6. Advanced Settings

Objective

Here are described more advanced technics. It’s not necessary to read this in order to configure simple login scenario, but if your users already can sign in, here you can find info how to adjust or optimize that process.

6.1. Role Mapping

Objective

Explains how to push Salesforce user roles to corresponding DNN user profile.

Note

In example below we created mapping for three Salesforce user roles: “Intranet”, “Editors”, “Administrator”. Naturally plugin can sync any other role.

“Salesforce Authentication SPI” allows copy Salesforce roles to DNN user profile on login process. If role doesn’t exist in DNN, it will be automatically created. Salesforce user roles are trasfered to DNN via two custom properties:

  • first property of a type Picklist (Multi-Select), that contains list of Salesforce user roles,
  • second property of a type Formula that will dynamically populate property above, depending on whether or not user belongs to role,

Below is explained how to create these properties.

6.1.1. Property “RoleNames”

  1. Go to: Build-> Customize-> Users-> Fields, see figure below

    _images/advanced-settings-role-mapping_01.png

  2. Scroll down to section “User Custom Fields” and click on button New. This will start simple wizard that will create new user property.

  3. For “Data Type” select Picklist (Multi-Select) and click Next, see figure below.

    _images/advanced-settings-role-mapping_02.png

  4. Set property label to RolesNames, select option “Enter values, with each …”. Then enter role names and click Next, see figure below.

    _images/advanced-settings-role-mapping_03.png

  5. On the “Step 3. Establish field-level security” click Next, see figure below.

    _images/advanced-settings-role-mapping_04.png

  6. On the “Step 4. Add to page layouts” click Save, see figure below.

    _images/advanced-settings-role-mapping_05.png

  7. Newly created property object is avaialble in section “User Custom Fields” (under the “Build-> Customize-> Users-> Fields”). Check the “API Name”, this value will be used to create second property, see figure below.

    _images/advanced-settings-role-mapping_05a.png

6.1.2. Property “RoleValues”

  1. Go to: Build-> Customize-> Users-> Fields, see figure below

    _images/advanced-settings-role-mapping_01.png

  2. Scroll down to section “User Custom Fields” and click on button New. This will start simple wizard that will create new user property.

  3. For “Data Type” select Formula and click Next, see figure below.

    _images/advanced-settings-role-mapping_06.png

  4. For “Filed Label” enter RoleValues and for “Return Type” select Text, then click Next, see figure below.

    _images/advanced-settings-role-mapping_07.png

  5. For the textbox named “Role Values(Text)” enter following code snippet and click Next

    Warning

    In our case “API Name” for property “RoleNames” is “webadv__RoleNames__c”. Please be aware that for your Salesforce instance this could be vary.

    IF ( INCLUDES ( $User.webadv__RoleNames__c, "Intranet" ), "Intranet|+|; ","Intranet|-|;") &
IF ( INCLUDES ( $User.webadv__RoleNames__c, "Editors" ), "Editors|+|; ","Editors|-|;") &
IF ( INCLUDES ( $User.webadv__RoleNames__c, "Premium" ), "Premium|+|; ","Premium|-|;")

  6. See image below.

    _images/advanced-settings-role-mapping_08.png

  7. On the “Step 4. Establish field-level security” click Next, see figure below.

    _images/advanced-settings-role-mapping_09.png

  8. On the “Step 5. Add to page layouts” click Next, see image below.

    _images/advanced-settings-role-mapping_10.png

  9. If everything is correct, under section “” should be two new properties, see figure below.

    _images/advanced-settings-role-mapping_11.png

6.1.3. Configure “Connected App”

This section will show how to expose newly created properties outside of Salesforce. To do that we will add profile mappings. This task is very similar to Profile Mapping.

  1. Go to Setup-> Build-> Create-> Apps

  2. Scroll down to section “Connected Apps” and click on your connected app. In this case “Connected Apps” name is “For my DNNv9.2”, but it could vary for your Salesforce instance.

    _images/base-config-salesforce-profile-mapping_01.png

  3. Scroll down to section “Custom Attributes” and click on New button, see figure below.

    _images/base-config-salesforce-profile-mapping_02.png

  4. In panel “Create Custom Attribute”, for textbox Key enter value Roles, and click on button Insert Field, see figure below.

    _images/advanced-settings-role-mapping_12.png

  5. Inside popup “Insert Field”, click on $User> then RoleValues and click on button Insert, see figure below.

    _images/advanced-settings-role-mapping_13.png

  6. Click on Save button, see image below.

    _images/advanced-settings-role-mapping_14.png

  7. The mapping was successfully created and “Connected App” will export Salesforce user roles to DNN. From DNN perspective this propety will be visible as Roles.

    _images/advanced-settings-role-mapping_15.png

6.2. Single Log-out (SLO)

Objective

Explains how to log off from Salesforce and DNN website using one-click button.

Note

In order to SLO, DNN website needs to be working at the top of HTTPS protocol.

Following coordinates are required for SLO:

6.2.1. Turning SLO on Salesforce

First we need enable Single Log-out inside Salesforce organization. Follow steps below.

  1. Go to Setup-> Build-> Create-> Apps

  2. Scroll down to section “Connected Apps” and click on “Edit” near your connected app, see figure below.

    _images/base-config-salesforce_10.png

  3. Go to section “Web App Settings”, tick option “Enable Single Logout”, then under “Single Logout Binding” select “HTTP POST”, see figure below.

    _images/advanced-settings-slo_04.png

Now the SLO is partially enabled, see steps below to complete the configuration.

6.2.2. Setting up Single Logout Endpoint

In this section we well get Salesforce “Single Logout Endpoint”. DNN website need it to send log-off request.

  1. Go to Setup-> Build-> Create-> Apps

  2. Scroll down to section “Connected Apps” and click on ‘Manage’ near your connected app, see figure below.

    _images/base-config-salesforce_07.png

  3. Scroll down to section “SAML Login Information” and copy “Single Logout Endpoint”, see figure below.

    _images/advanced-settings-slo_01.png

  4. This address needs to be copied to “Salesforce Authentication SPI” config, see figure below.

    _images/advanced-settings-slo_02.png

6.2.3. Setting up DNN logout URL

We need to inform Salesforce what is the DNN logout url. Usually DNN logoff page has following url: ‘https:\www.MyDnnDomain.comlogoff’. To apply that URL in Salesforce follow steps below.

Note

Salesforce accepts only https:// address for the “Single Logout URL” property.

  1. Go to Setup-> Build-> Create-> Apps

  2. Scroll down to section “Connected Apps” and click on “Edit” near your connected app, see figure below.

    _images/base-config-salesforce_10.png

  3. Scroll down to section “Web App Settings” and paste DNN logout address to the textbox named “Single Logout URL” (in our example it’s ‘https://dnn742.test/logoff’), see figure below.

    _images/advanced-settings-slo_03.png

If all steps are done it’s time to test log-off procedure. If SLO works OK we can see following two scenarios:

  • When user initiate log-off from DNN website, he should be signed off from DNN and Salesforce website.
  • When user initiate log-off from Salesforce website, he should be signed off from DNN and Salesforce website.