Share via

Map salesforce User Role in Azure automatic user provisioning

Anas Alamour 0 Reputation points
2023-06-26T21:40:29.1233333+00:00

We are implementing salesforce SSO with Azure AD as identity provider. We are working now on the automatic user provisioning part and the user is created successfully with the required default fields (Alias,Username,Email,First Name,Last Name,Locale,Language,Email Encoding,Time Zone,Currency,ProfileId) and we made the mapping for other custom fields. But our challenge now with the user Role field on salesforce , how we can make the mapping for this field on Azure SSO settings ? Did anyone make that mapping in Azure and guide me how could make that mapping ? Did he/she make that using App Roles in Azure or made expression ?

 

Microsoft Security | Microsoft Entra | Microsoft Entra ID

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Shweta Mathur 30,296 Reputation points Microsoft Employee Moderator
    2023-06-28T07:01:14.9066667+00:00

    Hi @Anas Alamour ,

    Thanks for reaching out.

    For gallery applications such as Salesforce and ServiceNow, use the predefined role mappings.

    In attribute mappings, it's possible to use the UserRoleId salesforce attribute and map it with a single Salesforce role (mapping type: Constant) in automatic user provisioning.

    User's image

    For other application mappings, requires that you transform the attribute using an expression.

    https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/customize-application-attributes#provisioning-a-role-to-a-scim-app

    Hope this will help.

    Thanks,

    Shweta

    Please remember to "Accept Answer" if answer helped you.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.