Salesforce

BlokSec can be configured as an inbound federation identity provider (a.k.a. social provider) for your SalesForce tenant, and can also be integrated to support just in time provisioning (JIT) for user creation in SalesForce. The following article describes the process to configure authentication and provisioning to support passwordless SalesForce login.

BlokSec Admin UI

1. Sign into BlokSec admin UI as a user with admin privileges for your tenant
2. On the main dashboard, click the Add Application drop-down and select Create From Template, and then select SalesForce
3. Complete the application details as follows :
   • Name: Default is set to SalesForce (or your desired application name – we will assume this is called ‘SalesForce’ for the remainder of this article)
   • Logo URI: Loation of the image URL (For example : https://bloksec.io/images/appLogo.png)
   • Backgroun URI: Location of the brackground image URL (For example : https://bloksec.io/images/appLogoBackground.png)
   • Session Length: Length of the authenticated session. Default value is set to 60 minutes
   • Redirect URIs: (leave blank for now)
   • Post Logout Redirect URIs: (leave blank for now)
   • Select Submit to save the configuration
4. Click Generate App Secret, and make note of the Application ID and Application Secret as these will be required when registering your application with SalesForce

SalesForce Admin UI

Registration Handler Configuration

1. Sign into the SalesForce as a user with admin privileges for your tenant
2. Navigate to Platform Tools > Custom Code
3. Select Apex Classes and then choose New, and add the following to the Appex Clas tab:

4. Slick Save

OIDC Configuration

1. Sign into the SalesForce as a user with admin privileges for your tenant
2. Navigate to Settings > Identity
3. Select Auth. Providers and then choose New
4. Select Open ID Connect from the dropdown menu and complete the authentication provider configuration with the following values (adjusting if required to meet your desired behaviour):
   • Name: Salesforce Passwordless Login (or the name of your choice)
   • URL Suffix: Keep the auto generated value or update it to meet your requirements
   • Consumer Key: (the Application ID captured from the BlokSec admin UI above)
   • Consumer Secret: (the Application Secret captured from the BlokSec admin UI above)
   • Authorize Endpoint URL: https://api.bloksec.io/oidc/auth
   • Token Endpoint URL: https://api.bloksec.io/oidc/token
   • User Info Endpoint URL: https://api.bloksec.io/oidc/me
   • Default Scopes: openid email profile
   • Send access token in header: selected / checked
   • Include Consumer Secrets in API Responses: selected / checked
   • Custom Logout URL: https://api.bloksec.io/oidc/session/end
   • Registration Handler: BlokSecRegHandler (use registration handler lookup)
   • Execute Registration As: (choose a user / account that has the ability to create / update / delete users)
   • Select Save to accept configuration changes
5. Once saved, navigate to the SalesForce configuration section and copy the values for the following URL’s:
   • Callback URL
   • SingleLogout URL

Authentication Configuration

1. Sign into the SalesForce as a user with admin privileges for your tenant
2. Navigate to Settings > Company Settings
3. Select My Domain and then navigate to Authentication Configuration section
4. Select Edit and then select / check the name of the Authentication Service created above in OIDC configuration, for example, Salesforce Passwordless Login
5. Select Save

BlokSec Admin UI (Part 2)

1. Return to the SalesForce application configuration, click the gear in the upper-right, and select Edit Application
2. Input the value of the CallBackURL into BlokSec Redirect URI field as defined by Salesforce in last step of OIDC configuration
3. Input the value of SingleLogout URL into BlokSec Post Logout Redirect URIs field as defined by Salesforce in last step of OIDC configuration
4. Select Submit to save the configuration