Single Sign-on Delegated Authentication in CRM for Windows

To implement Single Sign-on (SSO) in CRM for Windows, configure Salesforce.com Delegated Authentication in Veeva CRM:

  1. Contact Salesforce Support and request SFDC Delegated Authentication be activated for your org. Once enabled, the Single Sign-On Settings link displays in the Setup menu.

    Veeva supports only delegated authentication, not federated authentication.

  2. Navigate to Setup > Security Controls > Single Sign-On Settings.
  3. Select Edit.

  4. Set the Delegated Gateway URL to the URL between Ping Federate and SFDC. For example:

    https://[server name]:9031/pf-salesforce-service-4.1.1/services/AuthenticationService
  5. Select the Force Delegated Authentication Callout check box.

Enabling SSO for Specific Profiles

To enable SSO for a specific user profile:

  1. Navigate to Administration Setup > Manager Users > Profiles.
  2. Select the appropriate user profile.
  3. Select Edit.
  4. Select the Is Single Sign-On Enabled check box in the Administrative Permissions section.

    Do not select this check box unless the org is already configured to use SSO. Otherwise, existing users will not be able to connect with the current Windows version of the application.

  5. Configure the THIRD_PARTY_AUTH_URL and THIRD_PARTY_APPLIESTO_URL Veeva Settings. In the corresponding Veeva Messages, enter the appropriate URL in the Text field:

    • THIRD_PARTY_AUTH_URL – For example, https://[server name]:9031/idp/sts.wst
    • THIRD_PARTY_APPLIESTO_URL – For example, https://[server name]:9031/pf-salesforce-service-4.1.1/services/AuthenticationService

  6. Enable the Enable_SSO_vod Veeva Setting.

Installing Third Party Authentication

Once SSO is configured, end users should re-install the CRM for Windows application:

  1. Log into Veeva CRM on the Online platform.
  2. Select Install Windows Application. If SSO is enabled and configured on the org and the current user in user profile is SSO enabled, the Download SSO Config option displays.
  3. Select Install to download the Setup.exe installer.
  4. Select Download SSO Config.
  5. Run Setup.exe. SSO settings import automatically.

If your settings are not found, you can set them manually:

  1. Select Import to display the file explorer.
  2. Select the downloaded configuration file (.vconfig).
  3. Enter your SSO username and password.
  4. Select Sign In.

Toggling Third Party Authentication Settings on Windows

If Third Party Authentication is not available, end users can still use their Salesforce credentials to log into their org by toggling Third Party Authentication settings:

  1. Select the Settings menu on the Login Page.
  2. Select Third Party Authentication settings.
  3. Select the toggle to enable or disable the setting. The setting is disabled by default.
  4. Select Save.