Supported Features

The SailPoint Salesforce Connector supports the following features:

  • Manage Salesforce users as accounts

  • Account aggregation

  • Refresh accounts

  • Create and update accounts

  • Enable and disable accounts

    Note
    The Salesforce connector supports user object modification while enabling and disabling accounts. While enabling and disabling of accounts, the user can modify other attributes of the account that are part of the user object.

  • Change Password

    Note
    The Administrator Reset Password operation does not set passwords provided for the user account. Salesforce sends an email notification with a temporary password to the user for these operations.

  • Add and remove associations of the following group objects with User objects:

    • PermissionSet

    • PermissionSetGroup

    • CollaborationGroups

    • PublicGroups

    • PermissionSetLicense

    • Role

    • ManagedPackage

    • DelegateGroup

      Note
      DelegateGroup objects can be assigned to active (enabled) users. If you disable a user that has a DelegateGroup object assigned to them, Salesforce automatically removes the it from the user. However, it doesn't update in SailPoint for that user. To update SailPoint, run the Iterate the User process after performing the Enable/Disable operation.

  • Create new Portal Users and Partner Users, and assign licenses

    Note
    Enabling and disabling Portal and Partner users is not supported.

  • Aggregate QueueNames as an entitlement

  • Aggregate the following objects as group objects:

    • CollaborationGroup

      Note
      If you enable or disable a user that has a collaboration group object assigned to them, Salesforce automatically removes it, but it doesn't update in SailPoint for that user. To correct this, run the Iterate the User process after performing the Enable/Disable operation.

    • Profiles

    • Role

      Note
      Includes the role's hierarchy.

    • PermissionSet

    • PermissionSetGroup

    • PublicGroup

    • PermissionSetLicense

      Note
      Through certification, permission set licenses cannot be removed until associated permission sets are removed.

    • ManagedPackage

    • DelegateGroup

Create, update, and delete PublicGroups as group objects

Note
Provisioning for PublicGroups is only supported for newly created applications in IdentityIQ.

The application reads permissions directly assigned to groups as direct permissions during group aggregation.

Note
The connector does not support automated revocation of the aggregated permissions and creates work item for such requests.

The Salesforce connector supports use with the Enhanced Domains feature.

The Salesforce connector can manage a Role hierarchies in addition to the Role itself. Within the Salesforce system, Role hierarchies are used to extend record access automatically.