Versions Compared

Old Version 18

changes.mady.by.user Former user

Saved on

compared with

New Version 19

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Warning

This page is under construction and will be available shortly.

 

The WSO2 Identity Server has the ability to provision users into different domains like Salesforce, Google, Facebook, etc., using its identity provisioning framework. This topic provides instructions on how to configure Salesforce as the Identity Provider to provision the users from WSO2 Identity Server.

...

  1. Start the WSO2 Identity Server if it is not started up already and log in using the email you configured in the realm as instructed in the Email Authentication topic.
  2. On the management console, click on Add under Identity Providers.
  3. In the form that appears, provide a name for your identity provider by filling in the Identity Provider Name. You can use "Salesforce.com" as an example, but this can be any name you choose. See Adding an Identity Provider for information on registering and configuring an identity provider.
  4. Upload the Salesforce public certificate that you generated and saved in step 7 under Configuring Salesforce. Do this by clicking the Choose File button next to Identity Provider Public Certificate.
  5. Expand the Claim Configuration section of the form, followed by the Basic Claim Configuration section, and select Define Custom Claim Dialect

  6. Click Add Claim Mapping and add the following claims.

    Identity Provider Claim URILocal Claim URI
    Aliashttp://wso2.org/claims/givenname
    Emailhttp://wso2.org/claims/emailaddress
    EmailEncodingKeyhttp://wso2.org/claims/otherphone
    LanguageLocaleKeyhttp://wso2.org/claims/dob
    LastNamehttp://wso2.org/claims/lastname
    LocaleSidKeyhttp://wso2.org/claims/primaryChallengeQuestion
    ProfileIdhttp://wso2.org/claims/role
    TimeZoneSidKeyhttp://wso2.org/claims/challengeQuestion1
    UserPermissionsCallCenterAutoLoginhttp://wso2.org/claims/telephone
    UserPermissionsMarketingUserhttp://wso2.org/claims/mobile
    UserPermissionsOfflineUserhttp://wso2.org/claims/country
    Usernamehttp://wso2.org/claims/emailaddress

  7. Expand the Advanced Claim Configuration section.
  8. Select the Claim URI you added from the Provisioning Claim Filter dropdown and click Add Claim.

  9. For each Claim URI, enter a default value as shown in the following sample image.
    Image Modified

    Tip

    Tip: The ProfileId value refers to the ID of the profile you created in Salesforce (step 6 of Configuring Salesforce). If it is the Chatter Free User profile you created, navigate to the profile in Salesforce to find the profile ID. You can do this by clicking Profiles under Manage Users in Salesforce and clicking Chatter Free User. You can get the profile ID in the URL. For example, 00e90000001aV2o is the ProfileId for https://identityprovisioning-dev-ed.my.salesforce.com/00e90000001aV2o.

  10. Expand the Outbound Provisioning Connectors section followed by the Salesforce Provisioning Configuration section.
  11. Do the following configurations for Salesforce provisioning.
    1. Select Enable Connector to enable the Salesforce connector.
    2. Enter the API version. This is the version of the API you are using in Salesforce. To obtain this, log into https://developer.salesforce.com/ and click Setup. On the left navigation pane, click API under Develop. Generate one of those APIs to check the version. This should be entered in the following format: v32.0.
    3. Enter the Domain. If you do not have a Salesforce domain, you can create a domain by logging into https://developer.salesforce.com/ and clicking Setup. On the left navigation pane, click My Domain under Domain Management. Make sure you enter the domain with an HTTPS prefix so that it resembles a URL. For example, https://identityprovisioning-dev-ed.my.salesforce.com.
    4. Enter the Client ID. This is the Consumer Key obtained in step 5 when configuring Salesforce.
    5. Enter the Client Secret. This is the Consumer Secret obtained in step 5 when configuring Salesforce.
    6. Enter the Username. This is the Salesforce username.
    7. Enter the Password. This is the Salesforce password and must be entered along with the security token. So you would enter this in the following format: <password><security_token>
  12. Click Register.

...

  1. On the Configure tab in the management console, click Users and Roles.
  2. Click Users. This link is only visible to users with the Admin role. 
  3. Click Add New User.
  4. Enter the username in the form of an email and enter the password.
    Image Added 
  5. Assign a role to the user.
    Image Added
  6.  Click Finish.
  7. In Salesforce, log into https://developer.salesforce.com/ and clicking Setup. On the left navigation pane, click Users under Manage Users. You will see that the user you created in the Identity Server has been added to Salesforce as well.
    Image Added

You can also add users to Salesforce using SCIM. If you use SCIM you must do the following. 

  1. In the Main menu under the Identity section, click List under Identity Providers. The list of identity providers you added appears.
  2. Click the Resident Identity Provider link and expand the Inbound Provisioning Configuration in the screen that appears.
  3. Select the correct User Store Domain.

The following is a sample CURL command to add users.

Code Block
 curl -v -k --header "Content-Type:application/json" --user samuel@wso2.com:password --data '{"schemas":     ["urn:scim:schemas:core:1.0"],"userName":"samuel@wso2.com","password":"test25","name":{"familyName":"Gnaniah"},"emails":     ["samuel@wso2.com"],"entitlements":     [{"value":"00e90000001aV2o","display":"ChatterFreeUser"}]}' https://localhost:9463/wso2/scim/Users