Skip to main content

Data provisioning

Connector settings

ParameterValue
Base address{baseURL}
Authentication modeOAuth2
OAuth Grant TypeClient credentials
URL for Authorization token{baseURL}/services/oauth2/token
OAuth Client ID{Client ID}
OAuth Client Secret{Client Secret}
Skip URL encodingSelect the checkbox
Test connectionSelect the checkbox
Test query/services/data/v61.0/query?q=SELECT FIELDS(All) FROM USER ORDER BY Name LIMIT 10

Task mappings

The Salesforce connectivity provides the following mappings:

ParameterDescription
SalesforceUserContains mappings for users. If the profile selected is Customer and Partner, creates the contact.
SalesforceProfileContains mappings for assigning users to profiles.
SalesforceUserRoleAssignmentContains mappings for assigning users to roles.
SalesforceGroupAssignmentContains mappings for assigning users to groups.
SalesforcePermissionSetAssignmentContains mappings for assigning users to permissions sets.
SalesforceAccountContains mappings for creating an account if your profile is Customer and Partner.

Salesforce User

The object is used to create, update, and deactivate user (account).

ParameterTypeDescription
Object IdMapObjectId
Object typeExpressionROPE_ATTR_C_SALESFORCEACCOUNT == "Account" && Operation == "Create" ? "services/data/v61.0/sobjects/User" : ROPE_ATTR_C_SALESFORCEACCOUNT != "Account" && Operation == "Create" ? "services/data/v61.0/sobjects/Contact" : null
OperationExpressionOperation == "Create" && ROPE_ATTR_C_SALESFORCEACCOUNT != "Account" ? "CreateIfNotExists" : Operation
FirstNameMapROPE_ATTR_FIRSTNAME
LastNameMapROPE_ATTR_LASTNAME
CommunityNicknameExpression(ROPE_ATTR_C_SALESFORCEACCOUNT == "Account" && Operation == "Create") || Operation == "Update" ? ROPE_ATTR_IDENTITYID : null
EmailMapROPE_ATTR_EMAIL
DepartmentExpression(ROPE_ATTR_C_SALESFORCEACCOUNT == "Account" && Operation == "Create") || Operation == "Update" ? ROPE_ATTR_JOBTITLE : null
AliasExpression(ROPE_ATTR_C_SALESFORCEACCOUNT == "Account" && Operation == "Create") || Operation == "Update" ? ROPE_ATTR_IDENTITYID.Substring(0, Math.Min(8,ROPE_ATTR_IDENTITYID.Length)) : null
IsActiveExpressionROPE_ATTR_C_SALESFORCEACCOUNT != "Account" && Operation == "Create" ? null : ROPE_ATTR_C_SALESFORCEACCOUNT == "Account" && Operation == "Create" && ROPE_Disabled == false ? "true" : (ROPE_Disabled==true || Operation == "DeleteIfExists" ? "false" : "true")
ProfileIdExpressionROPE_ATTR_C_SALESFORCEACCOUNT == "Account" && Operation == "Create" ? ROPE_ATTR_C_SALESFORCEUSERPROFILE : null
TimeZoneSidKeyExpressionROPE_ATTR_C_SALESFORCEACCOUNT == "Account" && Operation == "Create" ? "Europe/Paris" : null
EmailEncodingKeyExpressionROPE_ATTR_C_SALESFORCEACCOUNT == "Account" && Operation == "Create" ? "UTF-8" : null
LocaleSidKeyExpressionROPE_ATTR_C_SALESFORCEACCOUNT == "Account" && Operation == "Create" ? "da_DK" : null
LanguageLocaleKeyExpressionROPE_ATTR_C_SALESFORCEACCOUNT == "Account" && Operation == "Create" ? "da" : null
UsernameExpression(ROPE_ATTR_C_SALESFORCEACCOUNT == "Account" && Operation == "Create")
AccountIdExpressionROPE_ATTR_C_SALESFORCEACCOUNT != "Account" && Operation == "Create" ? ROPE_ATTR_IDENTITYID : null
userIdExpressionOperation == "Update" ? ROPE_DistinguisedName : null
userEmailExpressionOperation == "Create" && ROPE_ATTR_C_SALESFORCEACCOUNT != "Account" ? ROPE_ATTR_EMAIL : null

The fields EmailEncodingKey, TimeZoneSidKey, LanguageLocaleKey, and Username should be modified based on the data being sent, as different language and time zone settings may apply. If necessary, adjust these fields to ensure the data is sent correctly (according to the regional and language preferences).

Salesforce Profile Assignment

The object is used to create and update profile and user assignments.

ParameterTypeDescription
Object IdMapObjectId
Object typeConstantSalesforceProfile
OperationConstantcreateOrUpdate
FirstNameMapROPE_ATTR_FIRSTNAME
LastNameMapROPE_ATTR_LASTNAME
CommunityNicknameMapROPE_ATTR_IDENTITYID
EmailMapROPE_ATTR_EMAIL
DepartmentMapROPE_ATTR_JOBTITLE
ProfileIdExpressionOperation != "Delete" ? ROPE_ATTR_ODWLOGICKEY : null
AliasExpressionROPE_ATTR_IDENTITYID.Substring(0, Math.Min(8,ROPE_ATTR_IDENTITYID.Length))
TimeZoneSidKeyExpressionOperation == "Create" ? "Europe/Paris" : null
EmailEncodingKeyExpressionOperation == "Create" ? "UTF-8" : null
LocaleSidKeyExpressionOperation == "Create" ? "da_DK" : null
IsActiveExpressionROPE_Disabled==true || Operation == "DeleteIfExists" ? "false" : "true"
LanguageLocaleKeyExpressionOperation == "Create" ? "da" : null
UsernameExpressionOperation == "Create" ? ROPE_ATTR_IDENTITYID + "@salesforce.net" : null
AccountIdExpressionExtensions.GetFirstValue(ROPE_DistinguisedName, ROPE_ExternalAnchor, ROPE_AccountExternalAnchor, JobAnchor)
ContactIdMapROPE_ATTR_EMAIL

The fields EmailEncodingKey, TimeZoneSidKey, LanguageLocaleKey, and Username should be modified based on the data being sent, as different language and time zone settings may apply. If necessary, adjust these fields to ensure the data is sent correctly (according to the regional and language preferences).

