Creating a Salesforce connection - PingOne Cloud Platform - PingOne

PingOne Cloud Platform
bundle
pingone
ft:publication_title
PingOne Cloud Platform
Product_Version_ce
PingOne Cloud Platform
PingOne
category
Administratorguide
ContentType
Guide
Product
Productdocumentation
p1
p1cloudplatform
ContentType_ce
Guide
Product documentation
Guide > Administrator Guide

Use a Salesforce connection to enable provisioning from PingOne to Salesforce.

Make sure that you have:

  • An existing Salesforce account.
  • The full domain for the Salesforce account.
    Tip:

    You can find the domain in the URL when logged into the account. For example, <myCompanyName>.my.salesforce.com.

  • The client ID and client secret for the connected application. See Create a Connected App in the Salesforce documentation.
  • The OAuth access token and refresh token for the connected application. See Getting an API access token from Salesforce.
  1. Go to Integrations > Provisioning.
  2. Click the + icon and then click New connection.
  3. For Identity Store, click the Select button.
  4. Under Salesforce, click Select and then click Next.
  5. Enter a name and description for this provisioning connection.

    The connection name will appear in the list when you've completed and saved the connection.

  6. Click Next.
  7. On the Configure authentication pane, enter the values for the following fields.
    Field Value

    Salesforce domain

    The full domain for the Salesforce account.

    Tip:

    You can find the domain in the URL when logged into the account. For example, <myCompanyName>.my.salesforce.com.

    Client ID

    The Consumer Key value from Salesforce for the connected application.

    For more information, see Create a Connected App in the Salesforce documentation.

    Client secret

    The Consumer Secret value from Salesforce for the connected application.

    OAuth access token

    The access token from Salesforce for the connected application.

    Tip:

    You can use the Ping Identity OAuth Configuration Service (OCS) to get the token. For more information, see Getting an API access token from Salesforce.

    OAuth refresh token

    The refresh token from Salesforce for the connected application.
  8. Click Test connection to verify that PingOne can establish a connection to Salesforce.

    If there are any issues with the connection, a Test connection failed message will appear. Click Continue to resume the setup with an invalid connection.

    You will not be able to use the connection for provisioning until you have established a valid connection to Salesforce. Click Cancel to modify the settings and try again.

  9. On the Configure preferences pane, configure the following options.
    Option Description

    Permission set management

    Determines how to handle permission sets in the Salesforce identity store.

    Select Merge with permission sets in Salesforce or Overwrite permission sets in Salesforce. If you select Merge with permission sets in Salesforce and a permission set is added in the datastore, PingOne adds it to the user's existing permission sets in Salesforce.

    PingOne does not remove any permission sets added in Salesforce by other sources. If you select Overwrite permission sets in Salesforce, and a permission set is added or removed in the datastore, PingOne overwrites the user's permission sets in Salesforce with those from the datastore.

    Allow users to be created

    Determines whether to create a user in the Salesforce identity store when the user is created in the PingOne identity store.

    Allow users to be updated

    Determines whether to update user attributes in the Salesforce identity store when the user is updated in the PingOne identity store.

    Note:

    If you clear the Allow users to be updated or Allow users to be disabled check boxes, the child options that depend on a user update will become unavailable.

    Allow users to be disabled

    Determines whether to disable a user in the Salesforce identity store when the user is disabled in the PingOne identity store.

    Action when disabling users

    Determines the action to take when deprovisioning users from the Salesforce identity store:

    • Disable. When deprovisioning, PingOne disables the user. The user cannot sign on, and their data is not visible to other users in Salesforce.
    • Freeze. When deprovisioning, PingOne freezes a user. The frozen user cannot sign on, but the user's data, such as profile and activity, is still visible to other users in Salesforce.

      For more information, see Freeze or Unfreeze User Accounts in the Salesforce documentation.

    Allow users to be deprovisioned

    Determines whether to deprovision a user in the Salesforce identity store when the user is deprovisioned in the PingOne identity store.

    Remove action

    Determines the action to take when removing a user from the Salesforce identity store.

    Deprovision on rule deletion

    Determines whether to deprovision users if the associated provisioning rule is deleted.
  10. Click Finish.
Creating an outbound rule