Configure Salesforce connector

Steps to configure the connector:

1.  Login to Cross Identity as an administrator.
2. To add a required application from the global app store, go to the Applications > click the ‘+’ symbol to add an application.
3. In the AppStore pane, search SalesForceConnector_GV1-Provisioning application. 
   Note:

   From the App Store onboard the SalesForceConnector_GV1 application, and mention the profile ID in the property file. This is the same Profile ID copied in the notepad. Refer to the Pre-requisites section.
4. Once it is displayed, click on it and it will take you to the application configuration window. 
5. Fill out the required details in the Application Configuration tab.
   • Application Name: Provide the application name.
   • Connector War name: This is an uneditable field.
   • Application Logo: Upload an application logo.
   • Instance URL: This URL is sent by Salesforce, to the registered email address in the first-time account verification mail. Example: https://ap16.salesforce.com/services/data/v20.0/
   • Login URL: Example: https://login.salesforce.com/services/oauth2/token
   • Client ID: Refer to Client ID and Client secret section of Pre-requisites
   • Client Secret: Refer to Client ID and Client secret section of Pre-requisites
   • Username: Provide the username.
   • Password: It is Account Password + Security Token (Refer to Pre-requisites Step 11 of Client ID and Client Secret section)
   • Domain name: Provide the domain name. Example: Ex: salesforce.com
   • Grant type: Provide grant type. Example: password.
6. Click Save.
7. Check for Salesforce war file in C:\Program Files\Apache Software Foundation\Tomcat 9.0\webapps.
   Note:

   The folder path may vary from client to client.
8. If the Salesforce.war file doesn’t exist in the above location, download the war file from CI. (Go to Applications menu > Application Configuration tab > click Download WarFile).
   Important:

   The Connector.war file name should be the same as Connector War name in Step 5.

9. Once the war file is downloaded, place it in C:\Program Files\Apache Software Foundation\Tomcat 9.0\webapps and restart the agent.

Application Account Attributes

1. Go to Application Account Attributes and click +Add.
2. Select the necessary attributes by checking the appropriate boxes and then click ADD.
3. On the next screen, you can see the added application account attributes and map the attributes as per requirement.
4. Select the Mapping method from the drop-down.
   • User Profile Attribute: When you choose this option, you need to define a user attribute that matches with Active Directory.
   • Assigning Group to the user based on expression calculation from UI: Groups can be assigned as per the business logic and the same is achieved by defining expressions in CI.
5. Evaluation Operation: Select Create, Modify, and Both from the drop-down list to apply the operation on the selected attribute.
6.  Sync with User Profile Attribute: Check the box to sync account attributes with user profile attributes.

Add Roles in cross-identity

1. Navigate to Roles from the menu.
   
2. Click Add Role. The Add Role screen appears.
3. Click Add.

Application Authorization

1. Navigate to Application Authorization. The application authorization screen is displayed.
2. Click Add Role and search for Salesforce.
3. Select the role and click ADD. 

Accounts

1. Navigate to Accounts. Here you can view the details of all accounts.

Entitlements

1. Navigate to Entitlements.
2. Click Entitlement Definition > Add Entitlement Definition.
3.  Enter the following details in the dialog:

   Sr. No.	Entitlement Name	Entitlement Key	Entitlement Value
   1	Salesforce (could be any user-friendly name)	group	group

4. Entitlement key and value are checked in the connector to fetch group details. As per the schema defined, the group names and its members are fetched and will be displayed in the entitlement tab.
5. Set schema details: In Connector, Attribute Name fields are used to fetch group names and members of that group from respective API responses. Attribute Display name is a user-defined display name. The mapped Attribute is mapped to the Display Name (as we are considering the Display Name as a unique key attribute) which represents the Group name, and the chosen will be displayed in the CI UI entitlement section.

   Sr. No.	Attribute name	Attribute Display Name	Mapped Attribute	Marked Display?
   1	Name	groupName	Username	true
   2	member	members	Username	false

Download and copy the file “salesforce.war” on the On-Prem agent server and restart the agent.

Reconciliation

The Recon rule is a must to link the CI identity and its respective account from the Target application using a unique link attribute (like email, employee ID, sAM account name, etc.). Multiple attributes can be considered by choosing the priority.

1. Navigate to Reconciliation.
   
2. Click Run to initiate the recon.
3. You will receive a message of successfully initiating the reconciliation.

• 
  

  
  

  
  Pre-requisites