Configure outbound provisioning with Salesforce¶
This guide explains how you can configure Salesforce as an outbound connector in WSO2 Identity Server.
Configure Salesforce for provisioning¶
Follow the steps below to learn how you can configure Salesforce for provisioning.
-
Sign up to Salesforce.
-
Create a connected app.
-
Click Setup on the upper-right corner.
-
From the left navigation, under PLATFORM TOOLS, click Apps > App Manager.
-
Click New Connected App and enter the following details.
Connected App Name Name of the connected app. e.g. IdentityServerProvisioning
.API Name Name used when referring to your app from a program. This should match the name of the connected app. This defaults to a version of the name with spaces replaced with underscores. Only letters, numbers, and underscores are allowed. If the app name contains any other characters, be sure to change them. Contact Email The email address used by the connected app. Enable OAuth Settings Select the checkbox to enable. This section controls how your app communicates with Salesforce. Callback URL The URL a user’s browser is redirected to after successful authentication. Use the following value here: https://login.salesforce.com/services/oauth2/token
Selected OAuth Scopes Scopes refer to the permissions the user gives to the connected app while it is running. Choose Full access (full) and click Add. Important
Full access (full) scope, while allows access to the logged-in user’s data and encompasses all other scopes, does not return a refresh token. You must explicitly request the
refresh_token
scope to get one. -
Click Save and then Continue to add the connected app.
-
Take note of the following about the connected app.
-
Under Consumer Key and Secret, click Manage Consumer Details and get the,
-
Consumer Key - A value that the client uses to identify itself with Salesforce. Referred to as
client_id
in OAuth 2.0. -
Consumer Secret - A secret that the client uses to establish ownership of the consumer key. Referred to as
client_secret
in OAuth 2.0.
-
-
Callback URL
-
-
-
Add your connected app to a profile.
Note
Allow from 2-10 minutes for your changes to take effect on the server before using the connected app.
-
In the setup page, go to ADMINISTRATION > Users and click Profiles.
-
Click Edit on a profile and under Connected App Address, select the checkbox corresponding to the created app.
-
Click Save.
-
Make a note of the ID of the user profile.
Tip
While in the profile, copy the URL and decode it to obtain the profile ID.
e.g. https://computing-force-3514.lightning.force.com/lightning/setup/Profiles/page?address=/00eGB000003bWuc/e?ret......
-
-
Get the public certificate for Salesforce.
Info
For more information on generating the certificate, see the Salesforce documentation.
-
In the setup page, go to SETTINGS > Security and click Certificate and Key Management.
-
For a self-signed certificate, click Create Self-Signed Certificate.
-
Enter the Label and a Unique Name and click Save.
-
Click the Download Certificate button to download the certificate.
-
Configure the Salesforce outbound connector¶
Create an organization-level or IdP-level outbound provisioning and enter the following details to configure the Salesforce outbound connector.
API version | The version of the API you are using in Salesforce.
How to find my version?
|
Domain Name | Enter the Domain name with an HTTPS suffix so it resembles a URL.
How to create a domain?
|
Client ID | The consumer key obtained when creating the connected app. |
Client Secret | The consumer secret obtained when creating the connected app. |
Username | Salesforce username. |
Password | Enable user password provisioning to a Salesforce domain. |
OAuth2 Token Endpoint | The Salesforce token endpoint. |
Provisioning Pattern | WSO2 Identity Server uses this pattern to build the user ID of the provisioned user account. Learn more about provisioning patterns.
e.g. {UD,UN,TD,IDP} |
Provisioning Separator | Used to separate provisioning pattern attributes of the user ID. Learn more about provisioning patterns
e.g. - (hyphen). |
Provisioning Domain | Domain in which the user provisioning operations occur. |