Search Knowledge Base by Keyword


This guide describes the SAML integration process of WinKK Passport to be used as the Identity Provider for Salesforce.

WinKK Passport Initial Configurations

  1. Open, login with your profile, and open the Applications tab.
  2. Add a new application.
Winkk Passport Applications Tab
  • Name – doesn’t matter
  • URL – doesn’t matter, can be
  • Interface – SAML2
  • Authentication type – doesn’t matter
  • Audience and ACS URL should be left blank
  1. Click Save and leave this tab opened in a browser to view the created app’s identifier and fill the rest fields later:

Salesforce Configurations

  1. Log into Salesforce, navigate to the Setup
  1. Open Company Settings -> My Domain in the SETTINGS section of menu. In the opened screen register some domain for your company, if it wasn’t done yet.
  1. Open Identity -> Single Sign-On Settings in the SETTINGS section of menu.
  2. Then click New from Metadata File button in the opened panel.
  1. Download the metadata file from and provide it in the opened setup screen.
  2. Click Create.
  1. In the opened screen fill all configs in the following way.
  • Name – doesn’t matter, can be Winkk Passport IdP
  • API Name – doesn’t matter, can be Winkk_Passport_IdP
  • Issuer – Winkk Passport IdP
  • Entity ID –
  • Identity Provider Certificate – can be obtained at
  • Request Signature Method – select RSA-SHA256
  • SAML Identity Type – select Assertion contains the User’s Salesforce username
  • SAML Identity Location – select Identity is in the NameIdentifier element of the Subject statement
  • Service Provider Initiated Request Binding – select HTTP POST
  • Identity Provider Login URL, where YOUR_APPLICATION_ID is the identifier obtained in the previous section
  • Custom Logout URL and Custom Error URL – should be left blank
  • Single Logout Enabled – should be checked
  • Identity Provider Single Logout URL, where YOUR_APPLICATION_ID is the identifier obtained in the previous section, and should be replaced with some URL to redirect to after logout
  • Single Logout Request Binding – select HTTP POST
  • User Provisioning Enabled – should be unchecked
  1. Click Save
  2. Make sure SAML Enabled option is checked in the Single Sign-On Settings home screen

WinKK Passport Final Configurations

  1. After the previous step, Salesforce will provide Entity ID and OAuth 2.0 Token Endpoint configs
  1. Return to the tab with the created application in WinKK Passport and fill:
  • Audience – with Entity ID from Salesforce
  • ACS URL – with OAuth 2.0 Token Endpoint from Salesforce
  1. Click Save.
  2. To initiate a SAML-based authentication go to the Identity Provider Login URL configured in Salesforce. During the SAML authentication make sure to use a profile in the WinKK Passport mobile app with completely filled personal information and a validated email of some user actually registered in Salesforce in your organization.
Was this article helpful?
How can we improve this article?

Leave a Reply

Your email address will not be published. Required fields are marked *