Outreach is now compatible with Single Sign On (SSO) applications like Okta, Salesforce, and Onelogin. This article is specific to connecting Salesforce and Outreach using sign sign on, but if you would like to connecting other SSO applications, you can follow the hyperlinks below:
Requirements
- Enable Salesforce as an Identity Provider (you can find instructions here)
- Salesforce Admin privileges
- Outreach Admin privileges
If a Salesforce Admin and unable to enable Salesforce as an identity provider, we recommend contacting your IT team.
Step 1. Salesforce Setup
1.1 In Salesforce, navigate to Setup >> Create >> Apps and create a “connected app” by clicking “New”
1.2 Name this new app connection and check “Enable SAML” under “Web App Settings”. For now, just fill in some placeholder values for both “Entity ID” and “ACS URL” (we will come back and update them later in Step 3), and then click “Save”.
1.3 Now that you have the “connected app”, note down its “Issuer” and “SP-Initiated Redirect Endpoint”, as well as the “Idp Certificate”. We will use them in Step 2.
Step 2. Create the Identity Provider inside Outreach Accounts
2.1 As an Outreach admin, you will navigate to the Org’s “Setting” page by going to Settings > Org, and click the link to “Sign On Options”
2.2 If it is an org without SSO already setup, click “Add Identity Provider”.
2.3 Add the requested identity provider information. The information requested in this section is from step 1.3 above. If you get an HTTP error message when testing, you can try replacing the SP-Initiated POST Endpoint with the Redirect Endpoint URL.
NOTE: The above screenshot contains two advanced settings: "Use NameId Instead of Email" and "Enable just-in-time new user provision". We do NOT recommend checking these options unless the functions of each are understood and needed by your organization. You can read more on these advanced settings in Advanced Settings For Identity Provider (SSO).
2.5 Retrieve setup information from Outreach to put into Salesforce
Note: This screenshot says “Okta”, but the screen will look similar for Salesforce.
Now find the “Setup Info” section. Copy the “Setup Info”: “ACS URL” and “Service Provider Entity ID” information. We will update the Salesforce application with this information in step 3 below.
Note: This screenshot says “Okta”, but the screen will look similar for Salesforce.
Step 3. Update the Salesforce App
Go back to Salesforce >> Setup >> Create >> Apps >> Edit and edit the “connected app” you created for the Outreach <> Salesforce SSO connection with “Entity Id” and “ACS URL”.
You need to allow users to access the "connected app". To give permission, go to 'Manage Users -> Users' and click edit on the individual user you are testing. Click profile name link, which takes you to the profile page. You can scroll below to 'Connected App Access' and check if the access is given or not. If not, give access by clicking edit profile in the top of page. In addition, you can check on the IdP logs under 'Manage Users -> Identity Provider Event Log'.
Step 4. Enable SSO inside Outreach Accounts
4.1 Return to your Outreach account and click “Test” to see if the identity provider is set up correctly.
If successful, you should see a success page. Please examine the “User email” and make sure it matches with user login email inside Outreach.
4.2 Click “Back”, check “Enable”, and click “Save”.
Note: This screenshot says “Okta”, but the screen will look similar for Salesforce.
Congrats! SSO is now enabled!
© 2023 Outreach.io