Integrating Trusona with Salesforce

How to use Trusona to enable passwordless logins for Salesforce

Trusona's Salesforce Integration Guide from Trusona on Vimeo.

1. Step 1 - Verify your Domain

If you haven’t done so already, please verify your domain via the Trusona Dashboard.

Log into and select the “Domains” tab on the sidebar. You will need access to your DNS records for your domain.

2. Step 2 - Custom Domain

If you haven’t done so already create a custom domain in Salesforce:

Setup > Domain Management > My Domain > “Create your custom domain” > Register Domain

Note: Once your domain is registered it will be up to the organization’s policy whether to still allow logging into salesforce through or only allow login through the organization’s new customized domain.

3. Step 3 - Enable SAML

Make sure that “SAML enabled” is checked. Setup > Quick Find search Single Sign-On Settings > Edit > check off SAML Enabled > Save

4. Step 4 - Upload XML

Log into the Trusona Dashboard at

  1. Navigate to the “Generic SAML” tab in the sidebar
  2. Select “Create SAML Integration”
  3. Name your Salesforce integration
Create Metadata XML
  1. Under the “Email Domains” section, select your domain even if it is the only verified domain.
  2. Select “Save”
    Once saved, you will be taken back to the list of your current SAML integrations.
Select email domain
  1. On the list of SAML integrations, select the “Actions”
  2. Right-click the “View metadata XML” button
Save Metadata XML
  1. Select “Save Link As” to download the Metadata XML file

While still in Single Sign-On Settings in Salesforce

  1. Select “New from Metadata file” button.
  2. Choose File
  3. Upload the XML file you downloaded from the Trusona Dashboard
  4. Select Create
New from metadata file
Choose file

5. Step 5 - Edit SAML Gateway

While still in Single Sign-On Settings

  1. Select Edit
  2. Change Name to Trusona
  3. Confirm Request Signature Method is set to “RSA-SHA256”
  4. Option 1: Select “Assertion Contains the User’s Salesforce username” if the Salesforce username is the same as their organization’s email address used to login to Salesforce. To verify if the Salesforce username is the same as their organization’s email address used to login to Salesforce go to Setup > Users > Users. If yes, the username and their organization’s email address should be the same.
  5. Option 2: If the Salesforce username is different from their organization’s email than select “Assertion contains the Federation ID from the user object” and a Federation ID will then need to be created for each user (see step 5B).
  6. Select HTTP Redirect
  7. Make sure Identity Provider Login URL is populated
  8. Select Save

5.1. Step 5B - Creating a Federation ID

This step is only needed if you selected Option 2 in the previous step.

Note: The XML file provided by Trusona is customized to your organization’s email domain. If your users have a different email domain as their username than you will need to create link between their email domain and the organizations’ by creating a Federation ID for those users.

  1. Setup > Manage Users > Users > edit next to the user’s name.
  2. Enter the email address the Salesforce user uses to login to Salesforce in the Federation ID field

6. Step 6 - Integrate Metadata

  1. In Single Sign-On Settings select “Trusona” under Name.
  2. Select “Download Metadata”
  3. Locate and copy the certificate information. It is located after <ds:X509Certificate> and before </ds:X509:Certificate>
  1. Open a new blank document in a text editor and copy the information that was just copied.
    1. Add a new line at the beginning of the doc and add -----BEGIN CERTIFICATE----- (including the dashes)
    2. Add a new line at the end of the doc and add -----END CERTIFICATE----- (including the dashes)
  1. Save the certificate file as a .cert.
  2. In the XML file, find the line that starts with “AssertionConsumeService” and copy the listed URL on that line.
  1. In the Trusona Dashboard, paste the ACS URL in the Assertion consumer service URL and upload the cert file.

7. Step 7 - Check off Trusona

Setup > Quick Find search My Domain > Edit in Authentication Configuration > check off Trusona > Save

8. Step 8 - Visit your Custom Domain URL in Browser

9. Step 9 - Get Users up to speed

Now that Trusona for Salesforce is ready to be used across your organization share Trusona for Salesforce End-User Video with your Salesforce users.


Remote access


Get started guides
Implementation guides
Users guides


Mobile SDKs
Server SDKs
Web SDKs


Authentication Service
ID Proofing Service