Setting SSO Between Salesforce and Okta’s Salesforce.com Standard Application using SAML 2.0 protocol

SSO(Single Sign On between Okta(Salesforce.com application) as Identity Provider and Salesforce as Service Provider) Steps to setup SSO between Salesforce and Okta’s Salesforce.com Application:-

• Go to your admin Okta’s Dashboard page.
• Click on Applications tab.
• You can see your all custom as well as standard apps if you have configured any, click on Add Application button.
• Now type Salesforce.com in search application box.
• Click on Add for the salesforce.com app in the dropdown.
  
• This will open General setting page of an app.Type your desired name for an application in Application Label field.
• Select your salesforce instance type that is production or sandbox org.
• Select your user profile type means if you are setting SSO for internal users then select Standard
• Salesforce User or setting for community user then select Salesforce Community User etc. For now I am setting for internal users.
• Click Next.
  
• Now you are on Sign On Options page, select SAML 2.0 under Sign On section.
  
• Click on View Setup Instruction button. This will take you to new tab where all the URLs and certificate are provided  which are needed for configuration in salesforce org.
  
• Now Login into salesforce org which will act as s Service Provider.
• Type Single Sign-On Settings in quick find/search box and click the that link as shown below:-
• Update the SAML enabled checkbox to true.
• Click on New button in SAML Single Sign-On Settings section.
• This page is where actual configuration is done, type desired name and api name for this SAML setting.
• Copy the Issuer, Identity Provider Login URL and Identity Provider Login URL from that new tab which is opened on View Setup Instructions button and paste it in the respective salesforce fields - Issuer, Identity Provider Login URL and Custom Logout URL.
• If you have setup custom domain for your org then type ‘https://{!customDomain}.my.salesforce.com’ in Entity Id field else type ‘https://saml.salesforce.com’.
• Download the certificate from that new tab by clicking the link under Identity Provider Certificate heading and upload in the Identity Provider Certificate field of salesforce.
• Select Assertion contains the User's Salesforce username in SAML Identity type field
• Leave all other fields as it is and click Save button.
  
• Now under the Endpoints section of SAML configuration that you have just created copy the Login URL, go back to Okta’s app Sign On Option page and paste that URL in Login URL field.
• If you have custom domain setup for your salesforce org then enter that in Custom Domain field else leave it empty. Example if your domain is ‘shariq007.my.salesforce.com’ then enter ‘shariq007’ in that field.
• Leave all other fields of app Sign On Options as it is and click Done.
  
• It will send you to Assignments tab of that app, here you will assign users to it.
• Click on Assign button, this will open a dropdown list, click Assign to People.
• Pop up will open where all the users are available for assignment. Click on Assign button for that user to which you have to assign the app.
• Type the salesforce username in the User Name field, as we are using username for SAML Identity Type.
• Click Save and go back.
  
• Now user have been assigned to that app, now login from that user to see the app icon in its okta home page.
• Click on the app icon will login to your salesforce org to which you have setup SSO without providing the credentials.