Search Knowledge Base by Keyword
This guide describes the SAML integration process of WinKK Passport to be used as the Identity Provider for Salesforce.
WinKK Passport Initial Configurations
- Open passport.winkk.com/partner, login with your profile, and open the Applications tab.
- Add a new application.
- Name – doesn’t matter
- URL – doesn’t matter, can be https://www.salesforce.com
- Interface – SAML2
- Authentication type – doesn’t matter
- Audience and ACS URL should be left blank
- Click Save and leave this tab opened in a browser to view the created app’s identifier and fill the rest fields later:
- Log into Salesforce, navigate to the Setup
- Open Company Settings -> My Domain in the SETTINGS section of menu. In the opened screen register some domain for your company, if it wasn’t done yet.
- Open Identity -> Single Sign-On Settings in the SETTINGS section of menu.
- Then click New from Metadata File button in the opened panel.
- Download the metadata file from passport.winkk.com/saml2a/metadata.xml and provide it in the opened setup screen.
- Click Create.
- In the opened screen fill all configs in the following way.
- Name – doesn’t matter, can be Winkk Passport IdP
- API Name – doesn’t matter, can be Winkk_Passport_IdP
- Issuer – Winkk Passport IdP
- Entity ID – https://saml.salesforce.com
- Identity Provider Certificate – can be obtained at passport.winkk.com/partner/example/idp.winkk.com.crt
- Request Signature Method – select RSA-SHA256
- SAML Identity Type – select Assertion contains the User’s Salesforce username
- SAML Identity Location – select Identity is in the NameIdentifier element of the Subject statement
- Service Provider Initiated Request Binding – select HTTP POST
- Identity Provider Login URL https://passport.winkk.com/saml2a/YOUR_APPLICATION_ID/auth, where YOUR_APPLICATION_ID is the identifier obtained in the previous section
- Custom Logout URL and Custom Error URL – should be left blank
- Single Logout Enabled – should be checked
- Identity Provider Single Logout URL https://passport.winkk.com/saml2a/logout?client_id=YOUR_APPLICATION_ID&RelayState=https://demowinkk-dev-ed.my.salesforce.com, where YOUR_APPLICATION_ID is the identifier obtained in the previous section, and https://demowinkk-dev-ed.my.salesforce.com should be replaced with some URL to redirect to after logout
- Single Logout Request Binding – select HTTP POST
- User Provisioning Enabled – should be unchecked
- Click Save
- Make sure SAML Enabled option is checked in the Single Sign-On Settings home screen
WinKK Passport Final Configurations
- After the previous step, Salesforce will provide Entity ID and OAuth 2.0 Token Endpoint configs
- Return to the tab with the created application in WinKK Passport and fill:
- Audience – with Entity ID from Salesforce
- ACS URL – with OAuth 2.0 Token Endpoint from Salesforce
- Click Save.
- To initiate a SAML-based authentication go to the Identity Provider Login URL configured in Salesforce. During the SAML authentication make sure to use a profile in the WinKK Passport mobile app with completely filled personal information and a validated email of some user actually registered in Salesforce in your organization.
Was this article helpful?