User Management
      Back to home
      1. Knowledgebase
      2. NowSignage CMS User Guides
      3. User Management

      How to configure Salesforce SSO

      This article provides full guidance on how to configure the NowSignage Salesforce SSO Integration within both Salesforce and the NowSignage CMS.

      Salesforce Configuration

      1. Log into your Salesforce account and click into: Quick Settings > Open Advanced Setup:

      Salesforce 1

      2. On the left sidebar, click into Identity > Identify Provider > Enable Identify Provider:

      Saleforce Enable ID Provider

      3. Select a certificate (if you have one created already) or generate a new certificate to link to the Identify Provider configuration, then click 'save'. In this area, make a note of the Issuer URL (highlighted in the image below) and also click 'Download Certificate' to save this to your desktop (as this will be required when setting this up in NowSignage):

      Salesforce ID provider step 2

      4. On the left sidebar, click into: Apps > App Manager > New Connected App:

      Salesforce 2

      5. Click 'Create a Connected App' > Continue. Now fill in the following mandatory fields:

      • Connected App Name: NowSignage SSO

      • API Name: NowSignage_SSO (this automatically populates from the name field)
      • Contact Email: This should be an internal email (often the email of the admin setting up this application in Salesforce)

      Salesforce 3

      6. Scroll down to 'Web App Settings' and click the box to 'Enable SAML', then the following fields need to be filled in:

      • Entity Id: https://secure.nowsignage.com/saml/metadata
      • ACS URL: https://secure.nowsignage.com/customers/saml/auth
      • Subject Type: Select > Username
      • Name ID Format: Select > urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
      • Issuer: This should be the Issuer URL located in the Identify Provider area from step 3 in the guidance above. E.g: https://computing-data-2983.my.salesforce.com
      • IdP Certificate: Select the name of the certificate you generated in the Identify Provider area from step 3 in the guidance above.
      • Signing Algorithm for SAML Messages: Select > SHA256

      Salesforce 4

      7. Once all of the above is filled in, scroll down to the bottom of the page and click 'save' to create the NowSignage SSO app.

      8. To grant users access to the NowSignage SSO app in Salesforce, follow the steps below:

      • In Salesforce on the left sidebar, click into Apps > Connected Apps > Manage Connected Apps > click on 'NowSignage SSO'.
      • Scroll down to 'Manage Profiles', then select the user profiles you'd like to grant access to the NowSignage SSO and then click 'save': SSO Users 2SSO Users 3
      • Once saved, any user who has this 'profile' assigned to them within Salesforce, will be able to access the NowSignage SSO app.

      NowSignage Configuration:

      Please note: The following steps can only be preformed by a user in NowSignage with the 'Account Owner' role.

      1. Log into your NowSignage account via https://secure.nowsignage.com/customers/login

      2. Click on your name in the top right corner of the CMS then click: My Account > Users & Roles > SSO Configuration:

      NowSignage 1

      3. In this area, firstly enable the 'Use SSO for customer login' option and then use following data for each field:

      • Identity Provider: Select > Salesforce
      • Identity Provider ID: To find this, within the 'Advanced Setup' area of Salesforce click into Apps > Manage Connected App > Click on 'NowSignage SSO' to see the area below which contains the URL under 'Issuer':
        Salesforce 5
      • Identity Provider Login URL: This is found in the same area as shown in the screenshot above. This is under the 'SP-Initiated Redirect Endpoint' section. For example: https://computing-data-2983.my.salesforce.com/idp/endpoint/HttpRedirect
      • New Identity Provider Certificate: Download your salesforce certificate, the same you used in the connected app (ensure It is in .crt format). Open it in a text editor, copy and paste it in this field.
        NowSignage 2

      Once you are happy with the configuration, click 'save' for the settings to take effect.

      4. Optional - How to exclude users from SSO: After setting up SSO, you can exclude specific users from the SSO requirement to allow them to also log in with their NowSignage user account. To do this, within the SSO configuration page, scroll to the bottom of the page and you will see an user exception list:

      You can now search for and select specific users you wish to add to the exception list. Users can be removed from this list at any stage.

      It is recommended to exclude at least one user with Account Owner permissions. In the event your identity provider is down or if the SSO configuration is incorrect as they will be able to log in and untick the 'Use SSO for customer login' checkbox to allow all users to log in with their NowSignage accounts.

