Your users can use their Teamstack credentials to sign in Salesforce.
Salesforce also supports Just In Time (JIT) provisioning, which means that users who have never signed into Salesforce will have their account created automatically upon their first login.
Features:
Salesforce (SP) initiated Single Sign On
Teamstack (IdP) initiated Single Sign On
Set up SSO via SAML for Salesforce
To set up SSO you first need to create a Salesforce app in Teamstack, assign it to yourself and then configure Salesforce SSO with the SAML settings from Teamstack.
Step 1: Create Salesforce app in Teamstack
Go to your Applications in Teamstack.
Click "Add Application" in the top right corner.
Search for "Salesforce" and click "Add".
Select this app to be a "SAML" app and click "+ Add" to save it.
On your applications overview, click on the newly created Salesforce app. You will see all details about this app.
Click on the "SAML Configurations" tab. Keep this page open, you will need these values once you configure the SAML settings in Salesforce.
Step 2: Set up SAML in Salesforce
To open the SSO settings in Salesforce, open "Setup" from the top right navigation bar by clicking on the gear cog icon.
In the left side bar under the Settings header, click on "Identity" -> "Single Sign-On Settings"
Under "Single Sign-On Settings", click on "Edit", check the "SAML Enabled" checkbox and click save.
After you have enabled SAML, click on "New" under "SAML Single Sign-On Settings" to create your new SAML settings.
Copy the settings from step 1.6 as follows:
Name: Choose a new name for these settings.
Issuer: Copy "Issuer (IDP Entity ID)" from step 1.6.
Identity Provider Certificate: Download the SAML certificate from step 1.6 and upload it here.
Identity Provider Login URL: Copy and paste the "Sign-in page URL" from step 1.6.
Entity ID: Enter "https://saml.salesforce.com"
Service Provider Initiated Request Binding: "HTTP Redirect"Click on "Save" to save these settings.
On the overview page, you will need the "Login URL" in the next step.
Step 3: Add Login URL to the Teamstack app and test connection
You need to add the Salesforce Login URL to the Teamstack Salesforce app for the SAML login to function.
To be able to add the Salesforce Login URL, open the your Salesforce app in Teamstack (Applications -> Salesforce), click "Edit" and enter the "Login URL" from Salesforce in the "Salesforce Login URL" input in Teamstack.
Click "Save".
If you now assign the Salesforce app in Teamstack to yourself, and you have a Salesforce account with the same email address you use in Teamstack, you should be able to login from your Teamstack dashboard.
Configure SP-Initiated SAML (optional)
If you want your users to be able to login by navigating to Salesforce directly or by following deep links, you have to configure a custom domain in Salesforce and add the following settings:
In Salesforce, search for "My Domain" and select "My Domain".
Choose a domain name and click "Register Domain". The registration process might take up to 12 hours.
On the same view, you can find the "Authentication Configuration" section, where you can define how your users can login via your custom domain. Click "Edit" and select your SAML configuration. Users will only be able to login via Teamstack.
Copy the full domain name to your Salesforce "Entity ID" settings:
Go back to your SAML settings from step 2 "Identity -> Single Sign-On Settings" and choose "Edit" and replace the value "Entity ID" with your chosen domain name.
Go to your Teamstack settings for the Salesforce application. "Applications -> Salesforce -> Edit".
Add your custom domain to the inputs of "Salesforce Login URL" and "Salesforce Custom Domain".
Your users can now open the URL https://{{YourDomainName}}.my.salesforce.com and will be redirected to Teamstack to complete the login.