• The provisioner cannot clear user attributes after they have been set.
  • Multi-attribute values are not supported.


  • When deprovisioning a Salesforce customer or partner user, the provisioning connector does not unlink the user from the associated contact.
  • If a customer or partner user is unlinked in Salesforce from the associated contact, any changes to the user in the data store causes the provisioning connector to create a new user in Salesforce and link it to the existing contact.
  • Guest users in Salesforce cannot be frozen. If Freeze Users instead of Disable is selected in your provisioning options, the guest user will not be disabled or frozen.

Refresh tokens

  • Refresh token policy must be set to Refresh token is valid until revoked for OAuth because expiring refresh tokens are not supported.

Salesforce Communities

  • The provisioner can link users to customer and partner business accounts, but not person accounts. For more information, see the Accounts page in the Salesforce documentation.

Group provisioning

  • Syncing memberships is not supported for Salesforce Community. Admins can set up group provisioning on Salesforce communities to sync only groups from PingOne.