Boost recurring donations this giving season with the new upsell prompt!Learn How >>

Enabling Single Sign-On with Salesforce for front-end access

updated

With Soapbox, you have the ability to enable single sign-on with Salesforce as the identity provider so that Salesforce users and Experience Cloud users can login to the Soapbox front-end using their Salesforce account credentials.

Step 1: Create an Experience Cloud site in Salesforce

Create an Experience Cloud site in Salesforce. Once created, assign the Profile or Profiles to the Site in Salesforce whose users you wish to have access to the Soapbox Engage portal. This may include front-end Experience Cloud users as well as Salesforce user accounts for staff.

Step 2: Create a Connected App in Salesforce

To set up single sign-on, you will first need to create a Connected App in your Salesforce org:

  1. Go to Salesforce Setup > Apps > App Manager
  2. On the Lightning Experience App Manager screen, click the New Connected App button
  3. On the New Connected App page, fill out the form as follows
    1. Connected App Name = "Soapbox Engage"
    2. API Name = (auto-generated by Salesforce in step above)
    3. Contact Email = (an email address of an administrator from your team)
    4. Start URL = "https://{your Soapbox domain}/administrator/index.php?option=com_login&task=saml" replacing the {your Soapbox domain} with your Soapbox domain (i.e. "https://example.secure.nonprofitsoapbox.com/administrator/index.php?option=com_login&task=saml")
    5. Enable SAML = checked
    6. Entity Id = "https://{your Soapbox domain}/saml/default-sp" replacing the {your Soapbox domain} with your Soapbox domain (i.e. "https://example.secure.nonprofitsoapbox.com/saml/default-sp")
    7. ACS URL = "https://{your Soapbox domain}/saml/default-sp" replacing the {your Soapbox domain} with your Soapbox domain (i.e. "https://example.secure.nonprofitsoapbox.com/saml/default-sp")
    8. Subject Type = username
    9. Name ID Format = urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
    10. Issuer = "https://{your Salesforce My Domain}.my.salesforce.com" replacing the {your Salesforce My Domain} with your Salesforce My Domain (i.e. "https://example.my.salesforce.com")
    11. IdP Certificate = Default IdP Certificate
  4. Click the Save button
  5. On the new Connected App's page, click the link for the IdP Certificate field
  6. On the Certificate page, click the Download Certificate button, and save the certificate to your computer

Step 2a [OPTIONAL]: Create Custom Attributes for your Connected App

If you wish new Soapbox portal users to be created for non-existing Soapbox Engage users after successful authentication via Salesforce, complete this step. If you wish to only allow existing Soapbox Engage users that you add manually in the User Manager to login with their Salesforce credentials, you may skip this step:

  1. Scroll down to the Custom Attributes section of the Connected App
  2. Click New
  3. For Attribute Key, enter UserId
  4. For Attribute Value, enter $User.Id
  5. Click Save
  6. Repeat this process for each of the following Attribute Key // Attribute Value pairs:
    1. Username // $User.Username
    2. Email // $User.Email
    3. contactid // $User.ContactId
    4. lastname // $User.LastName
    5. firstname // $User.FirstName

Step 3: Assign Salesforce profiles to your Connected App in Salesforce

  1. On the Connected App's page, under the Profiles section, click the Manage Profiles button
  2. On the Application Profile Assignment page, select the profiles of users that should have access to login to Soapbox Engage via Salesforce.
  3. Click the Save button

Step 4: Configure Single Sign-On for Salesforce in Soapbox Engage

To configure single sign-on for Salesforce in Soapbox Engage, do the following.

  • Login to your Soapbox Engage administrator
  • Click on the App Launcher icon in the upper-left, search for Single Sign-On, and click on it
  • Service Provider Setup tab
    • Enable Front-end Single Sign-on = Yes
    • Identity Provider Entity ID = "https://{your Salesforce My Domain}.my.salesforce.com" replacing the {your Salesforce My Domain} with your Salesforce My Domain (i.e. "https://example.my.salesforce.com")
    • Front-end SAML Login URL = The SP-Initiated Redirect Endpoint in the Connected App you created in Step 2 for the Community (e.g., Experience Cloud) you created in Step 1
    • X.509 Certificate = the content of the Connected App certificate downloaded earlier between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----"
  • Under Login Settings tab > Front-end Options section, for Login Options, choose whether you wish users to be able to login with EITHER one of the following
    • Soapbox user credentials or Salesforce credentials
    • Only Salesforce credentials
  • For Enable User Creation, choose Yes if you wish new Soapbox portal users to be created for non-existing Soapbox Engage users after successful authentication via Salesforce. If you wish to only allow existing Soapbox Engage users that you add manually in the User Manager to login with their Salesforce credentials, choose No.
  • If you set Enable User Creation to Yes, add the following values for the Custom Attributes you created for the Connected App:
    • For First Name Attribute, enter firstname
    • For Last Name Attribute, enter lastname
    • For Email Attribute, enter Email
    • For Username Attribute, enter Username
    • For Contact Id Attribute, enter contactid
  • Click Save

Single sign-on has now been enabled for the front-end portal of your Soapbox Engage account.

[OPTIONAL] Step 5: Add users to the User Manager in Soapbox

If you set Enable User Creation to Yes in Step 5, new Soapbox users will be created anytime an individual successfully authenticates for the first time with their Salesforce credentials.

If you set Enable User Creation to No, you will need to create users manually in the Soapbox Engage User Manager that you wish to have front-end access.

To create Soapbox Engage front-end user accounts:

  • Go the User Manager
  • Click New to create a user
  • For First Name, enter the first name of the user
  • For Last Name, enter the last name of the user
  • For Username, enter the email of the user that is associated with their Salesforce account
  • For E-mail, enter the email of the user that is associated with their Salesforce account
  • For New Password, enter a password of your choosing. This will not be used when logging in via single sign-on, however.
  • For Verify Password, re-enter the password
  • For Group, under Public Front-End, select the User Group with which you wish them to be associated.
  • Click Save
  • Repeat for each user you wish to grant access to the front-end
Have more questions? Submit a request
Article is closed for comments.