Configuring VMware Identity Manager for Salesforce – Part 1

Now we’ll look at configuring SAML integration between VMware Identity Manager and Salesforce for Workspace ONE.

Definition:  Security Assertion Markup Language (SAML). It is an open standard which enables SSO for many different services and platforms. Authenticating with SAML allows a user to log in once per session.

Here are the defining components of SAML:

  • Service provider (i.e. an application.)
  • Identity provider (who is authenticated, and what authentication methods are used.)
  • End user who is accessing over SAML.

 

idp.png

  1. User starts the SAML Application
  2. Service Provider (SP) sends a request to the Identity Provider (IdP) for authentication
  3. If the user is not authenticated, the IdP requests authentication from the user. (I.e. username and password)
  4. The IdP then sends response to the SP with a token for that user.

 

To go through this guide, you’ll need the following. So load up, and let’s get poppin’

  1. A Salesforce login. First create a trial Salesforce developer account
  2. A VMware Identity Manager tenant at your disposal.

 

Now SAML can be explained as a way of making two parts speak the same language.

So what we are going to do now is:

Export the SAML Metadata from VMware Identity Manager

  1. Log on to your VMware Identity Manager-tenant (URL: mXXXXXX.vmwareidentity.eu/)2017-04-10_10-22-01.png2017-04-10_10-24-39.png2017-04-10_10-26-07.png
  2. 2017-04-10_10-28-36.png
  3. Right-click “Identity Provider (IdP) metadata” and choose “Save link as..chrome_2017-04-10_10-30-17.png
  4. Save the metadata file (idp.xml).

 

Add application from the catalog

 

Import the SAML Metadata File to Salesforce

  1. Now let’s start off by navigating to https://login.salesforce.com
  2. Enter your Salesforce username and password and hit “Login”.
  3. Type in “single” to find the SSO setting we will be configuring.
    chrome_2017-04-10_15-23-54.png
  4. Choose “Edit” and Select “SAML Enabled” to enable SSO with the SAML protocol.2017-04-10_15-28-55.png
  5. Choose “New from Metadate File”

    2017-04-10_15-30-58.png
  6. Now we upload the idp.xml that we downloaded from our VMware Identity Manager tenant. Hit “Create” and the SAML SSO settings will populate.2017-04-10_15-34-15.png
  7. Now we need to update the SAML Settings.  First off Select “Assertion contains the Federation ID from the User object.” and hit “Save”.2017-04-10_15-37-53.png
  8. Hit “Download Metadata”.2017-04-10_15-40-48.png
  9. Save the file it’ll be a .xml with a name similar to SAMLSP-XXDXXXXXXXXQ.xml.

 

Register your domain on Salesforce

Now that we’ve downloaded the SAML metadata file, we need to register our domain.

In the search box on the left, we will enter “my domain” and click “My Domain”.

2017-04-10_15-47-10.png

 

  1. In the field “Choose Your Domain Name”, enter a domain name.
  2. To confirm that it is available, hit “Check Availability.”
  3. Finish with hitting “Register Domain.”

2017-04-10_15-51-20.png

Now we wait for an e-mail from Salesforce, that the domain is ready.

chrome_2017-04-10_15-53-59.png

 

And after a few minutes:

2017-04-10_16-04-00.png

Now we return to “My Domain”, and edit the authentication configuration.

  1. In the search box on the left enter “my domain” and click “My Domain“.
  2. Next to “Authentication Configuration, hit “Edit“. 2017-04-10_16-06-53.png

 

That concludes part one!

If there are any topics or areas you’d like me to focus on, don’t hesitate to let me know! As always you can reach me at @UlvBjornsson, via the comments or by connecting with me on LinkedIn.

 

 

Installing VMware Enterprise Systems Connector

Things change fast, very fast. So VMware AirWatch 9.1 is out and so is the new installer which serves as the unified connector for Workspace ONE; AirWatch, and Identity Manager.

So if you were used to installing the ACC (AirWatch Cloud Connector) or the Linux appliance vIDM (VMware Identity Manager Connector), you should know that these two products have now been tied into one and have been branded VMware Enterprise Systems Connector.

Which I think is great, as editing a Linux appliance and bash, sudo, cat, vi. Yeah, it was fun.

I’ll walk you through the installation of the VMware Enterprise Systems Connector and enterprise integration.

So we’ve navigated to the Workspace ONE-tenant (VMware Identity Manager-tenant) which tells us that we need to download a Connector to configure it.

2017-06-04_17-39-18.png

You can find the download by logging into your AirWatch-tenant and navigating to Systems > Enterprise Integration > VMware Enterprise Systems Connector

2017-06-04_17-44-17.png

 

Just as before when downloading the installers, it asks for a password. Store it somewhere, you’ll be using this for the installation later.

 

2017-06-04_17-51-08.png

 

 

 

Get it on the server, run it.

2017-06-06_10-40-44.png

So one change is that there is a new dependency, which is .NET Framework 4.6.2 we can use the installer to get it or you can grab it from Microsoft from here.

2017-06-06_11-31-40.png

download from here

 

2017-06-06_11-33-52.png

and install

Next, it informs us we require JRE, let’s run through it as well.

2017-06-06_11-41-49.png

 

And that’s it.

Very straightforward, make sure to verify it by hitting “Test Connection”.

2017-06-04_17-44-17.png

 

An update and a recap we are in the middle of 2018!

It’s Summer, the heat in Norway and most of the world is unreal these days with world records being broken. We are in the middle of 2018, and a lot has happened!

I joined Lumagate in March as a Principal Solution Architect, and in May the rebranding to Innofactor was completed which was celebrated with an event called Inspirit that was held in Helsinki.

6Innopaper1920_1200.jpg

Innofactor is a leading provider of digitalization and cloud solutions in the Nordic countries. Our task is to help our customers digitalize their business, promote a collaborative way of working, and develop their business processes by utilizing data-driven decision making and secure cloud services. Together with our customers, partners, employees, and investors we produce solutions that help our customers and society to succeed.

If you are looking for a place where you can work with cutting-edge technology, good colleagues and exciting days, you should definitely check us out.

On the 7th of June, I spoke at GNIST, a cloud seminar put-together by Innofactor. Primed on cloud computing, there were a lot of exciting speakers and topics. I was asked to hold a session, and I did one called “A recipe for Cloud Migration” where I covered getting control over operational costs, increasing workforce productivity and driving business agility by moving to Cloud.

If you are holding an event and have a call for content or speakers, let me know. I’ll check it out, and I can if you want also forward it to other relevant speakers based on topic and audience.

 

aliglobalreach.PNG

Also at the start of July, I was announced as an Alibaba Cloud Most Valuable Professional which I am incredibly humbled by and appreciative to be recognised by Alibaba Cloud for doing the things I love. Nothing is more rewarding than to be able to do what I’m passionate about technology, security and the intersection of it all with the human element. There is no doubt that Alibaba Cloud is the go-to cloud for anyone looking to have a presence in mainland China.

 

2018 has been a year to symbolise new beginnings and challenges which I am thoroughly enjoying. Working a lot with governance for enterprise organizations as well as hosters in the Nordics and massive datacenter migrations to cloud, I’m looking forward to writing more on this going forward and sharing my insight as well as hearing from you; what your thoughts, gotchas, questions or pitfalls you’d like to ask about or share.

 

Bilderesultat for weather 2018 summer europe

Enjoy the summer and remember to stay hydrated!

If there are any topics or areas you’d like me to focus on, don’t hesitate to let me know! As always you can reach me at @UlvBjornsson, via the comments or by connecting with me on LinkedIn.