In Elastic SSO do the following:

  1. Initialize the Identity Provider if you have not already. This is done under Manage SSO, Identity Provider. You must be have the SAML Admin role in order to access it.

  2. Go to Manage SSO, Service Providers, Add Service Provider which will start the wizard.

    1. Basic Settings
      1. Under Entity ID , enter the Salesforce base domain or custom domain (depends on your Salesforce configuration. Please see Salesforce documentation). If you are not using a custom domain, the value is: https://saml.salesforce.com
      2. Choose SAML 2.0 for SAML Version.
      3. You can enter any App Name you see fit.
      4. Obtain the Salesforce x.509 certificate and paste the contents into Public Certificate.
      5. Click Next.
    2. Advanced Settings
      1. Select urn:oasis:names:tc:SAML:2.0:nameid-format:email as the NameID Format
      2. Select urn:oasis:names:tc:SAML:2.0:attrname-format:uri as the Attribute Name Format.
      3. Click Next.
    3. ACS Endpoints
      1. For Location , you can find this within the Salesforce Single Sign-On Settings. They call it Salesforce Login URL.
      2. For Binding choose HTTP-POST.
    4. Skip SLO Endpoints.
    5. Attribute Maps Here you can optionally configure Elastic SSO to send over additional user attributes to Salesforce. For example, in Salesforce if you are using “Identity is in an Attribute element”, then you will need to add an attribute map accordingly, then configure Salesforce to use the attribute.

      In Salesforce , you will need the Issuer. This is referring to the Identity Provider Entity ID. You can find this value under Manage SSO, Identity Provider. There you can also find all the necessary information for completing the Salesforce integration. See here for more documentation on Salesforce.