      FAQs:

      1. How to create new users automatically:

      To automatically create new users in the NowSignage CMS through the Salesforce SSO integration, please follow the steps below:
      • Within the 'Advanced Setup' area of Salesforce click into Apps > Manage Connected App > Click on 'NowSignage SSO'.
      • Scroll down to the Custom Attributes section, and create a new custom attribute for the user’s name:
        SSO Custom Attributes 
      • Set Attribute key as “name”, and then insert the name field. You can choose to use only the first name or concatenate the first and last names with a blank space between. (e.g. $User.FirstName  & ' ' &  $User.LastName). Example of custom attribute for first & last name below:
        Salesforce Create Users
      • Once the custom attribute has been saved. Go into the SSO configuration area of the NowSignage CMS and scroll down to 'User Management Configuration' > Enable 'Create new user's and then select the default user role for the user and the project(s) you wish to assign them access to and click 'save' once you are done:

      Create New Users 1

      Please note - For the user to be automatically created, the user must firstly initiate the log in to the NowSignage CMS directly from Salesforce (rather than logging into the NowSignage CMS directly).

       

      2. How to assign access tags to users automatically:

      If you want to update user access tags when logging into the NowSignage CMS, you need to create more custom attributes for the access tags you require, to access this area, please follow the steps below:

      • Within the 'Advanced Setup' area of Salesforce click into Apps > Manage Connected App > Click on 'NowSignage SSO'.
      • Scroll down to the Custom Attributes section, and click 'New':
        SSO Custom Attributes 
      • Now create the custom attributes you wish to use as access tags. For example: to assign a tag with the Salesforce user’s company name to users logging into NowSignage. You need to create a custom attribute with the label you want (remember that this label will be used to map this value in the NS CMS) and set an attribute value:
        Access Tags
      • Once the custom attributes have been saved. Go into the SSO configuration area of the NowSignage CMS, then scroll down to the IDP Attributes mapping area and enter in the IDP & NowSignage Keys for the custom attributes you set up in Salesforce.
      • After entering in the custom attribute, please enable the 'For access tags' box next to the attribute you are using for access tags.
      • Click 'Update mappings' to save the settings in NowSignage.


      3. Where is the direct login link to access the NowSignage CMS from Salesforce:

      The IdP-Initiated Login URL, to login in our CMS can be found directly in Salesforce. Click inot the left sidebar then Apps > Connected Apps > Manage Connected Apps. You need to click the connected app name and you will be redirected to the “Manage” view. Scroll down to SAML Login Information where you will find the login link (highlighted below):

      Login Link

       

      4. How to make the NowSignage SSO app visible on the Salesforce homepage:

      There are two ways to make the app launcher visible in the home page, along with the connected app:

      Option 1: With a new Profile:

      • In Salesforce, within the left sidebar, go to Users > Profiles. Click “New”, select a profile to set as the basis of the new profile, and set a profile name.
      • Once created, in the detail page click “Edit” and scroll down to Custom App Settings. Set the App launcher to visible:

      1

      • Under Tab Settings, verify that the App Launcher tab is set to “Default on”.
        2
      • Under Administrative Permissions, select Use Identity Features and save the changes:
        3
      • In the left sidebar, go to Users. Click Edit next to each user you want to access the App Launcher. In the user’s Profile field, select the new profile that has “Use Identity Features” enabled, and save the changes:
        4
      • In the left sidebar, go to Apps > Connected Apps > Manage Connected Apps. Click on your app name to go to the “manage” view, scroll down to the Basic information section and set the start URL as the IdP-Initiated Login URL found in the SAML Login Information section:
        5
      • Under the Profiles section click “Manage Profiles and select the appropriate profiles to choose which users have access to this application.
      • Click on the pencil icon on the main Home page, click on “Add more items” and add the App Launcher:
        6

      Option 2: With a new Permission Set

      • Go to Users > Permission Sets and click “New”. Enter a label and click “Save”.
      • In the detail view, click “Manage Assignments” and then “Add a new assignment”. Select the users you want to assign this permission set and save changes.
      • After this, you will be able to see a new tab in the home page. You can click on the NowSignage app name to log into the NowSignage CMS:

      Permission Set