Upgrade Considerations
When upgrading IdentityIQ:
-
Add the
IsFrozenschema attribute through the Application Debug page as follows:Copy<AttributeDefinition name="IsFrozen" type="boolean">
<Description>Flag that indicates if the user is frozen in Salesforce.</Description>
</AttributeDefinition>
-
Add the following attributes into the account schema, which are required for configuration to connect to Salesforce connector:
PermissionSet
A permission set contains settings and permissions which control a user's action. The available permission depends on which user license is selected. Users can have multiple permission sets.
UserLicense
The user’s license.
-
Before upgrading your Salesforce API version to 59.0, you must first remove the
UserPermissionsMobileUserparameter and update the API version in the application log to 59.0.Important
Beginning with IIQ version 8.2 Patch 5, the connector no longer supports Salesforce API versions 48.0 and prior. - To properly create, update, and delete public groups, ensure that your service account user has the
Public Groupsobject and[R || W]added to the administrative user profile. - To create new portal and partner users as well as assign portal and partner licenses to existing Salesforce users via their user profile, nsure that your service account user has the
Manage Contactsobject and[R || W]added to the administrative user profile. -
Add the following group object schema in the existing application manually to aggregate the respective schema as a group object and update the account schema attributes (
schemaObjectType="<Attribute Name>") as provided in the following table:Attribute Name
Aggregate Attribute as Group Object
Update Account Schema Attribute
PermissionSetLicense
<Schema displayAttribute="MasterLabel" identityAttribute="Id" nativeObjectType="PermissionSetLicense" objectType="PermissionSetLicense" aggregationType="group" descriptionAttribute=""><AttributeDefinition name="Id" type="string"><Description>PermissionSetLicense Id.</Description></AttributeDefinition><AttributeDefinition name="MasterLabel" type="string"><Description>PermissionSetLicense MasterLabel.</Description></AttributeDefinition></Schema><AttributeDefinition entitlement="true" managed="true" multi="true" name="PermissionSetLicense" type="string" schemaObjectType="PermissionSetLicense"><Description>PermissionSetLicense assigned to a user.</Description></AttributeDefinition>PermissionSet
<Schema displayAttribute="Name" identityAttribute="Name" nativeObjectType="PermissionSet" objectType="PermissionSet"><AttributeDefinition name="Name" type="string"><Description>The internal id for this group.</Description></AttributeDefinition><AttributeDefinition name="Label" type="string"><Description>The friendly name assigned to the profile.</Description></AttributeDefinition><AttributeDefinition name="Description" type="string"><Description>Description for the profiles.</Description></AttributeDefinition></Schema><AttributeDefinition entitlement="true" managed="true" multi="true" name="PermissionSet" type="string" schemaObjectType="PermissionSet"><Description>PermissionSet assigned to a user.</Description></AttributeDefinition>PermissionSetGroup
<Schema displayAttribute="MasterLabel" identityAttribute="Id" nativeObjectType="PermissionSetGroup" objectType="PermissionSetGroup" aggregationType="group" descriptionAttribute="Description"><AttributeDefinition name="Id" type="string"><Description>PermissionSetGroup Id.</Description></AttributeDefinition><AttributeDefinition name="MasterLabel" type="string"><Description>PermissionSetGroup Name.</Description><AttributeDefinition name="Description" type="string"><Description>PermissionSetGroup Description.</Description></AttributeDefinition></Schema></Schema><AttributeDefinition entitlement="true" managed="true" multi="true" name="PermissionSetGroup" type="string" schemaObjectType="PermissionSetGroup"><Description>PermissionSetGroup assigned to a user.</Description></AttributeDefinition>PublicGroup
<Schema displayAttribute="Name" identityAttribute="Name" nativeObjectType="PublicGroup" objectType="PublicGroup" aggregationType="group"><AttributeDefinition name="Id" type="string"><Description>Public Group Id.</Description></AttributeDefinition><AttributeDefinition name="Name" type="string"><Description>Public Group name.</Description></AttributeDefinition></Schema><AttributeDefinition entitlement="true" managed="true" multi="true" name="PublicGroups" type="string" schemaObjectType="PublicGroup"/>ManagedPackage
<Schema displayAttribute="NamespacePrefix" identityAttribute="Id" nativeObjectType="ManagedPackage" objectType="ManagedPackage" aggregationType="group"><AttributeDefinition name="Id" type="string"><Description>Managed Package Id.</Description></AttributeDefinition><AttributeDefinition name="NamespacePrefix" type="string"><Description>Managed Package NamespacePrefix.</Description></AttributeDefinition></Schema><AttributeDefinition entitlement="true" managed="true" multi="true" name="ManagedPackage" type="string" schemaObjectType="ManagedPackage"><Description>Managed Package assigned to a user.</Description></AttributeDefinition>CollaborationGroup
<Schema displayAttribute="Name" identityAttribute="Id" nativeObjectType="CollaborationGroup" objectType="CollaborationGroup" aggregationType="group"><AttributeDefinition name="Id" type="string"><Description>Collaboration Group Id.</Description></AttributeDefinition><AttributeDefinition name="Name" type="string"><Description>Collaboration Group Name.</Description></AttributeDefinition><AttributeDefinition name="CollaborationType" type="string"><Description>Collaboration Group Type.</Description></AttributeDefinition></Schema><AttributeDefinition entitlement="true" managed="true" multi="true" name="CollaborationGroup" type="string" schemaObjectType="CollaborationGroup"<Description>Collaboration Group Id assigned to a user.</Description</AttributeDefinitionDelegateGroup
Note
When adding thehierarchyAttributein the schema, you must also add the definition forParentRoleId.<Schema aggregationType="group" descriptionAttribute="" displayAttribute="Name" identityAttribute="Id" instanceAttribute="" nativeObjectType="DelegateGroup" objectType="DelegateGroup" permissionsRemediationModificationType="None"><AttributeDefinition name="Id" type="string"><Description>The Delegate Group's unique identifier</Description></AttributeDefinition><AttributeDefinition name="DeveloperName" type="string"><Description>The unique developer name for the delegate group</Description></AttributeDefinition><AttributeDefinition name="IsLoginAccessEnabled" type="boolean"><Description>Indicates if login access is enabled for the developer group</Description></AttributeDefinition><AttributeDefinition name="Name" type="string"><Description>The developer group's unique label</Description></AttributeDefinition></Schema><AttributeDefinition entitlement="true" managed="true" multi="true" name="DelegateGroup" schemaObjectType="DelegateGroup" type="string"><Description>The ID of the Delegate Group assigned to the user</Description></AttributeDefinition>Role
<Schema displayAttribute="Name" identityAttribute="Id" nativeObjectType="Role" objectType="Role" aggregationType="group" hierarchyAttribute="ParentRoleId"><AttributeDefinition name="Id" type="string"><Description>Role's unique identifier</Description></AttributeDefinition><AttributeDefinition name="Name" type="string"><Description>Role name.</Description></AttributeDefinition><AttributeDefinition name="CaseAccessForAccountOwner" type="string"><Description>The case access level for the account owner</Description></AttributeDefinition><AttributeDefinition name="ContactAccessForAccountOwner" type="string"><Description>The contact access level for the account owner</Description></AttributeDefinition><AttributeDefinition name="OpportunityAccessForAccountOwner" type="string"><Description>The opportunity access level for the account owner</Description></AttributeDefinition><AttributeDefinition multi="true" name="ParentRoleId" type="string"><Description>Unique identifier for role's parent role</Description></AttributeDefinition></Schema>