The Salesforce Connector can create, update, and deprovision users and groups in Salesforce Communities.

User creation

When a user is created in the data store, and Enable Communities is selected in the connection configuration, PingFederate provisions the user as follows:
  1. Checks if the user exists as a "contact" in Salesforce, and then creates or updates the contact.
  2. Associates the contact with a Salesforce business account. The account ID is comes from the attribute mappings configured in Creating a connection.
  3. Creates a user in Salesforce and links it to the contact. The user is assigned a profile, role, and permission sets based on the attribute mappings configured in Creating a connection.

Use cloned community profiles

For security reasons, Salesforce prevents using standard external profiles for self-registration and user creation.

To allow the PingFederate provisioner to create users with community profiles, clone the standard community profiles and note the IDs of the cloned profiles. Use these IDs in the data store attribute that you will map to the Profile ID attribute in Salesforce in Creating a connection.

Alternately, you can override this security setting on the Communities > Community Settings page in Salesforce, by selecting the Allow using standard external profiles for self-registration and user creation check box. This is not recommended.

For details and a list of affected profiles, see Prevent Using Standard External Profiles for Self-Registration and User Creation in the Salesforce Winter 2020 Release Notes.

Key user attributes

Salesforce Communities users must have the following attributes:
  • Account ID: The ID of the business account that you want to assign to a user when provisioning to Salesforce.
  • Profile ID: The ID associated with a user profile type in Salesforce. The profile determines the type of user and some permissions. For communities, this needs to be a "customer" or "partner" profile.