<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D51Y00006EnQ0kSAFOkta Classic EngineSingle Sign-OnAnswered2025-03-06T09:00:20.000Z2019-05-08T20:47:14.000Z2020-06-29T15:57:18.000Z

ArunB.42669 (Customer) asked a question.

May 8, 2019 at 8:47 PM
Error while creating community integration with Salesforce - Unable to map the subject to a Salesforce.com user

I am trying to create a community integration with Salesforce using JIT. The idea is to enable SSO for all the students. I followed all the steps given in the SAML 2.0 set up instructions in OKTA but still getting "Unable to map the subject to a Salesforce.com user" error on the Salesforce side. I read the blogs on the Salesforce side as well but it seems that I am missing something while adding adding the application on the OKTA side. FYI, I used salesforce.com application with out federation ID.

  • 7 answers
  • 5.68K views

  • brooks.johnson1.5389696669435503E12 (Okta, Inc.)

    Hi Arun,

     

    In this scenario you will need to ensure that you have API Provisioning turned on so that new users / accounts can be created in Salesforce upon being directed there from Okta. If you have further issues with this setup I would recommend opening a support case to go over more in depth your setup.

     

    Thank you,

    Brooks Johnson

     

    Okta Support Engineer

     

     

     

    Expand Post

  • SivaDesetti (Waste Management)

    Hi Arun,

    Check your Salesforce app settings if you have below values..

     

    SAML Type: Assertion contains the Federation ID from the User object

    SAML identity location: Identity is in the NameIdentifier element of the Subject statement

     

    If its still not working, try creating OKTA app by clicking --> Create new app--> Web --> SAML2.0. Post creating app in OKTA, import okta metadata into Salesforce app with above values matching...

     

    Thanks

    Siva Desetti

    Expand Post

  • ArunB.42669 (Customer)

    Hi Siva and Brooks,

     

    I followed the steps you mentioned in your answer but still getting the same error.

     

    Thanks,

    Arun

    Expand Post

  • 00u15ah2s8EIQWXOZHX1.4594455230587705E12 (Customer)

    I am having this problem as well. Okta is NOT sending the FederatedID to Salesforce in the location that Salesforce is expecting it. The FederationID is not present ANYWHERE in the SAML.

     

    /help/servlet/rtaImage?refid=0EM1Y0000011eoM

  • DanielT.57601 (Customer)

    I am also having the same problem. In fact, I am not even able to enable provisioning because when I test the API credentials it cannot connect to the administrator account (the username, pw, and token are all correct for the corresponding admin account).

  • j98vt (j98vt)

    I'm currently working with a vendor, experiencing the very same issue. I do not have access to their SalesForce admin portal but i'm working on the Okta side. Okta Support has confirmed all is well on my end but for some reasons, they are getting the "Unable to map the subject to a Salesforce.com user".

     

    Any help will be appreciated.

     

    Thanks

    Expand Post
This question is closed.
Loading
Error while creating community integration with Salesforce - Unable to map the subject to a Salesforce.com user