Skip to main content



Salesforce unites organizations marketing, sales, commerce, service, and IT teams from anywhere with Customer 360 — one integrated CRM platform that powers our entire suite of connected apps. With Customer 360, organizations can focus their employees on what’s important right now: stabilizing your business, reopening, and getting back to delivering exceptional customer experiences.

Acceptto integrates with Salesforce to provide better security through Acceptto's Intelligent Multi-factor Authentication. Acceptto's intelligent MFA uses many different signals to improve security while reducing friction.

This document contains instructions for configuring SAML 2.0 for Salesforce to improve the security of users' logins into the Salesforce portal by using single sign-on.


  1. An Acceptto account with a configured Identity Provider and LDAP Agent. (See this page for the instructions)
  2. An organization identifier provided by Acceptto (organization slug).
  3. A user with administrative privileges for the Salesforce portal.

Configure Salesforce as a SAML Service Provider#

  1. Login to your Salesforce. Salesforce has two user interfaces: Classic and Lightning. In Salesforce Classic: Navigate to Setup > Security Controls > Single Sign-On Settings and in Salesforce Lightning, click the gear icon. Navigate to Setup > Identity > Single Sign-On Settings.

    Dashboard SSO link

  2. On the Single Sign-On Settings page, click Edit to enable SAML on Salesforce.

    SSO Settings Edit

  3. Check the SAML Enabled box to enable the use of SAML Single-Sign On, then click Save.


  4. On the Single Sign-On Settings page, click New.

    SSO Settings

  5. Enter the following information on this page:

    Note: Download your SAML IdP X509 certificate. Go to[organization identifier]/saml/download/cert to download the cert.pem file containing your certificate.

    Download your SAML metadata file. Go to[organization identifier]/saml/download/metadata to download your metadata file.

    • Name: Enter a name of your choice.
    • SAML Version: Make sure this is set to 2.0. This should be enabled by default.
    • Issuer: Copy and paste the Acceptto SAML issuer (e.g.
    • Identity Provider Certificate: upload an Acceptto certificate into this field. In the SAML Identity Type part, click on the Assertion containing the Federation ID from the User object item.
    • Identity Provider Login URL: Copy and paste the sign in URL from Acceptto metadata.
    • Custom Logout URL: Copy and paste this logout link from Acceptto metadata API Name: Enter an API name of your choice. Entity ID: Enter https://[customDomain]

    SAML SSO Settings

  6. Click Save. Then you can see the following page. Copy the Login URL from this page.

    SSO Login URL

Acceptto SAML Configuration as Identity Provider (IdP)#

  1. Login to the Acceptto Dashboard with an administrative account and go to Applications.

  2. Create a new application by selecting Create New Application.

    Create new app

  3. In the New Application form, enter the following values under the General tab.

    • Name - The application name displayed in the admin panel and application portal and used for push notifications and audit logs. (e.g. Salesforce)
    • Type - Select "SAML Service Provider" from the options
    • Out of Band Methods - Select the allowed methods for approving MFA requests
    • Message for MFA Requests - Enter the user-facing message for Push, SMS, and email MFA requests (optional)

    App details

  4. Under the SAML Service Provider Configuration tab, enter the following values:

    • Issuer or Entity ID – Enter the Issuer/EntityID of your Salesforce instance. This value is available in the Trusted IdP section of your Salesforce tenant as SP Entity ID (see the next section).
    • Sign in URL - The URL used to login to your Salesforce (e.g.
    • NameID Format - Select "Email address" from the dropdown menu.
    • Name Identifier - Select "Email" from the dropdown menu.
    • Assertion Consumer Service (ACS) URL - Enter the URL on the service provider where the identity provider will redirect to with its authentication response. It should end at access/idp (e.g.

    Service Provider

  5. Then, type the Single Logout URL, which is given in the Salesforce portal.

    Logout URL

  6. Click Save to create the Application.

Authentication Configuration in Salesforce Portal#

  1. Navigate to setup in the Salesforce portal as an administrator. Go to My Domain.

    Salesforce mobile quick start

  2. Click Edit in the Authentication Configuration section.

    Authentication Config

  3. Check the Example box which you have created in the previous step. Click Save.

Authentication Service

User Configuration in Salesforce Portal#

  1. Navigate to the Users in the Setup page of Salesforce. Then click on Edit on the desired user.

    Users dashboard

  2. In the user profile page drop down menu and in the Single Sign-on part, copy the email address which is integrated with your Acceptto account, in the Federation ID box. Click Save.

    SSO Info

Test Your Setup#

  1. Open the Salesforce login URL through a browser and you can see the Acceptto login form. Click on that.

    Salesforce sign in

  2. You will be redirected to the Acceptto SSO page.

    Acceptto Sign in

  3. After successful authentication, you’ll see the Acceptto MFA options. Select your desired method and pass the verification stage.

    QR code

  4. Finally you will be redirected to the Salesforce portal page passwordless and easily.

    Salesforce Dashboard


If you require assistance, please email us at


Want to learn more about our MFA solutions? Contact our Professional Services for a Demo today.


All product names, trademarks, and registered trademarks are the property of their respective owners.

All company, product, and service names used in this document are for identification purposes only. The use of these names, trademarks, and brands do not constitute an endorsement by the Acceptto Corporation.