<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008G7VLbSANOkta Classic EngineLifecycle ManagementAnswered2024-04-17T13:06:00.000Z2017-06-19T04:44:31.000Z2017-06-19T04:44:31.000Z

SantoshS.33771 (Customer) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:20 AM
OKTA to sales force provisioning
Does anyone have integrated OKTA with Salesforce for provisioning, my scenario is bit different, where customer wants to manage access to salesforce through AD group membership, that includes initial user creation in salesforce and updating the role and profile going forward as AD group memebership.

 

Initally i though i can use "combine value for across group" feature and create groups for each salesforce profile and roles in AD; and map them to salesforce applicaiton, however only top priority group assignment is happening, as role and profile does not support "combine value for across group" feature.

 

Any other suggestion or approch to do this ?

 

Thanks

Santosh

  • 3 answers
  • 2.5K views

  • costel.curca1.4665496479388772E12 (Okta, Inc.)

    Hello, unfortunately "combine value for across group" doesn't work with Roles and profile.

    The only option that remains is to assign roles and profile via Group assignments.

  • SantoshS.33771 (Customer)

    Thanks Costel, actually we have 48 profiles and 300 roles so assigning them in combination through group assignment is possibe but does not look realistic approach.

  • miqxq (miqxq)

    I was able to manage Roles & Profliles entirely from AD in my previous environment by creating a group for each role/profile combination that we were using but have too many roles & profiles here. My solution is to let Okta create the initial account with attributes - including role/profile  - but not update. This allows our SFDC admins to update role & profile without Okta writing over those settings. 

     

    Another option is to make SFDC a Profile Master and use Atrribute Level Mastering for Role and Profile (making SFDC a higher priority for these attributes). This option allows for other attributes to be synced to Okta without over-writing role/profile.
    Expand Post
This question is closed.
Loading
OKTA to sales force provisioning