With Soapbox, you have the ability to enable single sign-on with Salesforce as the identity provider so that Salesforce users can login to the Soapbox administrator using their Salesforce account credentials.
Step 1: Create a Connected App in Salesforce
To set up single sign-on, you will first need to create a Connected App in your Salesforce org.
- Go to Salesforce Setup > Apps > App Manager
- On the Lightning Experience App Manager screen, click the New Connected App button
- On the New Connected App page, fill out the form as follows
- Connected App Name = "Soapbox Engage"
- API Name = (auto-generated by Salesforce in step above)
- Contact Email = (an email address of an administrator from your team)
- Start URL = "https://{your Soapbox domain}/administrator/index.php?option=com_login&task=saml" replacing the {your Soapbox domain} with your Soapbox domain (i.e. "https://example.secure.nonprofitsoapbox.com/administrator/index.php?option=com_login&task=saml")
- Enable SAML = checked
- Entity Id = "https://{your Soapbox domain}/saml/default-sp" replacing the {your Soapbox domain} with your Soapbox domain (i.e. "https://example.secure.nonprofitsoapbox.com/saml/default-sp")
- ACS URL = "https://{your Soapbox domain}/saml/default-sp" replacing the {your Soapbox domain} with your Soapbox domain (i.e. "https://example.secure.nonprofitsoapbox.com/saml/default-sp")
- Subject Type = username
- Name ID Format = urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
- Issuer = "https://{your Salesforce My Domain}.my.salesforce.com" replacing the {your Salesforce My Domain} with your Salesforce My Domain (i.e. "https://example.my.salesforce.com")
- IdP Certificate = Default IdP Certificate
- Click the Save button
- On the new Connected App's page, click the link for the IdP Certificate field
- On the Certificate page, click the Download Certificate button, and save the certificate to your computer
Step 2: Assign Salesforce profiles to your Connected App in Salesforce
- On the Connected App's page, under the Profiles section, click the Manage Profiles button
- On the Application Profile Assignment page, select the profiles of users that should have access to login to Soapbox Engage via Salesforce
- Click the Save button
Step 3: Configure Single Sign-On for Salesforce in Soapbox Engage
To configure single sign-on for Salesforce in Soapbox Engage, do the following.
- Login to your Soapbox Engage administrator
- Click on the App Launcher icon in the upper-left, search for Single Sign-On, and click on it
- Service Provider Setup tab
- Enable Admin Single Sign-on = Yes
- Identity Provider Entity ID = "https://{your Salesforce My Domain}.my.salesforce.com" replacing the {your Salesforce My Domain} with your Salesforce My Domain (i.e. "https://example.my.salesforce.com")
- Admin SAML Login URL = "https://{your Salesforce My Domain}.my.salesforce.com/idp/endpoint/HttpRedirect" replacing the {your Salesforce My Domain} with your Salesforce My Domain (i.e. "https://example.my.salesforce.com/idp/endpoint/HttpRedirect")
- X.509 Certificate = the content of the Connected App certificate downloaded earlier between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----"
- Login Settings tab > Administrator Options section
-
- Login Button Text = the text of the hyperlink to appear on the administrator login page that admins will click to login using Salesforce (example: "Login with Salesforce").
- Login Options, choose whether you wish users to be able to login with EITHER one of the following
- Soapbox user credentials or Salesforce credentials
- Only Salesforce credentials
-
- Click Save
Single sign-on has now been enabled for your administrator account.
Step 4: Add users to the User Manager in Soapbox
To access the Soapbox Engage administrator using Salesforce credentials, an individual must have an enabled user account in Soapbox Engage with an email address that matches their Salesforce user's email address. Here's how to create Soapbox Engage administrator user accounts.
- Go the User Manager
- Click New to create a user
- For First Name, enter the first name of the user
- For Last Name, enter the last name of the user
- For Username, enter the email of the user that is associated with their Salesforce account
- For E-mail, enter the email of the user that is associated with their Salesforce account
- For New Password, enter a password of your choosing. This will not be used when logging in via single sign-on, however.
- For Verify Password, re-enter the password
- For Group, under Public Back-End, select either Manager or Administrator. The primary difference between the two is that Administrators can create and edit users while Managers cannot.
- Click Save
- Repeat for each user you wish to grant access to the administrator