Page created: 4 Sep 2020
|
Page updated: 8 Feb 2022
The following are known issues or limitations for the Salesforce Contacts Provisioner.
Known issues
There are no known issues.
Known limitations
- Converted contacts and leads
- When a Contact record is converted to a User in Salesforce
- The Salesforce Contacts Provisioner can continue to update the Contact record but changes are not reflected in the new User record.
- The Salesforce Contacts Provisioner cannot delete the Contact record.
Instead, it shows the following
error:
[{"message":"Your attempt to delete jsmith could not be completed because it is associated with the following portal users.: jsmith@example.com\n","errorCode":"DELETE_FAILED","fields":[]}]
- When a Lead record is converted to another record type in Salesforce
- The Salesforce Contacts Provisioner can still delete the Lead record, but
cannot update it. Instead, it shows the following
error:
"[{"message":"cannot reference converted lead", "errorCode":"CANNOT_UPDATE_CONVERTED_LEAD", "fields":[]}]"
- If the Lead record is deleted from your data store but not deleted from Salesforce, and a new Lead is created in the directory with the same email address, the synchronization fails with the message above.
- The Salesforce Contacts Provisioner can still delete the Lead record, but
cannot update it. Instead, it shows the following
error:
- When a Contact record is converted to a User in Salesforce
- Attributes
- The provisioning connector cannot clear user attributes once they have been set.
- Certificates
- Adding a new certificate to PingFederate’s trusted CA store for use in a secure LDAP (or LDAPS) connection requires a server restart, when a secure LDAP connection has already been attempted or established.
- Deprovisioning
- After deleting an LDAP user account, the provisioner does not remove the user in the next provisioning cycle when Group DN is specified, until a new user is added to the targeted group. This limitation is compounded when the User Create provisioning option is disabled. For more details, see SaaS provisioner does not remove the user when Group DN is specified in the Ping Identity Knowledge Base.
- Performance
- The Salesforce Contacts Provisioner dynamically retrieves data from your Salesforce instance. Depending on your Salesforce environment, this could cause a delay when you create an SP connection to Salesforce.
- If multiple PingFederate administrators are creating connections to Salesforce at the same time, the attribute mapping screen may not show attributes from Salesforce correctly.
- Refresh tokens
- Refresh token policy must be set to “Refresh token is valid until revoked” for OAuth as expiring refresh tokens are not supported.