Known issues

There are no known issues.

Known limitations

  • Converted contacts and leads
    • When a Contact record is converted to a User in Salesforce
      • The Salesforce Contacts Provisioner can continue to update the Contact record but changes are not reflected in the new User record.
      • The Salesforce Contacts Provisioner cannot delete the Contact record. Instead, it shows the following error:
        [{"message":"Your attempt
        to delete jsmith could not be completed because it is associated with
        the following portal users.: jsmith@example.com\n","errorCode":"DELETE_FAILED","fields":[]}]
    • When a Lead record is converted to another record type in Salesforce
      • The Salesforce Contacts Provisioner can still delete the Lead record, but cannot update it. Instead, it shows the following error:
        "[{"message":"cannot reference converted lead",
        "errorCode":"CANNOT_UPDATE_CONVERTED_LEAD", "fields":[]}]"
      • If the Lead record is deleted from your data store but not deleted from Salesforce, and a new Lead is created in the directory with the same email address, the synchronization fails with the message above.
  • Attributes
    • The provisioning connector cannot clear user attributes once they have been set.
  • Certificates
    • Adding a new certificate to PingFederate’s trusted CA store for use in a secure LDAP (or LDAPS) connection requires a server restart, when a secure LDAP connection has already been attempted or established.
  • Deprovisioning
    • After deleting an LDAP user account, the provisioner does not remove the user in the next provisioning cycle when Group DN is specified, until a new user is added to the targeted group. This limitation is compounded when the User Create provisioning option is disabled. For more details, see SaaS provisioner does not remove the user when Group DN is specified in the Ping Identity Knowledge Base.
  • Performance
    • The Salesforce Contacts Provisioner dynamically retrieves data from your Salesforce instance. Depending on your Salesforce environment, this could cause a delay when you create an SP connection to Salesforce.
    • If multiple PingFederate administrators are creating connections to Salesforce at the same time, the attribute mapping screen may not show attributes from Salesforce correctly.
  • Refresh tokens
    • Refresh token policy must be set to “Refresh token is valid until revoked” for OAuth as expiring refresh tokens are not supported.