Written by malessandroni
This guide is a sequel of Syncope
Basics: Manage SCIM v1.1 and explains how to configure the SCIM v1.1 ConnId
Bundle to work with Salesforce.
The connector is already configured to work with services that requires Auth 2.0 Bearer Token Authentication using Client ID and Secret.
I'll just show how to create a Salesforce trial account and how to configure the Connector for it.
Just go to
https://developer.salesforce.com
and choose "Sign up" in right corner.
Fill required fields and, after email activation, you should have your account
ready to use.
Now, to see the list of existing Users, go to "Setup" view by clicking on the
gear icon on the right top (url should be something like
https://eu12.lightning.force.com/one/one.app#/setup/SetupOneHome/home
Then, just type "user" in the left search bar and click on "Users".
Still from Salesforce "Setup" view, search and select "App Manager". Then
click "New Connected App".
Fill the required fields and make sure to check "Enable OAuth Settings". Then,
flag "Enable for Device Flow" and "Require Secret for Web Server Flow" too.
Here is a sample configuration:
After saving those settings, you'll find:
You also need a Security Token to append to you account
password in order to have a password token to connect to service.
Go to "Settings" (on the right corner) and search for "Reset My Security Token"
in search bar. Click on it and select "Reset Security Token".
A new token will be sent to your email.
Now, in Syncope, you should already have the "SCIMv11Conn" connector instance, so just click on it and select "Edit connector".
From SCIMv1.1 ConnId Bundle v1.0.0, Auth 2.0 Bearer Token Authentication is
supported.
So, make sure the connector version is >= v1.0.0:
Now, click "Next" and configure connector with Salesforce parameters.
It is enough to fill the following fields:
As described in previous post, in "Configuration test" section, you can click
on the "SCIMv11Res" node from "Topology" and choose "Explore resource" from
menu.
You'll see some of the existing Users on Salesforce.
When creating a new User on Salesforce, it must be linked to a Profile ID (an "Entitlement"). So, first of all you can obtain a list of all Entitlements by using the REST Workbench and executing /services/scim/v1/Entitlements/
so that you'll find all available Entitlement IDs.
Then, you can use the "entitlements.default.value" External attribute, add it to
"Provision rules" and flag it as mandatory.
This way, for any new provisioned user you'll be able to send the Entitlement ID
too.
So the "userName" External attribute must be mapped to a Syncope Schema where
you'll store the User username in email format.
E.g. username (with email format) -> userName or
email -> userName
In your resource "Provision rules" add the "emails.work.value" External
attribute.
Salesforce accounts have the "email" field that is identified by
"emails.work.value" via SCIM API.
You'd better flag it as mandatory.
In your resource "Provision rules" add "name.familyName" External attribute and you'd better flag it as mandatory.
Here is an example of a full mapping configuration:
How to configure Apache Syncope to send notification e-mails
Apache Syncope already provides powerful, tunable attribute validators, enforced by the Core back-end: what about customizing front-end validation?
We put the latest Apache Syncope and PostgreSQL on the bench to try and push to the limit: here are the results
Tirasa joins Maggioli, Metron and University of L'Aquila to shepherd the Italian Public Administration towards Cloud services
PlainID and Tirasa announced the release of a PlainID Dynamic Authorization integrate solution, to enhance its Authorization management capabilities
AULSS 6 Euganea of Padua makes standard-based Open Source user management and IT authorization