Salesforce

Overview

This document describes the procedure to configure your organization's Salesforce application within the AdminX portal to use it as a passwordless authentication solution for your organization's Salesforce users. This integration will allow your users to log in to their Salesforce account leveraging their biometrics. The biometric options include Touch ID / Face ID and LiveID.

Before you Begin

You will need the following resources and privileges to complete this integration:

1. Admin access to the following:
   • AdminX portal: If your organization is not registered with the AdminX portal, visit the Sign Up page for your organization’s AdminX portal registration. The 1Kosmos representative will create an account for your respective organization within the AdminX portal.
   • Salesforce instance. Visit the Salesforce Developer site for Salesforce registration.

caution

Note: This integration will not work with the Sandbox edition of Salesforce.

2. Install on your mobile device:
   • BlockID mobile application (Compatible with iOS and Android devices). Visit the BlockID for Android or BlockID for iOS to download the application.

Assumptions

• With the above prerequisites, you should now successfully be registered and be able to login to:

• AdminX portal

• Your organization's Salesforce instance with access to the Setup screen.

• Installed and registered the BlockID mobile application.

• Launch the BlockID mobile application and follow the on-screen instructions to register your app with the BlockID Platform to enroll your biometrics. Visit the Enroll Biometrics (Touch ID / Face ID and LiveID) section of the BlockID mobile application User Guide for step by step understanding of the Biometrics Enrollment process within the BlockID mobile application.

Perform the following tasks to enable this integration:

1. Salesforce configurations
2. AdminX portal configurations

List of Topics:

• Salesforce configurations
  • Create Salesforce Security Token
• AdminX portal configurations
• Salesforce Admin domain configurations for auto-generated SP configuration by AdminX portal
  • Update Single Sign-On settings
  • Update User details
  • Set default Authentication Configuration
• Test the SAML Single Sign-On Connection

Salesforce configurations

These configurations need to be performed before integrating your Salesforce application into the AdminX portal.

Note:

The following steps will be performed by your Salesforce administrator.

1. Login to your Salesforce site.
2. From the top right corner, navigate to Settings (gear icon) > Setup. The Salesforce Home page is displayed with the Setup screen.
3. Copy and save your Salesforce domain URL to use it while performing Salesforce integration in the AdminX portal. For example, https://<your_domain>.my.salesforce.com.

Create Salesforce Security Token

You will also need a Salesforce security token to use while performing Salesforce integration into the AdminX portal.

1. Login to your Salesforce lightning experience site, click on your avatar, and navigate Settings > Reset My Security Token.

2. Click Reset Security Token. The new security token will be generated and sent to you in your email.

3. Click the Salesforce security token value received on our email and save it to use while performing the Salesforce integration in the AdminX portal.

AdminX portal configurations

This is a one-click app Salesforce integration that will automatically generate a Service Provider (SP) configuration in Salesforce with the name BlockID.

Note:

The following steps will be performed by your AdminX portal administrator. The credentials provided during one-click integration are one-time use only. BlockID does not store these credentials, thus it is recommended to change the passwords and revoke tokens after completion of the one-click integration. To perform more configurations to the Salesforce SP SAML integration, visit the Salesforce Admin console and perform the changes.

1. Login to the AdminX portal, navigate to Applications > Add Application.

2. In the Add new applications screen, click on the Add integration link for the Salesforce SAML option from the Pre-built integrations section.

3. In the Salesforce screen, enter the following values:

• Application Name: Enter the name for your Salesforce application.

In the Service provider info section:

• Salesforce Domain: Enter your saved Salesforce domain URL as mentioned in the Salesforce configurations topic.
• Salesforce Username: Enter the username used to log in to your Salesforce admin account.
• Salesforce Password: Enter the password used to log in to your Salesforce admin account.
• Salesforce Security Token: Enter the Salesforce security token created and saved described in the Salesforce configurations topic.

Click Connect. This will add your Salesforce application and automatically generate an SP configuration in Salesforce with the name BlockID.

Salesforce configurations for auto-generated SP configuration by AdminX portal

These are optional configurations that can be performed after creating the one-click app Salesforce integration into the AdminX portal.

tip

The following steps will be performed by your Salesforce administrator.

1. Login to your Salesforce site.
2. From the top right corner, navigate to Settings (gear icon) > Setup. The Salesforce Home page is displayed with the Setup screen.

Update Single Sign-On settings

4. Navigate to *SETTINGS > Identity > click Single Sign-On Settings.*
5. In the Single Sign-On Settings screen:
   • Click Edit.
   • Select the checkbox for the SAML Enabled option.
   • Click Save.

Update User details

1.Navigate to *ADMINISTRATION > Users > Users*. 2. In the Users list, click Edit for your username. 3. In the User Edit screen, in the Single Sign On Information section:

  * **Federation ID**: Enter the email address which you have used while signing up with Salesforce. Also, this should be the same email address that is linked to your AdminX portal's salesforce application.

4. Click Save.

Set default Authentication Configuration

1. Navigate to *SETTINGS > Company Settings > My Domain > Authentication Configuration*.
   • Click Edit.
   • Authentication Service: select the checkbox next to the SSO instance created for the BlockID Admin Console.
   • Click Save.

Test the SAML Single Sign-On Connection section

1. In your browser, enter your organization's Salesforce domain URL.

• Check and you will notice the option to login using your auto-generated identity provider by the AdminX portal within the salesforce. For example, the option here is the BlockID.
• Click on the login option of your identity provider. You will be redirected to the AdminX portal login screen with the barcode to be scanned from your BlockID mobile app.

2. On the BlockID mobile application’s Home screen, click Scan QR.

3. Scan the QR code. The confirmation pop-up window is displayed asking to Allow BlockID to access this device’s location?.

4. In the confirmation pop-up window, select Allow only while using the app. The Authentication screen is displayed with the Please authenticate using <Biometric_option> from 1kosmos message.

5. Click Authenticate and perform the appropriate authentication method. The pop-up window is displayed with Thank you! You have successfully authenticated to Log In message upon successful authentication.

6. You will be logged in to your organization’s Salesforce application.