EmpowerID includes a Salesforce connector that allows organizations to bring the user data (user accounts, permissions sets, profiles and roles) in their Salesforce domain to EmpowerID, where it can be managed and synchronized with data in any connected back-end user directories. When EmpowerID inventories Salesforce, it creates an account in the EmpowerID Identity Warehouse for each Salesforce user, a group for each Salesforce profile, a group for each Salesforce role, and a group for each Salesforce permission set. EmpowerID distinguishes these groups from one another by group type. Groups created for Salesforce profiles have a group type of ProfileGroup (GroupTypeID of 15), while groups created for roles have a group type of PrimaryRoleGroup (GroupTypeID of 16). This information becomes important if you use EmpowerID to create users in Salesforce as each Salesforce user must have a profile.
Additionally, EmpowerID provides Provisioning policies or Resource Entitlements that allow you to automatically provision Salesforce accounts for any person within your organization based on their role. For example, if your organization has a sales department, each time a new hire occurs within that department, EmpowerID can provision a Salesforce account for that individual with the profile specified in the Provisioning policy. For more information on Resource Entitlements and Salesforce, see Salesforce User Accounts.
In order to connect EmpowerID to Salesforce:
|
This topic demonstrates how to connect EmpowerID to Salesforce in both the EmpowerID Web application and the EmpowerID Management Console.
In the URL field, replace login.salesforce.com with your domain.
If the values entered in the Add Salesforce Connection window are incorrect, EmpowerID cannot authenticate to Salesforce and the connection fails. |
If the connection is successful, EmpowerID creates the Salesforce connection and opens the Account Store Details screen for the Salesforce account store. This screen contains settings for configuring how EmpowerID manages the Salesforce account store.
Before configuring EmpowerID to manage the account store, determine whether you want EmpowerID to provision Person objects from the user records it discovers in the account store. If so, answer the following questions before turning on inventory.
For a greater discussion of these points within the context of connecting EmpowerID to an account store, see Active Directory. |
Once you have connected EmpowerID to Salesforce, you can view and manage the users and groups associated with it from the Salesforce Manager page in EmpowerID, located at https://<YourEmpowerIDServer>/ui/#Common/Find/SalesforceManager |
|
|