Tuesday, November 25, 2014

Salesforce Outbound Provisioning with WSO2 IS - Configuration that needs to be done in Salesforce

1. Go to https://developer.salesforce.com/signup and sign up as a new user giving your email address (use the email address as the Username)

2. You will get an email asking you to activate your account. Click on the given link and specify a password and other required information (Secret Question, etc). Once you do that, you will be logged into Salesforce

3. Next you need to create a domain for your account. To do this, traverse to Administer -> Domain Management -> My Domain and specify a new of your choice to be registered as your domain.

E.g.:- In my case, I have given the domain name as evanthika so once the domain is registered, the domain URL comes as https://evanthika-dev-ed.my.salesforce.com

Once the domain is registered successfully, you will see a message saying ‘Your domain name is available for testing. Click here to Login’. Click on the button and login using your Salesforce username (email which you specified at account sign-up time) and password (which you set after clicking on the activation link which you got through the email).

It will take you to a page asking you to specify your mobile number to send a security code in order to verify your details. You can either give a mobile number and get the code to do the verification or you can just click on ‘I'll try again later. Just log me in »’ link. Either way, you will be directed to the Salesforce home page from your domain name (If you check the URL, you should see something similar to - https://evanthika-dev-ed.my.salesforce.com/domainname/DomainName.apexp)

4. You need to create a new ‘Connected App’ first. For that, click on Build -> Create -> Apps from the left menu pane. Then specify details as follows and click on the ‘Save’ button.

Connected App Name - IdentityServer
API Name - IdentityServer
Contact Email - evanthika@wso2.com

Under ‘API (Enable OAuth Settings)’ tick the check-box ‘Enable OAuth Settings’.

Callback URL - https://login.salesforce.com/services/oauth2/token
Selected OAuth Scopes - Full access (full)

Then click on ‘Save’

Once saved, you will get a Client Key and a Secret key for the particular Application which you created.

5. Now lets assign the app we created to a user profile. In order to do this, go to Administer -> Profiles -> Select a user and click ‘Edit’ (E.g.:- Chatter Free User) -> Tick the check box under ‘Connected App Access’ to select the App (IdentityServer) which we created in the above step & click on the ‘Save’ button.

6. In order to capture the ProfileId for the above user profile, click on the profile name (Chatter Free User) and check the URL. Extract the value at the end of the URL and keep it safe. We need this to use as the ProfileId when we configure the IDP at WSO2 Identity Server side.
E.g.:- In my case, when I click on the user profile ‘Chatter Free User’ I would see the URL as https://evanthika-dev-ed.my.salesforce.com/00e90000001jZnj so my ProfileId would be 00e90000001jZnj.

7. You will need a security token to work with this scenario. In case you do not get a security token by email, you can request for a new one.

To reset your security token:

i) At the top of any Salesforce page, click the down arrow next to your name. From the menu under your name, select Setup or My Settings—whichever one appears.

ii) From the left pane, select one of the following:
        If you clicked Setup, select My Personal Information | Reset My Security Token.
        If you clicked My Settings, select Personal | Reset My Security Token.
iii) Click the Reset Security Token button. The new security token is sent via email to the email address on your Salesforce user record.

This covers the configuration that needs to be done in Salesforce. The rest of the configuration is explained clearly in the blog written by Ushani Balasooriya.


Evan said...

If you have forgotten your security token, you can reset it and get it delivered to your email address which is associated with the Sales force account.
Steps are as follows,
1. Click on your name at the top right corner and
2. Select 'My Settings'
3. Click 'Personal' from the left menu pain
4. Click on 'Reset My Security Token'.
5. Click on the button 'Reset My Security Token' and it would send a new security token to your email.

sidharth dash said...

Hi there
Can you tell me the difference between JIT and SCIM. If there is no difference than when to use where.

Evan said...

Hi Sidharth,

To understand the difference between JIT and SCIM, kindly refer the documentation at [1] & [2]. So as the documents explains, by using JIT, you can create users on the fly without having to create user accounts in advance. SCIM on the other hand is a standard protocol which can be used for user management work. However, you can also do SCIM based provisioning.

[1] - https://docs.wso2.com/display/IS500/Configuring+Just-In-Time+Provisioning+for+an+Identity+Provider
[2] - https://docs.wso2.com/display/IS500/WSO2+Identity+Server+as+a+SCIM+Service+Provider