Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
Insert excerpt | ||||||
---|---|---|---|---|---|---|
|
Prerequisites
In order to connect EmpowerID to Salesforce you must have a Salesforce tenant with an account that EmpowerID can use to connect to Salesforce and do the following in the tenant:
Register a connected app for EmpowerID with a certificate in Salesforce using the OAuth 2.0 JWT bearer authorization flow. Give the app the following OAuth Scopes:
Access and manage your data (api)
Perform requests on your behalf at any time (refresh_token, offline_access)
Provide access to your data via the Web (web)
Upload the private key for the certificate to the EmpowerID certificate store.
Info |
---|
For directions on setting up a connected up in Salesforce, please see the Salesforce documentation on the subject at https://help.salesforce.com/articleView?id=sf.connected_app_overview.htm&type=5. |
Step 1 – Create a Salesforce account store in EmpowerID
On the navbar, expand Admin > Applications and Directories and then select Account Stores and Systems.
On the Account Stores page, select the Actions tab and then click Create Account Store.
Under System Types, search for Salesforce.
Click the Salesforce.com record to select the type and then click Submit.
On the Salesforce settings page that appears, enter the following information:
Name – Enter a name for the account store
Service URL – Enter the URL for your Salesforce tenant
API Endpoint – Enter
/services/data/v36.0/
Certificate Thumbprint – Enter the thumbprint of the certificate you uploaded to Azure for the service principal application created earlier.
User Name – Enter the username of the Salesforce service account you created in Salesforce for EmpowerID.
Client Secret – Enter the value of the token generated by Salesforce for the selected user account.
Service Account Token – Enter the value of the token generated by Salesforce for the selected user account.
SCIM URL – Enter the URL for the Salesforce SCIM app service created earlier.
When you have added your settings, click Submit to create the account store.
EmpowerID creates the account store and the associated resource system. The next step is to configure attribute flow between the account store and EmpowerID.
Step 2 – Configure Attribute flow
Insert excerpt | ||||||
---|---|---|---|---|---|---|
|
Now that the attribute flow has been set, the next steps include configuring the account store and enabling EmpowerID to inventory it.
Step 3 – Configure account store settings
On the Account Store and Resource System page for Salesforce, click the Account Store tab and then click the pencil icon to put the account store in edit mode.
This opens the edit page for the account store. This page allows you to specify the account proxy used to connect EmpowerID to your Salesforce account as well as how you want EmpowerID to handle the user information it discovers in UltiPro during inventory. Settings that can be edited are described in the table below the image.Insert excerpt IL:Account Store Settings (Non-AD) V21 IL:Account Store Settings (Non-AD) V21 nopanel true Edit the account store as needed and then click Save to save your changes.
Step 4 – Verify Salesforce resource system parameters
On the Account Store Details page for the Salesforce account store, select the Resource System tab and then expand the Configuration Parameters accordion at the bottom of the page.
You should a number of parameters for the resource system. The values for these are generated based on the information you provide when creating the account store. If any of the values are incorrect, please update them to ensure successful inventory of your Salesforce tenant. The following parameters are of particular importance:
ApiEndPoint – Value should be
/services/data/v36.0/
certificateThumbPrint – Value should be the thumbprint of the certificate you uploaded to Salesforce for the connected application you created in Salesforce for EmpowerID.
ClientSecret – Value should be the secret generated by Salesforce for the connected application you created in Salesforce for EmpowerID.
LoginUrl – Value should be the login URL for Salesforce.
ServiceUrl – Value should be your Salesforce domain.
Username – Value should be the username of the Salesforce service account used by EmpowerID.
Next, enable the Account Inbox permanent workflow to allow the Account Inbox to provision or join the user accounts in Box to EmpowerID Persons as demonstrated below.
Tip |
---|
EmpowerID recommends using the Account Inbox for provisioning and joining. |
Step 4 – Enable the Account Inbox Permanent Workflow
Insert excerpt | ||||||
---|---|---|---|---|---|---|
|
Step 5 – Monitor Inventory
Insert excerpt | ||||||
---|---|---|---|---|---|---|
|
Insert excerpt | ||||||
---|---|---|---|---|---|---|
|
See Also
Provisioning Policy for Salesforce Accounts
Insert excerpt | ||||||
---|---|---|---|---|---|---|
|
Div | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
IN THIS ARTICLE
|