Salesforce

Salesforce Community users

The Salesforce Connector can create, update, and deprovision users and groups in Salesforce Communities.

User creation

When a user is created in the datastore and Enable Communities is selected in the connection configuration, PingFederate provisions the user:

  1. Checks if the user exists as a "contact" in Salesforce and then creates, or updates the contact.

  2. Associates the contact with a Salesforce business account. The account ID comes from the attribute mappings configured in Creating a connection.

  3. Creates a user in Salesforce and links it to the contact. The user is assigned a profile, role, and permission sets based on the attribute mappings configured in Creating a connection.

Use cloned community profiles

For security reasons, Salesforce prevents using standard external profiles for self-registration and user creation.

To allow the PingFederate provisioner to create users with community profiles, clone the standard community profiles and note the IDs of the cloned profiles. Use these IDs in the datastore attribute that you will map to the Profile ID attribute in Salesforce in Creating a connection.

Alternately, you can override this security setting on the Communities > Community Settings page in Salesforce by selecting the Allow using standard external profiles for self-registration and user creation checkbox. This is not recommended.

You can find details and a list of affected profiles in Prevent Using Standard External Profiles for Self-Registration and User Creation in the Salesforce Winter 2020 Release Notes.

Key user attributes

Salesforce Communities users must have the following attributes:

  • Account ID: The ID of the business account that you want to assign to a user when provisioning to Salesforce.

  • Profile ID: The ID associated with a user profile type in Salesforce. The profile determines the type of user and some permissions. For communities, this ID needs to be a "customer" or "partner" profile.