Salesforce User Role Assignment

The object is used to create and delete role and user assignments.

ParameterTypeDescription
Object IdMapObjectId
Object typeConstantSalesforceUserRoleAssignemnet
OperationMapOperation
AccountIdMapROPE_ATTR_EMAIL
UserRoleIdExpressionOperation != "Delete" ? ROPE_ATTR_ODWLOGICKEY : ""

Salesforce Group Assignments

The object is used to create and delete users to a group.

ParameterTypeDescription
Object IdMapObjectId
Object typeConstantSalesforceGroupAssignment
OperationMapOperation
GroupIdExpressionOperation == "Create" ? ROPE_ATTR_ODWLOGICKEY : null
UserOrGroupIdExpressionOperation == "Create" ? ROPE_ATTR_EMAIL : null
AssignmentIdExpressionOperation != "Create" ? ROPE_ATTR_C_SALESFORCE_GROUP_ASSIGNMENTID : null

Salesforce Permission Set Assignments

The object is used to create and delete permission set and user assignments.

ParameterTypeDescription
Object IdMapObjectId
Object typeConstantSalesforcePermissionSetAssignment
OperationMapOperation
AssigneeIdExpressionOperation == "Create" ? ROPE_ATTR_EMAIL : null
PermissionSetIdExpressionOperation == "Create" ? ROPE_ATTR_ODWLOGICKEY : null
AssignmentIdExpressionOperation != "Create" ? ROPE_ATTR_C_SALESFORCEASSIGNMENTID : null

Salesforce Account

The object is used to create accounts in Salesforce (only some profiles require the account creation).

ParameterTypeDescription
Object IdMapObjectId
Object typeConstantSalesforceAccount
OperationMapOperation
NameExpressionDOLM_IDENTITYREF_Key
userAccountExpressionDOLM_IDENTITYREF_Key

RoPE configuration

  1. Open the RoPE configuration file:

    • On-prem: \Omada Identity Suite\Role and Policy Engine\Service\ConfigFiles
    • Cloud: In the Cloud Management Portal, navigate to Environments. In the environment row, from the drop-down menu, select Configure. Choose the RoPE configuration tab.

  2. Add the following lines under the Attribute Value Resolver extension (change the key value in case you already have that specific key defined):

<add key="setting8" name="Salesforce Account:C_SALESFORCEUSERPROFILE" extraInfo="Type:ReferencePath" value="/#ASSIGNMENTS_PER_RESOURCETYPE/Salesforce Profile:[ODWLOGICKEY]" />
  1. Add the following lines under the Map Attributes From Actual Data Extension (change the key value in case you already have that specific key defined):
<add key="3" extraInfo="Salesforce Permission Set" name="AssignmentID" value="C_SALESFORCEASSIGNMENTID" />
<add key="4" extraInfo="Salesforce Group" name="GroupAssignmentId" value="C_SALESFORCE_GROUP_ASSIGNMENTID" />

Event definition

Salesforce requires the creation of an account and contact depending on the type of profile you wish to create. For example, to create a user with the Customer Community User profile, you need to create both an account and a contact before creating a user in Salesforce. To ensure this process works correctly, create an event definition to trigger the necessary actions based on the resource requesting access.

  1. Go to Setup > Administration > Process configuration > Event definitions. Click New.

  2. Enter the following details:

    • Name: Salesforce - Create Account
    • Event is triggered when: Check box A new object is created
    • Triggers on objects of type: Resource Assignments

  3. Click Apply.

  4. Create a new code method. Click New.

  5. Select Execute code method. Enter the following details and click OK:

    • targetSystemUid: To find your targetSystemUid, navigate to your Salesforce system then press Ctrl + right-click and select Form data UID. Copy the UID and paste it into the targetSystemUid field.
    • operationEnum: CreateIfNotExists
    • priority: 1

  6. Click Filter, then New. Enter the following details:

    • Left side: Resource [ROLEREF]
    • Inne operator: in
    • Right side (reference):
      • B2B Reordering Portal Buyer Profile
      • Customer Community Login User
      • Customer Community Plus Login User
      • Customer Community Plus User
      • Customer Community User
      • Customer Portal Manager Custom
      • Customer Portal Manager Standard
      • External Apps Login User
      • Gold Partner User
      • High Volume Customer Portal User
      • Partner Community Login User
      • Partner Community User
      • Silver Partner User

  7. Click OK.

Additional configuration - creating users (accounts)

There are certain profiles in Salesforce that require the creation of an account and a contact before creating a user. The following section explains how this process works in Omada. When you make an access request to create an account, select the profile that the user will use in Salesforce. When creating an account, Omada first queries what type of the account you want to create: User or Partner Customer.

If you select Partner Customer, the following process takes place:

  1. Omada triggers an event to create an account in Salesforce. It is followed by the creation of the contact and then user account. The order is important, as each step depends on the previous one.

  2. Access request:

  3. Omada Provisioning Services:

  4. Omada creates an account:

  5. Omada creates a contact and a user: