SAML (or Security Assertion Markup Language) is a method for ensuring that data transmissions are secure, and, in the case of FormAssembly, for making sure that only certain authorized users are able to access your forms. More information on setting up SAML authentication for FormAssembly can be found here.
To use the SAML authenication with Salesforce, you must be on our Enterprise Plan.
Setup Salesforce as an Identity Provider
If you would like to use Salesforce as your SAML identity provider, and you have not already done so, follow these steps:
Step 1: Enable Domain in Identity Provider Organization
- From Setup, click Domain Management → My Domain.
- Next, enter a new subdomain name, and click Check Availability
- If the name you have entered is available, check the Terms and Conditions check box, then click Register Domain.
- Wait for the domain to be activated.
Step 2: Enable Identity Provider
- From Setup, click Security Controls →†’ Identity Provider
- Click Enable Identity Provider
Configure FormAssembly as a Connected App
In order to configure FormAssembly as a connected app, you will need to follow these steps:
- Step 1: Download the Metadata File
- Step 2: Email the Metadata File
- Step 3: Configure the FormAssembly Instance
- Step 4: Manage Profiles
Step 1: Download the Metadata File
- In Salesforce, go to Setup →†’ Security Controls → Identity Provider .
- Click to download the metadata file.
Step 2: Email the Metadata File
- Email the metadata file to FormAssembly (firstname.lastname@example.org) and use "SAML Setup" as the subject line of the email.
Step 3: Configure the FormAssembly Instance
- Go to Setup →†’ Create →†’ Apps and scroll down to Connected Apps and select New.
- Complete the basic information:
- Scroll down to Web App Settings and check Enable SAML.
- Complete the values as follows where instancename.tfaforms.net must be replaced with the actual domain name for the desired FormAssembly instance.
- Entity ID: https://instancename.tfaforms.net/authenticator_saml/metadata
- ACS URL: https://instancename.tfaforms.net/authenticator_saml/index?acs
- Subject Type: User ID
- Name ID Format: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
- Leave all other settings empty and click Save
Step 4: Manage Profiles
- In the Connected App Detail page for the app, go to Manage Profiles
- Select the profile(s) who should be able to authenticate against the Salesforce Identity Provider.