Integrating PingFederate with Salesforce

Question

I need to integrate PingFederate with Salesforce using SP-initiated SSO.

My aim is that users in Active Directory will be automatically logged in when they access the Salesforce Application URL. I have created the SP connection to Salesforce in PingFederate and uploaded the PingFederate Certificate in Salesforce. In Salesforce I have set the IdP Issuer Entity ID to match the one in PingFederate.

For SP-initiated SSO, which URL do I need to give the browser to test if this setup is working correctly?

Answer 1

I believe SFDC requires you to establish who your IDP is via Unsolicited SSO (IDP-Init) before SP-Init is automatically triggered when you attempt to access a SFDC protected page. Once IDP-Init SSO is completed successfully, SFDC sets your last known IDP as a persistent cookie in your browser.

IDP-Init is pretty simple to do in PF. Just ensure that IDP-Init and SP-Init SSO is enabled in your SP Connection. After that, when you look at the SP Connection Summary page, you should then see a "Connection URL" that looks like -- "https://pingfederateserver.com/idp/startSSO.ping?PartnerSpId=

Give it a shot - if it doesn't work the Ping Support team can quickly help.

HTH - Ian