<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008G7VSMSA3Okta Classic EngineLifecycle ManagementAnswered2024-04-30T09:18:25.000Z2016-08-16T16:56:19.000Z2017-04-26T17:08:07.000Z

j5v7c (j5v7c) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:20 AM
Issues with provisioning users from Okta to SalesForce
So I set up a federation between Okta and Salesforce. I followed the instrctions provided. When I assign a user to my SalesForce application, I got the error "Failed to provision user due to: Guest Users cannot have a user role: Role ID". I noticed that SalesForce SSO has a JIT provisioning option. The problem is that for it to work, you need to select the radio button "Assertion contains the Federation ID from the User object" which then promptly breaks SSO between Okta and SalesForce.

 

Any recommendations?
  • 5 answers
  • 4.86K views
knw1j likes this.

  • j5v7c (j5v7c)

    So I discovered the error. I had to remove the role from the user. But then the logs show yet another error:

    "Failed to provision user due to: License Limit Exceeded"

    I'm using the free versions of both SalesForce and Okta but I think this error is on the SalesForce end?

  • j5v7c (j5v7c)

    Dont think its really a user licensing problem as I have manually created a SalesForce account in SalesForce using the SalesForce service account. Any ideas would be appreciated.

  • ImranK.85797 (Customer)

    Solved the issue. You need to make sure that all of the "Feature License" checkboxes for the user to be provisioned remain unckecked!

  • j5v7c (j5v7c)

    If it's also the free version, you will probaly only be able to assign then the chatter free profile and no role. Otherwise again you might get similar message.

  • simad.18222 (Customer)

    When i m trying to enable the just in time provisioning in salesforce then a error is coming

    Error: Invalid Data. 

    Review all error messages below to correct your data.

    You must use the Federation ID for the SAML User ID Type when using just in time provisioning.

    "

    what should I do now?

    I am not able to do just in time provisioning
    Expand Post
This question is closed.
Loading
Issues with provisioning users from Okta to SalesForce