Single Sign-On (SSO) in Salesforce allows users to access multiple applications with a single set of login credentials. Salesforce supports various SSO standards, including SAML 2.0 (Security Assertion Markup Language), which is widely used for web-based SSO. Here's a general guide on how SSO can be used within Salesforce using SAML 2.0 with PandaDoc as the Service Provider (SP):
- A PandaDoc account with Enterprise plan
- Administrative access to your Salesforce instance to configure SSO settings and create connected apps.
- User profiles contain email addresses, first and last names attributes. We require all 3 user properties.
- Provide access to the connected app to profiles and / or permission groups
Note:To learn more about SSO in PandaDoc, click here.
Enable Salesforce as a SAML Identity Provider
- Determine which certificate you want to use to enable your org to communicate with the service provider. You can use the default certificate or create your own. See Certificates and Keys.
- By default, a Salesforce identity provider uses a self-signed certificate generated with the SHA-256 signature algorithm. If you want to use the default certificate, proceed to step 2.
- To create a new self-signed certificate, follow the instructions in Generate a Self-Signed Certificate, then proceed to step 2.
- To create a CA-signed certificate, follow the instructions in Generate a Certificate Signed by a Certificate Authority, then proceed to step 2.
- From Setup, in the Quick Find box, enter Identity Provider, then select Identity Provider.
- Click Enable Identity Provider.
- Select a certificate from the dropdown menu.
- Save your changes.
Integrate PandaDoc as a connected app
- From Setup, enter Apps in the Quick Find box, and select App Manager.
- Click New Connected App.
- Enter the connected app’s name (E.g. PandaDoc SSO)
- Leave the API Name as default to a version of the name without spaces. Only letters, numbers, and underscores are allowed, so if the original app name contains any other characters, edit the default name.
- Enter the contact email for Salesforce to use in case we want to contact you or your support team. This address isn’t given to Salesforce admins who install the app.
- Enter the contact phone for Salesforce to use in case we want to contact you or your support team. This number isn’t given to Salesforce admins who install the app. (Optional)
- To display the PandaDoc logo with the connected app on the App Launcher tile, enter a logo image URL as follows (Optional): Certificates and Keys
- In the Web App Settings section, select Enable SAML, and enter this information:
- Entity Id—The globally unique ID of PandaDoc : https://pandadoc.com
- ACS URL—(Assertion Consumer Service) PandaDoc’s endpoint that receives SAML assertions. https://app.pandadoc.com/sso-acs/
- Name ID Format—PandaDoc only supports SAML 2.0, please choose “um:oasis:names:tc:SAML:2.0:nameid-format:persistent” from the dropdown
- Click Save
Salesforce User Authorization
- From Setup, enter Connected Apps in the Quick Find box, and select Manage Connected Apps.
- Click on the Master Label name for newly created PandaDoc SSO application
- In the "Profiles" and “Permission Sets” related list, add the profiles of the users who should have access to the PandaDoc application.
PandaDoc SSO Configuration
- Sign-On URL. To find out your Sign-On URL, within your Connected App locate SAML Login Information > SP-Initiated Redirect Endpoint
- Certificate. Next, you will find out your signing certificate by clicking on Default idP Certificate > Download Certificate
After exporting the certificate to file, open the file with Notepad or another text editor, copy the text snippet and paste to the “Certificate” field in the PandaDoc SSO form
***Contact email@example.com to notify our Support team the form has been filled out***
Testing SSO in PandaDoc
- Log out of PandaDoc (click on avatar picture and choose “Log out”)
- Open your PandaDoc URL in the browser - https://app.pandadoc.com/sso-login/
- Log in with your PandaDoc account domain email.
- Open the App Launcher
- Search for the PandaDoc SSO Application
- User will be redirected to PandaDoc