...
EmpowerID includes two Salesforce connectors – the standard connector and a SCIM connector – that organizations can use to bring the user data (user accounts, permissions sets, profiles and roles) in their Salesforce
...
domains to EmpowerID, where
...
that information can be managed and synchronized with data in any connected back-end user directories. Once connected, you can manage this data from EmpowerID in the following ways:
Account Management
Inventory user accounts
Create, Update and Delete user accounts
Enable and Disable user accounts
Group Management
Inventory groups
Inventory group memberships
Create groups
Add and Remove members to and from groups
...
Inventory Objects and their corresponding components in EmpowerID
Object in Salesforce | Component in EmpowerID |
|---|---|
User | Account |
Profile | Profile Group |
User Role | Primary Role Group |
Permission Set | SF Permission Set |
User License | Group License |
Permission Set Assignment | Group Account |
Attribute Mapping
The below table shows the attribute mappings of Salesforce
...
objects to EmpowerID
...
.
Profile | |
|---|---|
Attribute in Salesforce | Attribute |
...
in EmpowerID |
...
...
ID |
...
SystemIdentifier |
...
Name |
...
First Name of a user
...
LastName
...
LastName
...
Last Name of a user
...
Name
...
Name
...
Full Name of a user
...
...
...
Email address of a user
...
Phone
...
Telephone
...
Telephone number of a user
...
Title
...
Title
...
Job title of a user
...
IsActive
...
Active
...
Active status of a user
...
Department
...
Department
...
Department in which a user works
...
Company
...
Company
...
Company where a user works
...
City
...
City
...
City where a user is located
...
Country
...
Country
...
Country of user
...
ManagerId
...
ManagerPersonID
...
Name | |
UserLicenseId | GroupLicenseId |
User Role | |
Attribute in Salesforce | Attribute in EmpowerID |
ID | SystemIdentifier |
Name | Name |
Permission Set | |
Attribute in Salesforce | Attribute in EmpowerID |
ID | SystemIdentifier |
Name | Name |
Permission Set Assignment | |
Attribute in Salesforce | Attribute in EmpowerID |
AssigneeId | Converted to AccountID |
PermissionSetId | Converted to PermissionSetGroupID |
User License | |
Attribute in Salesforce | Attribute in EmpowerID |
ID | LicenseIdentifier |
Name | Name |
User | |
Salesforce Attribute | EmpowerID Person Attribute |
active | Active |
ID | SystemIdentifier |
Department | Department |
Manager | ManagerPersonID |
Street | StreetAddress |
Alias | EmailAlias |
city | city |
Country | Country |
Name | Name |
LastName | LastName |
FirstName | FirstName |
ProfileId | ExtensionAttribute15 |
UserRoleId | ExtensionAttribute14 |
state | state |
displayName | FriendlyName |
| Info |
|---|
When EmpowerID inventories Salesforce, it creates an account in the EmpowerID Identity Warehouse for each Salesforce user, a group for each Salesforce profile, a group for each Salesforce role, and a group for each Salesforce permission set. EmpowerID distinguishes these groups from one another by group type. Groups created for Salesforce profiles have a group type of ProfileGroup (GroupTypeID of 15), while groups created for roles have a group type of PrimaryRoleGroup (GroupTypeID of 16). This information becomes important if you use EmpowerID to create users in Salesforce as each Salesforce user must have a profile. |
Additionally, EmpowerID provides Provisioning policies or Resource Entitlements that allow you to automatically provision Salesforce accounts for any person within your organization based on their role. For example, if your organization has a sales department, each time a new hire occurs within that department, EmpowerID can provision a Salesforce account for that individual with the profile specified in the Provisioning policy. For more information on Resource Entitlements and Salesforce, see Salesforce User Accounts.
To create a Salesforce account store in EmpowerID
...
On the navbar, expand Admin > Applications and Directories and then click Account Stores and Systems.
...
Under System Types, search for Salesforce.
...
On the Salesforce settings page that appears, fill in the following information
User Name — Enter the username of the Salesforce account you created in Salesforce for EmpowerID.
Password — Enter the password for the connection account.
Service Account Token — Enter the value of the token generated by Salesforce for the selected user account.
URL — Enter https://<YourSalesforceDomain>/services/Soap/c/34.0. Replace <YourSalesforceDomain> with the name of your Salesforce domain.
...
EmpowerID creates the account store and the associated resource system. The next step is to configure attribute flow between the account store and EmpowerID.
| Insert excerpt | ||
|---|---|---|
|
...
|
...
|
...
To configure account store settings
...
Edit the account store as needed and then click Save to save your changes.
Next, enable the Account Inbox permanent workflow to allow the Account Inbox to provision or join the user accounts in Box to EmpowerID Persons as demonstrated below.
| Tip |
|---|
EmpowerID recommends using the Account Inbox for provisioning and joining. |
...
| style | float: left; position: fixed; |
|---|
| Live Search | ||||
|---|---|---|---|---|
|
IN THIS ARTICLE
...
Next Steps
About the Salesforce SCIM Connector
Connect to Salesforce using the SCIM Connector - Requires an Azure Tenant