Versions Compared

Old Version 1

changes.mady.by.user Phillip Hanegan

Saved on

compared with

New Version 2

changes.mady.by.user Phillip Hanegan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Insert excerpt
IL:External Directory Prerequisites V21
IL:External Directory Prerequisites V21
nopaneltrue

Prerequisites

In order to connect EmpowerID to Salesforce:

  • You must have a Salesforce domain with an account that EmpowerID can use to connect to Salesforce.

  • At a minimum, this account must have a profile with permission to read the user data in Salesforce.

  • If you plan to use EmpowerID to provision, deprovision and modify the user data in Salesforce, the profile needs to have create, update and delete permissions as well.

Step 1 – Create a Salesforce account store in EmpowerID

  1. On the navbar, expand Admin > Applications and Directories and then select Account Stores and Systems.

  2. On the Account Stores page, select the Actions tab and then click Create Account Store.

  3. Under System Types, search for Salesforce.

  4. Click the Salesforce.com record to select the type and then click Submit.

  5. On the Salesforce settings page that appears, enter the following information:

    • Name – Enter a name for the account store

    • Service URL – Enter the URL for your Salesforce tenant

    • API Endpoint – Enter /services/data/v36.0/

    • Certificate Thumbprint – Enter the thumbprint of the certificate you uploaded to Azure for the service principal application created earlier.

    • User Name – Enter the username of the Salesforce service account you created in Salesforce for EmpowerID.

    • Client Secret – Enter the value of the token generated by Salesforce for the selected user account.

    • Service Account Token – Enter the value of the token generated by Salesforce for the selected user account.

    • SCIM URL – Enter the URL for the Salesforce SCIM app service created earlier.

  6. When you have added your settings, click Submit to create the account store.

EmpowerID creates the account store and the associated resource system. The next step is to configure attribute flow between the account store and EmpowerID.

Step 2 – Configure Attribute flow

Insert excerpt
IL:Configure Attribute Flow Rules-V21
IL:Configure Attribute Flow Rules-V21
nopaneltrue

Now that the attribute flow has been set, the next steps include configuring the account store and enabling EmpowerID to inventory it.

Step 3 – Configure account store settings

  1. On the Account Store and Resource System page for Salesforce, click the Account Store tab and then click the pencil icon to put the account store in edit mode.


    This opens the edit page for the account store. This page allows you to specify the account proxy used to connect EmpowerID to your Salesforce account as well as how you want EmpowerID to handle the user information it discovers in UltiPro during inventory. Settings that can be edited are described in the table below the image.

    Insert excerpt
    IL:Account Store Settings (Non-AD) V21
    IL:Account Store Settings (Non-AD) V21
    nopaneltrue

  2. Edit the account store as needed and then click Save to save your changes.

Step 4 – Verify Salesforce resource system parameters

  1. On the Account Store Details page for the Salesforce account store, select the Resource System tab and then expand the Configuration Parameters accordion at the bottom of the page.

  2. You should a number of parameters for the resource system. The values for these are generated based on the information you provide when creating the account store. If any of the values are incorrect, please update them to ensure successful inventory of your Salesforce tenant. The following parameters are of particular importance:

    • ApiEndPoint – Value should be /services/data/v36.0/

    • certificateThumbPrint – Value should be the thumbprint of the certificate you uploaded to Salesforce for the connected application you created in Salesforce for EmpowerID.

    • ClientSecret – Value should be the secret generated by Salesforce for the connected application you created in Salesforce for EmpowerID.

    • LoginUrl – Value should be the login URL for Salesforce.

    • ServiceUrl – Value should be your Salesforce domain.

    • Username – Value should be the username of the Salesforce service account used by EmpowerID.

Next, enable the Account Inbox permanent workflow to allow the Account Inbox to provision or join the user accounts in Box to EmpowerID Persons as demonstrated below.

Tip

EmpowerID recommends using the Account Inbox for provisioning and joining.

Step 4 – Enable the Account Inbox Permanent Workflow

Insert excerpt
IL:Enable Account Inbox PW - V21
IL:Enable Account Inbox PW - V21
nopaneltrue

Step 5 – Monitor Inventory

Insert excerpt
IL:Monitor Inventory - V21
IL:Monitor Inventory - V21
nopaneltrue
Insert excerpt
IL:External Stylesheet
IL:External Stylesheet
nopaneltrue

See Also

Salesforce Connector

Provisioning Policy for Salesforce Accounts

Div
stylefloat: left; position: fixed;

IN THIS ARTICLE

Table of Contents
maxLevel4
minLevel2
stylenone