Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Insert excerpt
IL:External Directory Prerequisites
IL:External Directory Prerequisites
nopaneltrue

EmpowerID includes a Salesforce connector that allows organizations to bring the user data (user accounts, permissions sets, profiles and roles) in their Salesforce domain to EmpowerID, where it can be managed and synchronized with data in any connected back-end user directories. Once connected, you can manage this data from EmpowerID in the following ways:

  • Account Management

    • Inventory user accounts

    • Create, Update and Delete user accounts

    • Enable and Disable user accounts

  • Group Management

    • Inventory groups

    • Inventory group memberships

    • Create groups

    • Add and Remove members to and from groups

  • Attribute Flow
    Users in Salesforce are inventoried as accounts in EmpowerID. The below table shows the attribute mappings of Salesforce user attributes to EmpowerID Person attributes.

Salesforce Attribute

Corresponding EmpowerID Attribute

Description

FirstName

FirstName

First Name of a user

LastName

LastName

Last Name of a user

Name

Name

Full Name of a user

Email

Email

Email address of a user

Phone

Telephone

Telephone number of a user

Title

Title

Job title of a user

IsActive

Active

Active status of a user

Department

Department

Department in which a user works

Company

Company

Company where a user works

City

City

City where a user is located

Country

Country

Country of user

ManagerId

ManagerPersonID

Employee ID of user’s manager

Info

When EmpowerID inventories Salesforce, it creates an account in the EmpowerID Identity Warehouse for each Salesforce user, a group for each Salesforce profile, a group for each Salesforce role, and a group for each Salesforce permission set. EmpowerID distinguishes these groups from one another by group type. Groups created for Salesforce profiles have a group type of ProfileGroup (GroupTypeID of 15), while groups created for roles have a group type of PrimaryRoleGroup (GroupTypeID of 16). This information becomes important if you use EmpowerID to create users in Salesforce as each Salesforce user must have a profile.

Step 1 – Create a Salesforce account store in EmpowerID

  1. On the navbar, expand Admin > Applications and Directories and then select Account Stores and Systems.

  2. On the Account Stores page, select the Actions tab and then click Create Account Store.

  3. Under System Types, search for Salesforce.

  4. Click the Salesforce.com record to select the type and then click Submit.

  5. On the Salesforce settings page that appears, fill in the following information

    1. User Name — Enter the username of the Salesforce account you created in Salesforce for EmpowerID.

    2. Password — Enter the password for the connection account.

    3. Service Account Token — Enter the value of the token generated by Salesforce for the selected user account.

    4. URL — Enter https://<YourSalesforceDomain>/services/Soap/c/34.0. Replace <YourSalesforceDomain> with the name of your Salesforce domain.

  6. When you have added your settings, click Submit to create the account store.

EmpowerID creates the account store and the associated resource system. The next step is to configure attribute flow between the account store and EmpowerID.

Step 2 – Configure Attribute flow

Insert excerpt
IL:Configure Attribute Flow Rules-V21
IL:Configure Attribute Flow Rules-V21
nopaneltrue

Now that the attribute flow has been set, the next steps include configuring the account store and enabling EmpowerID to inventory it.

Step 3 – Configure account store settings

  1. On the Account Store and Resource System page for Salesforce, click the Account Store tab and then click the pencil icon to put the account store in edit mode.


    This opens the edit page for the account store. This page allows you to specify the account proxy used to connect EmpowerID to your Salesforce account as well as how you want EmpowerID to handle the user information it discovers in UltiPro during inventory. Settings that can be edited are described in the table below the image.

    Insert excerpt
    IL:Account Store Settings (Non-AD) V21
    IL:Account Store Settings (Non-AD) V21
    nopaneltrue

  2. Edit the account store as needed and then click Save to save your changes.

Next, enable the Account Inbox permanent workflow to allow the Account Inbox to provision or join the user accounts in Box to EmpowerID Persons as demonstrated below.

Tip

EmpowerID recommends using the Account Inbox for provisioning and joining.

Step 4 – Enable the Account Inbox Permanent Workflow

Insert excerpt
IL:Enable Account Inbox PW - V21
IL:Enable Account Inbox PW - V21
nopaneltrue

Step 5 – Monitor Inventory

Insert excerpt
IL:Monitor Inventory - V21
IL:Monitor Inventory - V21
nopaneltrue
Insert excerpt
IL:External Stylesheet
IL:External Stylesheet
nopaneltrue

Div
stylefloat: left; position: fixed;

IN THIS ARTICLE

Table of Contents
maxLevel4
minLevel2
stylenone