > Create and select Apps.
- Scroll down to the Connected Apps section and click New to create a connected app.
- Here are the parameters used in the screenshot.
- Follow the naming convention for the Connected App Name, API Name (should be auto generated), and Contact Email.
- Under Web App Settings, check Enable SAML to display the rest of the information.
- Set the Entity Id to HigherLogic. The only time when this could be different is if there are multiple connected apps for multiple Higher Logic Community sites. An engineer or a project manager will clarify if that is necessary.
- Set the ACS (Assertion Consumer Service) URL to the Higher Logic endpoint using the following format.
- Click Save to create the connected app.
Create the custom attribute
- Click Manage next to the Connected Apps page. If any properties above need to be edited, click Edit instead. These pages contain different information for a connected app.
- Click New in the Custom Attributes section.
- Specify ContactId as the Attribute key. This is case sensitive, so specify it as shown.
The formula field should be using the CASESAFEID function as this will output the 18-digit Contact ID, as in CASESAFEID($User.ContactId). Click Save.
You must add user profiles or you will encounter a “user not authorized to login using the app” when they try to login to Higher Logic. Follow the instructions but you might need to add more profiles depending on how many custom profiles were created for your Salesforce community.
To manage permissions of which users can use SSO, Salesforce profiles must be added.
- Click Manage Profiles in the Profiles section.
- Select any profiles that require SSO between the Higher Logic Community and Salesforce community. These profiles need to be for Salesforce Users who have an associated Contact and access to both communities. Click Save at the bottom right when you finish checking the profiles.
The connected app has now been setup. Higher Logic will require some fields to finish setup.
Back to the Manage Connected App view, under SAML Login Information, send the SP-Initiated POST Endpoint (for the correct Salesforce community domain) to your Higher Logic project manager.