Authenticate to the Salesforce Mobile App using VMware Identity Manager

Important: The following article was published January 2016, and the software, services, and user interfaces described below may have been updated since that time. Follow the similar or applicable steps based on any updates. 

In addition to this article, you may find the Salesforce Integration document, located on the VMware Identity Manager Integrations Documentation page, useful.

 

Perform the following steps to configure AirWatch and VMware Identity Manager to provide automatic authentication for the Salesforce application.

1. Log in to the VMware Identity Manager console.

image001.png

 

2. Navigate to the App Catalog.

image002.png

 

3. Select add app from the Cloud Catalog.

image003.png

 

4. Select the Salesforce application. Leave the app details as their default values.

image004.png

 

Also leave the application configuration details as their default values.

image005.png

 

5. Select Add Group Entitlements or Add User Entitlement to select which users will have access to this application.

image006.png

 

Select the specific groups and/or users to Entitle and set the Deployment Type to Automatic.

image007.png

 

6. Navigate to Catalog > Settings and Download IDP Metadata.

image008.png

 

7. Log in to Salesforce and navigate to Setup, shown in the top-right.

image009.png

 

8. Search for Single Sign-On using the search box on the right.

image010.png

 

9. Select New-From Metadata. Upload the file you downloaded from VMware Identity Manager.

image011.png

 

10. Modify your Single Sign On settings as needed.

image012.png

 

11. Enable SSO under the My Domain menu.

image013.png

image014.png

 

12. In VMware Identity Manager, select Setup, shown in the top right.

 image015.png

 

13. Select Worker and then select the Auth Adapters tab.

image016.png

 

14. Configure your Kerberos and Certificate authority adapters. Configure your access policies for iOS and Android.

image017.png

image018.png

 

15. Navigate to the Google Play Store: https://play.google.com/work. Search for Salesforce and select Approve.

image019.png

 

16. Log into the AirWatch Admin Console. Add Salesforce as a public application by navigating toApps & Books > Applications > List View, selecting the Public tab, and selecting Add Application. Select Android, then Import from Play.

image020.png

A list of approved apps should display.

image021.png

 

Using the same procedure, also add Salesforce as a public iOS application.

 

17. When adding the applications, edit the app configuration keys, assignment criteria, and so on. These fields are explained in the AirWatch Mobile Application Management Guide, available via AirWatch Resources.

For the application configuration keys, you can use the following values:

AppServiceHosts

String

SalesforceTenantURL (i.e https://acme.salesforce.com)

This specifies your company’s tenant custom URL. Android requires the https:// protocol. iOS does not.

RequireCertAuth

Boolean

TRUE

(Android Only) Enables Certificate authentication for Android for Work.

AppServiceUseSSL

Boolean

TRUE

(Android Only)

ClearClipboardOnBackground

Boolean

TRUE

This clears any copied text after closing the application and disables copying to any third party app.

image022.png

 

18. Next you will create the device profiles for credentials. Note that you should have a certificate authority already set up for this step. Instructions for specific CAs can be found in the Certificate Management documentation section of AirWatch Resources for your particular AirWatch version.

For iOS devices, create a Single Sign-On profile. Additional details can be found in the iOS Platform Guide for your particular version of AirWatch.

Account Name : Friendly name given to SSO account.

Kerberos Principal Name: Principal name of user authenticating to Kerberos domain controller. This is usually the user’s sAMAccount Name. A variable such as {EnrollmentUser} can be used.

Realm: Kerberos realm to which the device will be authenticating to. This is usually the same as the internal domain. Note this must be in all capital letters.

Renewal Certificate: Certificate that is used to authenticate against the Kerberos Domain Controller. This certificate must be issued from a Certificate Authority that is trusted by your internal domain.

URLs: Specify the websites where this SSO payload will be used for authentication.

Applications: Specify the bundle ID of the applications that will have access to use the Kerberos credentials for authentication.

 image023.png

For Android for Work devices, create a Credentials profile. Additional details can be found in the Android Platform Guide for your particular version of AirWatch.

image024.png

Have more questions? Submit a request

0 Comments

Article is closed for comments.