Supported Features

• *Load and provision accounts

• *Access certifications (Certification of entitlements connected to accounts)

• Enable and disable accounts

• Password Management

• Add and remove associations of the following group objects with User objects:

  • PermissionSet

  • PermissionSetGroup

  • CollaborationGroups

  • PublicGroups

  • PermissionSetLicense

  • Role

  • ManagedPackage

  • DelegateGroup

    Note
    DelegateGroup objects can be assigned to active (enabled) users. If you disable a user that has a DelegateGroup object assigned to them, Salesforce automatically removes the it from the user. However, it doesn't update in SailPoint for that user. To update SailPoint, run the Iterate the User process after performing the Enable/Disable operation.

• Create new Portal Users and Partner Users, and assign licenses

  Note
  Enabling and disabling Portal and Partner users is not supported.

• Aggregate QueueNames as an entitlement

• Aggregate the following objects as group objects:

  • CollaborationGroup

    Note
    If you enable or disable a user that has a collaboration group object assigned to them, Salesforce automatically removes it, but it doesn't update in SailPoint for that user. To correct this, run the Iterate the User process after performing the Enable/Disable operation.

  • Profiles

  • Role

    Note
    Includes the role's hierarchy.

  • PermissionSet

  • PermissionSetGroup

  • PublicGroup

  • PermissionSetLicense

    Note
    Through certification, permission set licenses cannot be removed until associated permission sets are removed.

  • ManagedPackage

  • DelegateGroup

The Salesforce connector supports use with the Enhanced Domains feature.

The Salesforce connector can manage a Role hierarchies in addition to the Role itself. Within the Salesforce system, Role hierarchies are used to extend record access automatically.