EmpowerID includes two Salesforce connectors – the standard connector and a SCIM connector – that organizations can use to bring the user data (user accounts, permissions sets, profiles and roles) in their Salesforce domains to EmpowerID, where that information can be managed and synchronized with data in any connected back-end user directories. Once connected, you can manage this data from EmpowerID in the following ways:
Account Management
Inventory user accounts
Create, Update and Delete user accounts
Enable and Disable user accounts
Group Management
Inventory groups
Inventory group memberships
Create groups
Add and Remove members to and from groups
Inventory Objects and their corresponding components in EmpowerID
Object in Salesforce | Component in EmpowerID |
---|---|
User | Account |
Profile | Profile Group |
User Role | Primary Role Group |
Permission Set | SF Permission Set |
User License | Group License |
Permission Set Assignment | Group Account |
Attribute Mapping
The below table shows the attribute mappings of Salesforce objects to EmpowerID.
Profile | |
---|---|
Attribute in Salesforce | Attribute in EmpowerID |
ID | SystemIdentifier |
Name | Name |
UserLicenseId | GroupLicenseId |
User Role | |
Attribute in Salesforce | Attribute in EmpowerID |
ID | SystemIdentifier |
Name | Name |
Permission Set | |
Attribute in Salesforce | Attribute in EmpowerID |
ID | SystemIdentifier |
Name | Name |
Permission Set Assignment | |
Attribute in Salesforce | Attribute in EmpowerID |
AssigneeId | Converted to AccountID |
PermissionSetId | Converted to PermissionSetGroupID |
User License | |
Attribute in Salesforce | Attribute in EmpowerID |
ID | LicenseIdentifier |
Name | Name |
User | |
Salesforce Attribute | EmpowerID Person Attribute |
active | Active |
ID | SystemIdentifier |
Department | Department |
Manager | ManagerPersonID |
Street | StreetAddress |
Alias | EmailAlias |
city | city |
Country | Country |
Name | Name |
LastName | LastName |
FirstName | FirstName |
ProfileId | ExtensionAttribute15 |
UserRoleId | ExtensionAttribute14 |
state | state |
displayName | FriendlyName |
When EmpowerID inventories Salesforce, it creates an account in the EmpowerID Identity Warehouse for each Salesforce user, a group for each Salesforce profile, a group for each Salesforce role, and a group for each Salesforce permission set. EmpowerID distinguishes these groups from one another by group type. Groups created for Salesforce profiles have a group type of ProfileGroup (GroupTypeID of 15), while groups created for roles have a group type of PrimaryRoleGroup (GroupTypeID of 16). This information becomes important if you use EmpowerID to create users in Salesforce as each Salesforce user must have a profile.
Next Steps
About the Salesforce SCIM Connector
Connect to Salesforce using the SCIM Connector - Requires an Azure Tenant