Salesforce
This guide walks you through how to configure Salesforce as a SAML IdP for RiskOS™ authentication.
Before you begin
You will need your socure_public_account_id, available in the RiskOS™ Dashboard on the Developer Workbench > API Keys page under the Customer ID section.
Set Up Single Sign-On (SSO) with Salesforce
1. Configure SAML in Salesforce
Follow these steps to create a SAML 2.0 integration in Salesforce:
- Log into your Salesforce account.
- Click Setup in the top right corner.
- In the Quick Find box, type Identity, then select Identity Provider.
- On the Identity Provider page, click Enable Identity Provider.
- From the dropdown menu, select the default certificate, then click Save.
- When prompted, click OK.
- Go to Identity > Identity Provider, then click Download Metadata to save the file.
- Under Service Providers, click Service Providers are now created via Connected Apps. Click here to add a service provider.
- On the New Connected App page, configure the Web App Settings as follows:
- Start URL: Use the start URL from the metadata file.
- Check the box for Enable SAML.
- Entity ID: Enter one of the following:
- Sandbox environment:
https://riskos.sandbox.socure.com/saml2/socure_public_account_id - Production environment:
https://riskos.socure.com/saml2/socure_public_account_id
- Sandbox environment:
- ACS URL: Enter
https://api-dashboardv2.socure.com/saml2/SSO.
- Click Save.
- Click Manage, then expand the Custom Connected App Handler section.
- Under Profiles, click Manage Profiles.
- Select the profile you want to grant access to Socure, then click Save.
2. Add custom attributes to the app
After setting up the Connected App, you can add custom attributes:
-
Click Manage, then expand the Custom Connected App Handler section.
-
Under Custom Attributes, click New. Each attribute must have a unique key and use fields available from the Insert Field menu.
Name Name Format Value Required? urn:oid:2.5.4.42Unspecified user.firstNameYes urn:oid:2.5.4.4Unspecified user.lastNameYes urn:oid:2.5.4.20Unspecified user.phoneNumberYes urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressUnspecified user.emailYes https://dashboard.socure.com/attributes/roleURI Reference String.join(",", appuser.RoleName)Optional -
Click Save.
If you want to manage what role(s) a user should have when they access RiskOS, you will need to add a new custom attribute. Fill out the details of the new custom attribute as follows:
- Data type: string array
- Display Name:
https://dashboard.socure.com/attributes/role - Variable Name: RoleName
- Enum: Checked
- Attribute Members:
- Display name is flexible and can be defined as you prefer, however the value has to match a valid RiskOS™ role name.
The following table lists the valid role names available in RiskOS™:
| Example Display Name | Value |
|---|---|
| Admin | administrator |
| Acc Owner | account owner |
| Dev | developer |
| Fraud Analyst | fraud analyst |
| Compliance Analyst | compliance analyst |
| Compliance Officer | compliance officer |
| Compliance Supervisor | compliance supervisor |
Note:
In future releases, RiskOS™ will support custom role names.
3. Send the SAML metadata to Socure
After setting up the Connected App and adding custom attributes, generate the SAML metadata file and securely share it with Socure.
Steps to retrieve and send metadata:
- Go to Apps > Connected Apps > Manage Connected Apps.
- Select the SAML app, then click Manage.
- Under SAML Login Information, click Download Metadata.
- Send the metadata file to Socure using a secure communication method.
Do not copy and paste just the X.509 certificate from the SAML Setup Instructions page. Socure requires the full SAML metadata file (XML format), which includes your entity ID, endpoints, and certificates.
Important: Customers must provide two separate metadata files to Socure:
- One for the RiskOS™ Sandbox environment
- One for the RiskOS™ Production environment
After receiving your SAML metadata file, your Technical Account Manager will confirm when SAML is enabled for your account.
4. Test the integration
To test the SAML integration, go to the IdP Admin Console, create a user, assign Socure's RiskOS™ app to the user and assign role(s) via the custom RoleName SAML attribute. When the user launches the RiskOS™ app from the IdP dashboard, the following occurs:
The Users tab on the Users and Roles page in RiskOS™ is populated with the user's name, email address, and phone number. The user is assigned the role(s) specified in the RoleName custom SAML attribute. If role(s) is not assigned, the system will default to assigning Analyst role to the user.
5. Assign users to RiskOS™
If you are planning to manage role assignment to users and you have configured the custom SAML attribute for RoleName, you can assign role(s) to the user when assigning the application. If a role is not assigned, the system will default to assigning Analyst role to the user.
Note:
RiskOS™ can have only 1 user assigned as Account Owner.
A role assigned to user is applicable in both Sandbox and Production. That is, if you assign a Developer role to a user, the user will have Developer role in both RiskOS Sandbox and RiskOS Production. In early 2026, we will be enhancing role-based access management to allow customers to assign roles by environment (e.g. assign [email protected] Administrator role only in Sandbox and assign only Developer role in Production).
Note:
Users are required to re-authenticate every 12 hours by default; however, you can specify a shorter duration using the maxAuthenticationAge parameter for further security hardening.
Updated 2 months ago