Connecting to Salesforce

EmpowerID includes a Salesforce connector that allows organizations to bring the user data (user accounts, permissions sets, profiles and roles) in their Salesforce domain to EmpowerID, where it can be managed and synchronized with data in any connected back-end user directories. Once connected, you can manage this data from EmpowerID in the following ways:

  • Account Management

    • Inventory user accounts

    • Create, Update and Delete user accounts

    • Enable and Disable user accounts

  • Group Management

    • Inventory groups

    • Inventory group memberships

    • Create groups

    • Add and Remove members to and from groups

  • Attribute Flow
    Users in Salesforce are inventoried as accounts in EmpowerID. The below table shows the attribute mappings of Salesforce user attributes to EmpowerID Person attributes.

Salesforce Attribute

Corresponding EmpowerID Attribute

Description

Salesforce Attribute

Corresponding EmpowerID Attribute

Description

FirstName

FirstName

First Name of a user

LastName

LastName

Last Name of a user

Name

Name

Full Name of a user

Email

Email

Email address of a user

Phone

Telephone

Telephone number of a user

Title

Title

Job title of a user

IsActive

Active

Active status of a user

Department

Department

Department in which a user works

Company

Company

Company where a user works

City

City

City where a user is located

Country

Country

Country of user

ManagerId

ManagerPersonID

Employee ID of user’s manager

 

When EmpowerID inventories Salesforce, it creates an account in the EmpowerID Identity Warehouse for each Salesforce user, a group for each Salesforce profile, a group for each Salesforce role, and a group for each Salesforce permission set. EmpowerID distinguishes these groups from one another by group type. Groups created for Salesforce profiles have a group type of ProfileGroup (GroupTypeID of 15), while groups created for roles have a group type of PrimaryRoleGroup (GroupTypeID of 16). This information becomes important if you use EmpowerID to create users in Salesforce as each Salesforce user must have a profile.

Additionally, EmpowerID provides Provisioning policies or Resource Entitlements that allow you to automatically provision Salesforce accounts for any person within your organization based on their role. For example, if your organization has a sales department, each time a new hire occurs within that department, EmpowerID can provision a Salesforce account for that individual with the profile specified in the Provisioning policy. For more information on Resource Entitlements and Salesforce, see Salesforce User Accounts.

To create a Salesforce account store in EmpowerID

  1. On the navbar, expand Admin > Applications and Directories and then click Account Stores and Systems.

  2. On the Account Stores page, click Create Account Store.




  3. Under System Types, search for Salesforce.

  4. Click Salesforce.com to select the type and then click Submit.




  5. On the Salesforce settings page that appears, fill in the following information

    1. User Name — Enter the username of the Salesforce account you created in Salesforce for EmpowerID.

    2. Password — Enter the password for the connection account.

    3. Service Account Token — Enter the value of the token generated by Salesforce for the selected user account.

    4. URL — Enter https://<YourSalesforceDomain>/services/Soap/c/34.0. Replace <YourSalesforceDomain> with the name of your Salesforce domain.

  6. When you have added your settings, click Submit to create the account store.




  7. EmpowerID creates the account store and the associated resource system. The next step is to configure attribute flow between the account store and EmpowerID.

 

Now that the attribute flow has been set, the next steps include configuring the account store and enabling EmpowerID to inventory it.

To configure account store settings

  1. On the Account Store and Resource System page, click the Account Store tab and then click the pencil icon to put the account store in edit mode.




    This opens the edit page for the account store. This page allows you to specify the account proxy used to connect EmpowerID to your Salesforce account as well as how you want EmpowerID to handle the user information it discovers in UltiPro during inventory. Settings that can be edited are described in the table below the image.






  2. Edit the account store as needed and then click Save to save your changes.

Next, enable the Account Inbox permanent workflow to allow the Account Inbox to provision or join the user accounts in Box to EmpowerID Persons as demonstrated below.

EmpowerID recommends using the Account Inbox for provisioning and joining.