立即与支持人员聊天
与支持团队交流

Active Roles Sync Service 8.2 - Administration Guide

Synchronization Service overview Deploying Synchronization Service Deploying Synchronization Service for use with AWS Managed Microsoft AD Getting started Connections to external data systems
External data systems supported with built-in connectors
Working with Active Directory Working with an AD LDS (ADAM) instance Working with Skype for Business Server Working with Oracle Database Working with Oracle Database user accounts Working with Exchange Server Working with Active Roles Working with One Identity Manager Working with a delimited text file Working with Microsoft SQL Server Working with Micro Focus NetIQ Directory Working with Salesforce Working with ServiceNow Working with Oracle Unified Directory Working with an LDAP directory service Working with an OpenLDAP directory service Working with IBM DB2 Working with IBM AS/400 Working with IBM RACF Working with MySQL database Working with an OLE DB-compliant relational database Working with SharePoint Working with Microsoft 365 Working with Microsoft Azure Active Directory Configuring data synchronization with the SCIM Connector Configuring data synchronization with the Generic SCIM Connector
Using connectors installed remotely Creating a connection Renaming a connection Deleting a connection Modifying synchronization scope for a connection Using connection handlers Specifying password synchronization settings for a connection
Synchronizing identity data Mapping objects Automated password synchronization Synchronization history Scenarios of use Developing PowerShell scripts for attribute synchronization rules Using PowerShell script to transform passwords

Salesforce data supported for synchronization

The Salesforce Connector of Active Roles Synchronization Service supports all Salesforce object types, with all operations (Create, Read, Update, Delete) that you can perform on those objects with native Salesforce tools.

To read and/or write data related to a particular object in Salesforce, you can use the following resources:

Additional user object attributes for a Salesforce connection

You can specify the following additional user attributes in your Salesforce connection.

Table 43: Additional user attributes
Attribute Description Supported operations

vaProfileName

Allows you to specify a Salesforce profile. For example, you can use this attribute to assign a Salesforce profile to a user being provisioned to Salesforce.

To specify a profile, enter the profile name as it appears in the Salesforce user interface.

Examples of vaProfileName values:

  • System Administrator

  • Force.com - Free User

Read, Write

vaRoleName

Allows you to specify a Salesforce role. For example, you can use this attribute to assign a Salesforce role to a user being provisioned to Salesforce.

To specify a role, enter the role name in the format used in the Salesforce user interface.

For more information on roles, see the Salesforce documentation.

Read, Write

vaManagerName

Allows you to specify a manager for a particular user.

To specify a manager, enter the manager name in the format used in the Salesforce user interface.

Read, Write

vaContactName

Allows you to specify an associated contact for a particular user.

To specify an associated contact, enter the associated contact name in the format used in the Salesforce user interface.

Read, Write

vaMemberOf

Allows you to define group membership for a particular user.

NOTE: Consider the following:

  • This attribute is primarily intended for group membership synchronization.

  • This attribute contains references to the groups where the user is a member.

Read, Write

vaMemberOfName

Allows you to define group membership for a particular user (for example, when provisioning a user to Salesforce).

Specify the names of the Salesforce groups where you want the user to be a member.

Read, Write

vaLocale

Allows you to specify a locale for a particular user (for example, when provisioning a user to Salesforce).

To specify a locale, enter the locale name in the format used in the Salesforce user interface.

Example of a vaLocale value: English (United States)

Read, Write

vaTimeZone

Allows you to specify a time zone for a user (for example, when provisioning a user to Salesforce).

To specify a time zone, enter the time zone name in the format used in the Salesforce user interface.

Example of a vaTimezone value: (GMT+00:00) Greenwich Mean Time (GMT)

Read, Write

vaEmailEncoding

Allows you to specify outbound email encoding to be used for a user (for example, when provisioning a user to Salesforce).

Specify email encoding in the format used in the Salesforce user interface.

Example of a vaEmailEncoding value: Unicode (UTF-8)

Read, Write

vaLanguage

Allows you to specify a user interface language for a particular user.

The Salesforce user interface and help will be displayed to the user in the language you specify in this attribute.

Read, Write

vaDelegatedApproverUserName

Allows you to specify the name of the user you want to appoint as a delegated approver.

Read, Write

vaDelegatedApproverGroupName

Allows you to specify the name of a group all members of which you want to appoint as delegated approvers.

Read, Write

Additional group object attributes for a Salesforce connection

You can specify the following additional group attributes in your Salesforce connection.

Table 44: Additional group attributes

Attribute

Description

Supported operations

vaMemberOf

Allows you to define group membership for the group in Salesforce.

NOTE: Consider the following when using this attribute:

  • This attribute is primarily intended for group membership synchronization.

  • This attribute contains references to other groups where this group is a member.

Read, Write

vaMemberOfName

Allows you to define group membership for the group.

Specify the names of Salesforce groups where you want the group to be a member.

Read, Write

vaMember

Allows you to define members of the group.

This attribute contains references to the users and/or groups that are members of a particular group.

Read, Write

vaMemberName

Allows you to define members of a particular group.

Specify the names of users and/or groups you want to be members of the group.

Read, Write

Scenario: Provisioning users from an Active Directory domain to Salesforce

This scenario illustrates how to configure a sync workflow to provision users from an Active Directory domain to Salesforce.

Configuring a connection to the source Active Directory domain

For instructions on how to create a new connection to an Active Directory domain, see Creating an Active Directory connection.

Configuring a connection to Salesforce

For instructions on how to create a new connection to Salesforce, see Creating a Salesforce connection.

Creating a new sync workflow

For instructions on how to create a new sync workflow for the configured Salesforce connection, see Scenario: Provisioning users from an Active Directory domain to Salesforce.

Configuring a workflow step

Once the required connections and the sync workflow are set, configure a new workflow step.

To configure a workflow step

  1. In the Synchronization Service Console, navigate to the Workflows tab and open the sync workflow you created by clicking its name. Then, click Add synchronization step.

  2. On the Select an action page, click Provision, then click Next.

  3. On the Specify source and criteria page, do the following:

    1. Click Specify in the Source connected system option, then click Select existing connected system, and select the Active Directory connection you configured in the Configuring a connection to source Active Directory domain step.

    2. Click Finish.

    3. In Source object type, click Select, then select the User object type from the list. Click OK.

    4. Click Next.

  4. On the Specify target page, do the following:

    1. Click Specify in the Target connected system option, then click Select existing connected system, and select the Salesforce connection you configured in the Configuring a connection to Salesforce step.

    2. Click Finish.

    3. Click Select in the Target object type option, then select the User object type from the list. Click OK.

    4. Click Next.

  5. On the Specify provisioning rules page, in the Initial Attribute Population Rules option, add rules to populate the following required attributes:

    • Username: Use this attribute to specify a Salesforce user name for the user being provisioned. Make sure the user name you specify meets the format <UserName>@<Domain>, for example jdoe@domain.com.

    • vaProfileName: Use this attribute to assign a Salesforce profile to the user being provisioned. A profile defines specific permissions a user has in Salesforce. For more information on profiles, see the Salesforce documentation. Alternatively, you can specify a Salesforce profile by using the ProfileId attribute.

    • Email: Use this attribute to specify an existing valid email address for the user being provisioned.

    • LastName: Use this attribute to specify the last name of the user being provisioned.

    • Alias: Use this attribute to specify a unique Salesforce alias for the user being provisioned. A Salesforce alias can include up to 8 characters. For more information on the Alias attribute, see the Salesforce documentation.

Running your workflow

For instructions on how to run a sync workflow, see Running a sync workflow.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级