Hello there!

Need Help? We are right here!

miniOrange Email Support
success

Thanks for your Enquiry.

If you don't hear from us within 24 hours, please feel free to send a follow-up email to info@xecurify.com

Search Results:

×

Configure Salesforce user sync provisioning for Apps


SCIM provisioning with Salesforce via miniOrange enables you to manage access privileges through Salesforce SCIM provisioning via miniOrange allows you to set up new users/groups and helps to manage access through the user lifecycle management. miniOrange can create and update user accounts for new or existing users, remove accounts for deactivated users, and synchronize attributes across Salesforce and linked Identity sources.

To configure Salesforce SCIM provisioning and initiate Salesforce user sync with miniOrange, follow the provided step-by-step instructions. This process ensures a streamlined and automated user synchronization between Salesforce and other connected applications.


Connect with External Source of Users


miniOrange provides user authentication from various external sources, which can be Directories (like ADFS, Microsoft Active Directory, Azure AD, OpenLDAP, Google, AWS Cognito etc), Identity Providers (like Shibboleth, Ping, Okta, OneLogin, KeyCloak), Databases (like MySQL, Maria DB, PostgreSQL) and many more.



Follow the step-by-step guide given below for User Sync Salesforce SCIM Provisioning

1. Setup Salesforce Provisioning in miniOrange

  • Login to miniOrange dashboard.
  • Go to Apps >> Add Application >> Provisioning .
  • Salesforce SCIM Provisioning:Select Provisioning

  • Click on Salesforce SCIM app.
  • Salesforce SCIM Provisioning App

  • Enter the SCIM base URL which will be in the following format: https://<your-company-domain>.my.salesforce.com/services/scim/v2
  • Enable SCIM Provisioning Salesforce

  • Click on Verify credentials button. A new window will open which will ask you to login to Salesforce. Log in as an admin and allow the application.
  • Verify Salesforce SCIM Provisioning credentials

  • After verification is successful, close the new window.
  • Configure Attribute Mapping in the following manner:
  • Target Attributes miniOrange Attribute
    userName DEFAULT USER PROFILE ATTRIBUTE Username
    name.givenName DEFAULT USER PROFILE ATTRIBUTE First Name
    name.familyName DEFAULT USER PROFILE ATTRIBUTE Last Name
    emails[type eq\"work\"].value DEFAULT USER PROFILE ATTRIBUTE E-Mail Address
    displayName DEFAULT USER PROFILE ATTRIBUTE Full Name
    externalID DEFAULT USER PROFILE ATTRIBUTE GUID
    entitlements[primary eq \"True\"].display CUSTOM USER PROFILE ATTRIBUTE entitlement Attribute 1 (will be created in Step 2)
    Enable Salesforce Provisioning Features

  • Enable the required provisioning options and click on Save .

2. Add Custom Profile Attribute to Users

  • We need to add the Salesforce Profile ID (bases on if you want to create a standard or a chatter free user) as a custom attribute to users in miniOrange.
  • You can follow this link to find the profile IDs : help.salesforce.com
  • Click on Users >> User Profile Fields.
  • Add a custom attribute like the below:
  • Salesforce Provisioning:Add Custom Profile Attribute to Users

3. Create User

  • Go to Users >> Users List and add a new test user. Entitlement should be same as the profile field you want in miniorange.

4. Create Group

  • Go to Groups >> Manage Group. Enter the Group Name and click on Create Group button and the group will be created.
  • Salesforce provisioning create group

5. Create Policy

  • In the Policies section, navigate to the Add Policy tab.
  • In Select Application section, select Salesforce.
  • In Configure Settings section, select the group you have created in step4 and enter the policy name.
  • Choose password as login method and click on Save .
  • Salesforce Provisioning Add policy

6. Test Provisioning

  • For provisioning users in Salesforce, you’ll have to assign users to the requisite group. Go to groups >> Assign users and assign the test user to the salesforce specific group
  • This should create the user and group in salesforce in the correct profile.

Note

  • Deleting a user in miniorange will only deactivate the user in salesforce. Salesforce doesn’t allow user deletion.
  • Salesforce supports username in the format of email only.
  • Usernames in Salesforce must be unique across all tenants.

External References

Want To Schedule A Demo?

Request a Demo
  



Our Other Identity & Access Management Products