Salesforce Connector

EmpowerID includes two Salesforce connectors – the standard connector and a SCIM connector – that organizations can use to bring the user data (user accounts, permissions sets, profiles and roles) in their Salesforce domains to EmpowerID, where that information can be managed and synchronized with data in any connected back-end user directories. Once connected, you can manage this data from EmpowerID in the following ways:

  • Account Management

    • Inventory user accounts

    • Create, Update and Delete user accounts

    • Enable and Disable user accounts

  • Group Management

    • Inventory groups

    • Inventory group memberships

    • Create groups

    • Add and Remove members to and from groups

Inventory Objects and their corresponding components in EmpowerID

Object in Salesforce

Component in EmpowerID

Object in Salesforce

Component in EmpowerID

User

Account

Profile

Profile Group

User Role

Primary Role Group

Permission Set

SF Permission Set

User License

Group License

Permission Set Assignment

Group Account

Attribute Mapping

The below table shows the attribute mappings of Salesforce objects to EmpowerID.

Profile

Profile

Attribute in Salesforce

Attribute in EmpowerID

ID

SystemIdentifier

Name

Name

UserLicenseId

GroupLicenseId

User Role

Attribute in Salesforce

Attribute in EmpowerID

ID

SystemIdentifier

Name

Name

Permission Set

Attribute in Salesforce

Attribute in EmpowerID

ID

SystemIdentifier

Name

Name

Permission Set Assignment

Attribute in Salesforce

Attribute in EmpowerID

AssigneeId

Converted to AccountID

PermissionSetId

Converted to PermissionSetGroupID

User License

Attribute in Salesforce

Attribute in EmpowerID

ID

LicenseIdentifier

Name

Name

User

Salesforce Attribute

EmpowerID Person Attribute

active

Active

ID

SystemIdentifier

Department

Department

Manager

ManagerPersonID

Street

StreetAddress

Alias

EmailAlias

city

city

Country

Country

Email

Email

Name

Name

LastName

LastName

FirstName

FirstName

ProfileId

ExtensionAttribute15

UserRoleId

ExtensionAttribute14

state

state

displayName

FriendlyName

 

When EmpowerID inventories Salesforce, it creates an account in the EmpowerID Identity Warehouse for each Salesforce user, a group for each Salesforce profile, a group for each Salesforce role, and a group for each Salesforce permission set. EmpowerID distinguishes these groups from one another by group type. Groups created for Salesforce profiles have a group type of ProfileGroup (GroupTypeID of 15), while groups created for roles have a group type of PrimaryRoleGroup (GroupTypeID of 16). This information becomes important if you use EmpowerID to create users in Salesforce as each Salesforce user must have a profile.


Next Steps

Connect to Salesforce

About the Salesforce SCIM Connector

Connect to Salesforce using the SCIM Connector - Requires an Azure Tenant