...
EmpowerID includes a Salesforce connector that allows organizations to bring the user data (user accounts, permissions sets, profiles and roles) in their Salesforce domain to EmpowerID, where it can be managed and synchronized with data in any connected back-end user directories. Once connected, you can manage this data from EmpowerID in the following ways:
Account Management
Inventory user accounts
Create, Update and Delete user accounts
Enable and Disable user accounts
Group Management
Inventory groups
Inventory group memberships
Create groups
Add and Remove members to and from groups
Attribute Flow
Users in Salesforce are inventoried as accounts in EmpowerID. The below table shows the attribute mappings of Salesforce user attributes to EmpowerID Person attributes.
Salesforce Attribute | Corresponding EmpowerID Attribute | Description |
|---|---|---|
FirstName | FirstName | First Name of a user |
LastName | LastName | Last Name of a user |
Name | Name | Full Name of a user |
Email address of a user | ||
Phone | Telephone | Telephone number of a user |
Title | Title | Job title of a user |
IsActive | Active | Active status of a user |
Department | Department | Department in which a user works |
Company | Company | Company where a user works |
City | City | City where a user is located |
Country | Country | Country of user |
ManagerId | ManagerPersonID | Employee ID of user’s manager |
| Info |
|---|
When EmpowerID inventories Salesforce, it creates an account in the EmpowerID Identity Warehouse for each Salesforce user, a group for each Salesforce profile, a group for each Salesforce role, and a group for each Salesforce permission set. EmpowerID distinguishes these groups from one another by group type. Groups created for Salesforce profiles have a group type of ProfileGroup (GroupTypeID of 15), while groups created for roles have a group type of PrimaryRoleGroup (GroupTypeID of 16). This information becomes important if you use EmpowerID to create users in Salesforce as each Salesforce user must have a profile. |
Step 1 – Create a Salesforce account store in EmpowerID
On the navbar, expand Admin > Applications and Directories and then select Account Stores and Systems.
On the Account Stores page, select the Actions tab and then click Create Account Store.
Under System Types, search for Salesforce.
Click the Salesforce.com record to select the type and then click Submit.
On the Salesforce settings page that appears, fill in the following information
User Name — Enter the username of the Salesforce account you created in Salesforce for EmpowerID.
Password — Enter the password for the connection account.
Service Account Token — Enter the value of the token generated by Salesforce for the selected user account.
URL — Enter https://<YourSalesforceDomain>/services/Soap/c/34.0. Replace <YourSalesforceDomain> with the name of your Salesforce domain.
When you have added your settings, click Submit to create the account store.
EmpowerID creates the account store and the associated resource system. The next step is to configure attribute flow between the account store and EmpowerID.
Step 2 – Configure Attribute flow
...
Now that the attribute flow has been set, the next steps include configuring the account store and enabling EmpowerID to inventory it.
Step 3 – Configure account store settings
On the Account Store and Resource System page for Salesforce, click the Account Store tab and then click the pencil icon to put the account store in edit mode.
...
...
Edit the account store as needed and then click Save to save your changes.
Next, enable the Account Inbox permanent workflow to allow the Account Inbox to provision or join the user accounts in Box to EmpowerID Persons as demonstrated below.
| Tip |
|---|
EmpowerID recommends using the Account Inbox for provisioning and joining. |
Step 4 – Enable the Account Inbox Permanent Workflow
...
Step 5 – Monitor Inventory
...
| style | float: left; position: fixed; |
|---|
IN THIS ARTICLE
...