Additional properties required to connect to the identity provider in a semicolon-separated list.

Data Type

string

Default Value

""

Remarks

Additional properties required to connect to the identity provider in a semicolon-separated list. SSOProperties is used in conjunction with the RSBFinancialForce_p_SSOLoginURL and RSBFinancialForce_p_SSOTokenURL. The following sections provide examples using the OneLogin and PingFederated identity providers.

OneLogin

The following SSOProperties are needed to authenticate to OneLogin:

• IdPName: Set this to OneLogin.
• OneLogin API Key: Set this to the API Key, which can be obtained by selecting Settings > API > View Legacy API Key.

The following connection string uses an API key to connect to OneLogin:

SSOLoginURL=https://app.onelogin.com/saml/metadata/123455;SSO Token Url=https://mysite.salesforce.com/services/oauth2/token?so=1234567;SSOProperties='IdPName=OneLogin;APIKey=MyAPIKey';

PingFederate

The following SSOProperties are needed to authenticate to PingFederate:

• IdPName: Set this to PingFederate.
• IdPSystemScheme: The authorization scheme to be used for the IdP endpoint. The allowed values for this IdP are None or Basic.
• IdPSystemUserName: Set this to an IdP user if authentication is to be used for the IdP endpoint.
• IdPSystemPassword: Set this to the password of the IdP if authentication is to be used for the IdP endpoint.

Additionally, you can use the following properties to configure mutual SSL authentication for the RSBFinancialForce_p_SSOLoginURL, the WS-Trust STS endpoint:

• IdPSystemSSLClientCert: Behaves like SSLClientCert
• IdPSystemSSLClientCertType: Behaves like SSLClientCertType
• IdPSystemSSLClientCertSubject: Behaves like SSLClientCertSubject
• IdPSystemSSLClientCertPassword: Behaves like SSLClientCertPassword

The following is an example connection string:

SSO Login Url=https://myssoendpoint/idp/sts.wst;SSO Token Url=https://mysite.salesforce.com/services/oauth2/token?so=1234567;SSO Properties ='IdPName=pingfederate;IdPSystemScheme=basic; IdPSystemUsername=Administrator; IdPSystemPassword=xA123456;'"

Okta

The following SSOProperties are needed to authenticate to Okta:

• IdPName: Set this to Okta.
• Domain: Set this to the org domain name.
• APIToken: Set this to the API Token that the customer created from the Okta org.

The following is an example connection string:

SSO Token Url=https://example.okta.com/dashboard;User=oktaUserName;Password=oktaPassword;SSO Properties='idpname=okta;domain=your-org.okta.com;apiToken=xxx;';