Salesforce

Known issues and limitations

The following are known issues or limitations for the Salesforce Contacts Provisioner.

Known issues

There are no known issues.

Known limitations

  • Converted contacts and leads

    • When a Contact record is converted to a User in Salesforce:

      • The Salesforce Contacts Provisioner can continue to update the Contact record, but changes are not reflected in the new User record.

      • The Salesforce Contacts Provisioner can’t delete the Contact record. Instead, it shows the following error:

        [{"message":"Your attempt
        to delete jsmith could not be completed because it is associated with
        the following portal users.: jsmith@example.com\n","errorCode":"DELETE_FAILED","fields":[]}]
    • When a Lead record is converted to another record type in Salesforce:

      • The Salesforce Contacts Provisioner can still delete the Lead record, but can’t update it. Instead, it shows the following error:

        "[{"message":"cannot reference converted lead",
        "errorCode":"CANNOT_UPDATE_CONVERTED_LEAD", "fields":[]}]"
      • If the Lead record is deleted from your data store, but not deleted from Salesforce and a new Lead is created in the directory with the same email address, the synchronization fails with the preceding message.

  • Attributes

    • The provisioning connector can’t clear user attributes after they’ve been set.

  • Certificates

    • Adding a new certificate to PingFederate’s trusted CA store for use in a secure LDAP (or LDAPS) connection requires a server restart when a secure LDAP connection has already been attempted or established.

  • Deprovisioning

    • After deleting an LDAP user account, the provisioner does not remove the user in the next provisioning cycle when Group DN is specified until a new user is added to the targeted group. This limitation is compounded when the User Create provisioning option is disabled. Learn more in SaaS provisioner does not remove the user when Group DN is specified article in the Ping Identity Knowledge Base.

  • Performance

    • The Salesforce Contacts Provisioner dynamically retrieves data from your Salesforce instance. Depending on your Salesforce environment, this could cause a delay when you create an SP connection to Salesforce.

    • If multiple PingFederate administrators are creating connections to Salesforce at the same time, the attribute mapping page might not show attributes from Salesforce correctly.

  • Refresh tokens

    • Refresh token policy must be set to "Refresh token is valid until revoked" for OAuth because expiring refresh tokens are not supported.