The Salesforce integration replaces password login with biometric authentication through the 1Kosmos mobile app using SAML 2.0 federation.
Integration type
API
Updated
Overview
1Kosmos integrates with Salesforce as a SAML 2.0 identity provider, replacing password-based login with biometric authentication via the 1Kosmos mobile app. Users authenticate to Salesforce using Touch ID, Face ID, or liveness-checked LiveID.
This integration uses a one-click setup in the 1Kosmos AdminX portal that automatically generates the SP configuration in Salesforce, reducing manual configuration steps.
Once active, users accessing their organization's Salesforce domain URL are redirected to 1Kosmos for authentication and returned to Salesforce upon successful biometric verification.
Prerequisites
Active 1Kosmos tenant: Administrator access to the AdminX portal. Contact 1kosmos.com/contact if your tenant is not yet provisioned.
Salesforce administrator access: Admin rights to the Salesforce Setup screen. The Sandbox edition is not supported by this integration.
Salesforce security token: Required for the one-click setup. Generated in Salesforce by navigating to your avatar → Settings → Reset My Security Token. The token is sent to your registered admin email address.
1Kosmos mobile app installed: Users must have the 1Kosmos mobile app installed on iOS or Android and have completed biometric enrollment before testing the integration.
My Domain configured in Salesforce: Required for SSO to function. Confirm your organization has a custom Salesforce domain set up at Settings → Company Settings → My Domain.
Configuration values
Values to collect from 1Kosmos (IdP) after app creation:
|
|
|
|
|
|
Values to collect from Salesforce (SP) before beginning:
|
|
|
|
|
|
|
|
Integration steps
Step 1: Collect your Salesforce domain URL and security token Log in to Salesforce and navigate to Settings (gear icon) → Setup. Copy and save your Salesforce domain URL. Then navigate to your avatar → Settings → Reset My Security Token and copy the token value sent to your email.
Step 2: Add the Salesforce integration in AdminX Log in to the 1Kosmos AdminX portal and navigate to Applications → Add Application. In the Add new applications screen, locate the Salesforce SAML option under Pre-built integrations and click Add integration.
Step 3: Complete the one-click setup Enter the following values in the Salesforce integration screen: your application name, Salesforce domain URL, Salesforce admin username, Salesforce admin password, and Salesforce security token. Click Connect. AdminX automatically generates an SP configuration in Salesforce named "1Kosmos." The credentials entered here are one-time use only and are not stored; change your Salesforce admin password and revoke the security token after setup completes.
Step 4: Enable SAML in Salesforce In Salesforce, navigate to Settings → Identity → Single Sign-On Settings. Click Edit, select the checkbox for SAML Enabled, and click Save.
Step 5: Set the Federation ID for each user In Salesforce, navigate to Administration → Users → Users. Click Edit for each user. In the Single Sign On Information section, enter the user's email address as the Federation ID. This must match the email address linked to that user's record in the AdminX portal. Click Save.
Step 6: Set the default authentication configuration In Salesforce, navigate to Settings → Company Settings → My Domain → Authentication Configuration. Click Edit, select the checkbox next to the 1Kosmos SSO instance, and click Save.
Step 7: Test the integration Navigate to your organization's Salesforce domain URL. You should see the 1Kosmos login option on the Salesforce login screen. Click it to be redirected to the AdminX portal. Open the 1Kosmos mobile app, tap Scan QR, scan the displayed code, and complete biometric authentication. Confirm you are logged into Salesforce after successful authentication. Test with a single user before enabling for the full organization.
Attribute mappings
Source (1Kosmos) | Target (Salesforce) | Description |
|---|---|---|
|
| Primary SSO identifier |
Integration notes
The one-click integration path creates the SP configuration automatically using your Salesforce admin credentials. These credentials are transmitted once and not stored by 1Kosmos. Rotate your admin password and security token immediately after the Connect step.
For organizations managing SSO for large user populations, the Federation ID must be set on every Salesforce user record before those users can authenticate through 1Kosmos. This can be bulk-updated via Salesforce Data Loader.
