Configure Salesforce SCIM Provisioning to Sync Users

SCIM provisioning with Salesforce via miniOrange enables you to manage access privileges through Salesforce SCIM provisioning via miniOrange allows you to set up new users/groups and helps to manage access through the user lifecycle management. miniOrange can create and update user accounts for new or existing users, remove accounts for deactivated users, and synchronize attributes across Salesforce and linked Identity sources.

Follow the steps given below to configure provisioning with Salesforce SCIM and miniOrange.

Connect with External Source of Users

miniOrange provides user authentication from various external sources, which can be Directories (like ADFS, Microsoft Active Directory, Azure AD, OpenLDAP, Google, AWS Cognito etc), Identity Providers (like Shibboleth, Ping, Okta, OneLogin, KeyCloak), Databases (like MySQL, Maria DB, PostgreSQL) and many more.

Follow the step-by-step guide given below for User Sync Salesforce SCIM Provisioning

1. Setup Salesforce Provisioning in miniOrange

Login to miniOrange dashboard.
Go to Apps >> Add Application >> Provisioning .

Salesforce SCIM Provisioning:Select Provisioning

Click on Salesforce SCIM app.

Enter the SCIM base URL which will be in the following format: https://<your-company-domain>.my.salesforce.com/services/scim/v2

Click on Verify credentials button. A new window will open which will ask you to login to Salesforce. Log in as an admin and allow the application.

Verify Salesforce SCIM Provisioning credentials

After verification is successful, close the new window.
Configure Attribute Mapping in the following manner:

Target Attributes	miniOrange Attribute
userName	DEFAULT USER PROFILE ATTRIBUTE	Username
name.givenName	DEFAULT USER PROFILE ATTRIBUTE	First Name
name.familyName	DEFAULT USER PROFILE ATTRIBUTE	Last Name
emails[type eq\"work\"].value	DEFAULT USER PROFILE ATTRIBUTE	E-Mail Address
displayName	DEFAULT USER PROFILE ATTRIBUTE	Full Name
externalID	DEFAULT USER PROFILE ATTRIBUTE	GUID
Entitlements[primary eq True].value	CUSTOM USER PROFILE ATTRIBUTE	Custom Attribute 1

Enable the required provisioning options and click on Save .

2. Add Custom Profile Attribute to Users

We need to add the Salesforce Profile ID (bases on if you want to create a standard or a chatter free user) as a custom attribute to users in miniOrange.
You can follow this link to find the profile IDs : help.salesforce.com
Click on Users >> User Profile Fields.
Add a custom attribute like the below:

3. Create User

Go to Users >> Users List and add a new test user. Entitlement should be same as the profile field you want in miniorange.

4. Create Group

Go to Groups >> Manage Group. Enter the Group Name and click on Create Group button and the group will be created.

5. Create Policy

In the Policies section, navigate to the Add Policy tab.
In Select Application section, select Salesforce.
In Configure Settings section, select the group you have created in step4 and enter the policy name.
Choose password as login method and click on Save .

6. Test Provisioning

For provisioning users in Salesforce, you’ll have to assign users to the requisite group. Go to groups >> Assign users and assign the test user to the salesforce specific group
This should create the user and group in salesforce in the correct profile.

Note

Deleting a user in miniorange will only deactivate the user in salesforce. Salesforce doesn’t allow user deletion.
Salesforce supports username in the format of email only.
Usernames in Salesforce must be unique across all tenants.

External References

Want To Schedule A Demo?

Contents