The following are known issues and limitations with Salesforce Contacts user provisioning.
Converted contacts and leads
When a Contact record is converted to a User in Salesforce:
- The Salesforce Contacts Connector can continue to update the Contact record, but changes are not reflected in the new User record.
- The Salesforce Contacts Connector cannot delete the Contact record. Instead, it
shows the following
error.
[{"message":"Your attempt to delete jsmith could not be completed because it is associated with the following portal users.: jsmith@example.com\n","errorCode":"DELETE_FAILED","fields":[]}]
When a Lead record is converted to another record type in Salesforce:
- The Salesforce Contacts Connector can still delete the Lead record, but cannot
update it. Instead, it shows the following
error.
"[{"message":"cannot reference converted lead", "errorCode":"CANNOT_UPDATE_CONVERTED_LEAD", "fields":[]}]"
- If the Lead record is deleted from your data store but not deleted from Salesforce, and a new Lead is created in the directory with the same email address, the synchronization fails with the message above.
Attributes
The provisioning connector cannot clear user attributes after they have been set.
Certificates
Adding a new certificate to PingFederate’s trusted certificate authority (CA) store for use in a secure LDAP (or LDAPS) connection requires a server restart when a secure LDAP connection has already been attempted or established.
Deprovisioning
After deleting an LDAP user account, the provisioner doesn't remove the user in the next provisioning cycle when Group DN is specified until a new user is added to the targeted group. This limitation is compounded when the User Create provisioning option is disabled. For more details, see SaaS provisioner does not remove the user when Group DN is specified in the Ping Identity Knowledge Base.
Performance
The Salesforce Connector dynamically retrieves data from the customer’s Salesforce instance. Depending on your Salesforce environment, this could cause some delays when you create a provisioning connection to Salesforce.
Refresh tokens
The refresh token policy must be set to Refresh token is valid until revoked for OAuth because expiring refresh tokens are not supported.