Integrating Salesforce SSO with Axis LMS
If you use Salesforce as your SAML identity provider (IdP), you can use the information in this document to set up SAML authentication for your Axis LMS.
These steps assume that you have permissions for modifying your organization’s Salesforce portal and have already setup Salesforce as an IdP.
Step One: Begin Adding The Integration In Axis LMS
- While signed in to Axis LMS as an administrator, go to System > Integration > Single Sign-On (SSO) > SAML Sign-In
- Click the + Add An Integration button.
- Select Salesforce from the list of SAML Identity provider.
- Keep this screen/tab open for now as we will refer to it later.
- Figure 1: Add A New Integration Screen in Axis LMS
Step Two: Adding Axis LMS To Your Salesforce Applications
- In a new tab/window, access Salesforce.
- Go to Setup > Apps > App Manager > New Connected App.
- Edit the Connected App Name, entering Axis LMS.
- Edit the API Name, entering Axis_LMS.
- Enter your Contact Email.
- Keep this screen/tab open for now as we will refer to it later.
- Figure 2: Salesforce > New Connected App
Step Three: Add Service Provider Details To Salesforce
In this step, we’ll define the service provider values that Salesforce will need to identify your app.
- On the Add A New Integration screen in Axis LMS, go to the Service Provider Details section.
- In Salesforce scroll down to the Web App Settings section a check the box for Enabled SAML.
- Copy values from Axis LMS into Salesforce fields as shown below.
- Set Subject Type to User ID.
- Set Name IDFormat to urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress.
- Leave all other settings in the Web App Settings section as-is.
- Scroll to the bottom and click the Save button.
| Copy Axis LMS Field Value | to | Salesforce Field |
|---|---|---|
| Entity ID | to | Entity ID / Issuer URL |
| Assertion Consumer Service / SSO Service | to | ACS URL |
Step Four: Add Identity Provider Details To Axis LMS
In this step, you'll provide Axis LMS with the SAML Identity provider values it needs to communicate with Salesforce.
- In Salesforce, on the app info screen, click the Manage button.
- Scroll down to the SAML Login Information section.
- Copy values from the SAML Login Information section and paste them into the Identity Provider Details section of Axis LMS, as shown below.
| Copy Salesforce Field Value | to | Axis LMS Field Value |
|---|---|---|
| Issuer | to | Entity ID / Issuer URL |
| IdP-Initiated Login URL | to | SAML 2.0 Endpoint / SSO URL |
| Download Metadata > (Open in Text Editor > X.509 Certificate | to | X.509 Certificate |
- After copying values into the Identity Provider Details section of Axis LMS, it should look something like this:
- Figure 3: Axis LMS Identity Provider Details
Step Five: Defining User Attributes
In this step, we’ll define the information about the user (id, email address, first name, last name) that need to be passed to Axis LMS.
- In Salesforce, scroll down to the Custom Attributes section.
- Click the New button in the upper right corner of the attribute listing.
- Under Attribute Key enter "uuid" (without quotations).
- In the Attribute Value text input, enter "$User.Id" (without quotations), then click Save.
- Repeat this sequence three more times, using the fields/values below.
| Field | to | Value |
|---|---|---|
| emailAddress | to | $User.Email |
| firstName | to | $User.FirstName |
| lastName | to | $User.LastName |
Note: Even though Salesforce may provide additional user data that can be passed as parameters, only the paramters listed above are compatible with Axis LMS; all other values will be ignored.
Step Six: Finishing Up & Testing
At this point you've completed all the necessary steps to configure the Axis LMS application in Salesforce.
In Axis LMS, on the Add A New Integration screen, finish configuring the User Login settings and then click Save to save the integration in Axis LMS.
To test your new integration, you'll need to give users access to your new application in Salesforce before using the newly generated Axis LMS login link for this integration. For more information on granting users access to your application via Salesforce, please refer to the IdP's documentation.