Configuring Salesforce

Follow these steps:

1. Sign in to your Salesforce account as an administrator.
2. Click Setup.
   
3. In the left panel's Quick Find / Search field, enter apps.
   As you type, the left panel shows results that match your search term.
   
4. In the Apps section, click New.
   The New Connected App page appears.
   
5. On the New Connected App page, in the Connected App Name field, enter the name that the customer uses for the Prysm application.
   
   Tip: For fields not mentioned specifically in these steps, you can leave them blank or with default values, because they aren't needed for integration with Prysm.
6. In the Contact Email field, enter a contact person's email address.
7. In the API (Enable OAuth Settings) section, check the Enable OAuth Settings check box.
   Several new fields appear under the check box.
   
8. In the Callback URL field, enter the string from the Callback URL field in Prysm Admin Portal. (See Step 6 of your Prysm configuration.)
9. In the Selected OAuth Scopes list, click Full Access or Access your basic information, and click Add.
10. Click Save.
    The API (Enable OAuth Settings) section displays your configuration details.
11. Copy the value from the Consumer Key field to use in Prysm Admin Portal's Client ID field. (See Step 7 of your Prysm configuration.)
12. Copy the value from the Consumer Secret field to use in Prysm Admin Portal's Client Secret field. (See Step 8 of your Prysm configuration.)

Follow these steps:

1. Impersonate the account you want to configure.
2. In Admin Portal, click Identity Provider.
   
3. On the Identity Providers page, set the Enable SSO toggle to On.
4. In the Identity Provider field, select Salesforce.
   When you select Salesforce, the Protocol field is automatically set to OAuth 2.0.
5. In the Auto Provisioning field, set the toggle to Off.
   Warning: Currently, Auto Provisioning must be Off for Salesforce integrations, because Salesforce does not support role mapping.
6. In the Callback URL field, verify that the URL matches the URL you entered in the Callback URL field in Step 8 of your configuration of Salesforce.
7. In the Client ID field, enter the string from the Consumer Key field in Step 11 of your Salesforce configuration.
8. In the Client Secret field, enter the string from the Consumer Secret field in Step 12 of your Salesforce configuration.
9. In the Authorization URL field, enter the Salesforce authorization API.
   Note: The format of the authorization API URL should be: {SALESFORCE_DOMAIN_URL}/services/oauth2/authorize
   
   {SALESFORCE_DOMAIN_URL} should be replaced with the customer's Salesforce URL.
10. In the Token URL field, enter the Salesforce token API.
    Note: The format of the token API URL should be: {SALESFORCE_DOMAIN_URL}/services/oauth2/token
    
    {SALESFORCE_DOMAIN_URL} should be replaced with the customer's Salesforce URL.
11. If the Auto-Provisioning toggle is set to On, the PAS User Field Name field is automatically set to IdP Attribute Name when a user is auto-provisioned.
12. In the First Name field, enter name.givenName.
13. In the Last Name field, enter name.familyName
14. In the Enforce SSO field, set the toggle to On or Off.
    On: When Enforce SSO is On, users can sign in only one way — with their G Suite credentials.
    Off: When Enforce SSO is Off, users can sign in two ways — with their G Suite credentials or with their Prysm credentials.
    Warning: Before you change this setting and click Save in the next step, be sure to test your IdP configuration with at least one user. If you click Save to convert all your users to IdP authentication without testing, and something in your configuration is not correct, you can lock all users out of their accounts.
15. Click Save.
16. To ensure a successful identity provider integration, move on to Step 3 and complete the entire Process for Configuring Identity Providers.