Salesforce

Creating a provisioning connection

To allow PingFederate to manage users in Salesforce, configure a service provider (SP) connection.

About this task

Configure PingFederate to provision users and groups to Salesforce and enable single sign-on (SSO). You can find more general information in Configuring outbound provisioning in the PingFederate documentation.

You can complete the following steps to create a new SP connection or you can modify an existing connection.

Steps

  1. In the PingFederate administrator console, create a new SP connection:

    Choose from:

    • For PingFederate 10.1 or later: Go to Applications > Integration > SP Connections. Click Create Connection.

    • For PingFederate 10.0 or earlier: Go to Identity Provider > SP Connections. Click Create Connection.

  2. On the Connection Template tab, select Do not use a template for this connection. Click Next.

  3. On the Connection Type tab, select only Outbound Provisioning. In the Type list, select Salesforce Contacts Provisioner. Click Next.

  4. On the General Info tab, configure the basic connection information.

    1. In the Entity ID field, enter any value. This field is not used for this integration.

    2. In the Connection Name field, enter a name that you choose. Click Next.

  5. On the Outbound Provisioning tab, configure provisioning with the following details:

    You can find more information in Configuring outbound provisioning in the PingFederate documentation:

    1. On the Target tab, in the Client ID field, enter the Consumer Key that you noted in Registering PingFederate as a connected app in Salesforce.

    2. In the Client Secret field, enter the Consumer Secret that you noted in Registering PingFederate as a connected app in Salesforce.

    3. In the OAuth Access Token field, enter the Access Token that you noted in Getting an API access token from Salesforce.

    4. In the OAuth Refresh Token field, enter the Refresh Token that you noted in Getting an API access token from Salesforce.

    5. In the Salesforce Domain field, enter the domain of your Salesforce site. For example, mycompany.my.salesforce.com in the URL https://mycompany.my.salesforce.com.

    6. In the Salesforce Record Type list, select the type of record you want to create in Salesforce.

      You can find more information about Contacts and Leads in the Salesforce documentation.

      Although you can change this setting after creating the connection, it requires that you refresh and remap all attributes. Instead, you can create a new connection with the other record type.

    7. Under Provisioning Options, customize the provisioning connector behavior by referring to Provisioning options reference.

    8. On the Manage Channels > Attribute Mapping tab, at the bottom of the attribute list, click Refresh Fields to get fields and specifications from your Salesforce site. Complete the attribute mappings by referring to Supported attributes reference.

      You can find more information in Managing channels in the PingFederate documentation.

  6. On the Activation and Summary tab, above the Summary section, click the toggle to turn on the connection. Click Save.