What's in it for you
Automated Provisioning refers to the ability to maintain users across applications using an automated process. By communicating with your Salesforce organization, LearnCore is able to perform automated, real-time provisioning by using a standardized protocol called SCIM.
SCIM (System for Cross-domain Identity Management), is a standardized protocol designed for automating the exchange of user identity information between domains. When configured through your Salesforce account, user access and group membership information are propagated to LearnCore, which will reflect your updates within your LearnCore account.
- Allows for automated user syncing so manual management is not required
- Access levels and user groups are synced automatically
- Maintain a single source of truth for user management
You need this to succeed
- Salesforce Enterprise account
- Access to your organization’s SFDC main admin
- Installation of the LearnCore Package for Salesforce
- A Salesforce user with API access and authorization to view User objects
- SCIM API token (provided by LearnCore)
The quick way to awesomeness
- Follow the guide to create newly named credentials in Salesforce
- Create a new permission set for users you don't want to include in LearnCore
- Enable the LearnCore connected app for provisioning
- Add the permission set that you created
Do this step by step
Create a named credential
- In Salesforce, navigate to Setup. In the left navigation, search for Named Credentials. Once located, click it.
- Create a new Named Credential by clicking the New Named Credential button. Provide the following information and leave all other boxes blank before saving:
- Label - This can be a label of your choosing. We recommend “LearnCore SCIM.”
- Name - This can be a name of your choosing. We recommend “LearnCore SCIM.”
- URL - https://admin.learncore.com/scim/v1/Users
- Certificate - Leave blank
- Identity Type - Named Principle
- Authentication Protocol - Password Authentication
- Username - This can be any username you choose.
- Password - This is the token that you received from your LearnCore strategist.
- Check the box for “Allow merge fields in HTTP header.”
Create a Permission Set
As Salesforce does not allow permission sets from managed apps to be used for this, you must create a new permission set for any users that you wish to include in LearnCore.
- In the left navigation search for Permission Sets. Click it under Manage User section.
- Click New.
- Create a Label for this permission set. We recommend LearnCore Users. You may also add a description if necessary.
- Select the Identity as the license that will use this permission set. Click Save.
Enable the LearnCore Connected App for Provisioning
Next, we will need to enable the LearnCore App to provision users in real time. Please note that we highly recommend using another service for bulk updates in LearnCore, such as Automated Provisioning for Salesforce or an upload.
- In the left-hand navigation, search for and select “Connected Apps.
- From the list of connected apps, click on LearnCore SCIM.
- Click Edit Policies from the top of the page.
- Check the box next to Enable User Provisioning. Click Save.
- Click Launch User Provisioning Wizard.
- Select the option to use an existing flow and choose LearnCore Users Flow. Select the Named Credential you created for LearnCore from the Named Credential option. Click Save & Next.
- Leave the checkbox blank for Require Approvals. Click Save & Next.
- Select all the available options to allow Salesforce to call the Flow. Once you select update user, you will be asked to provide which action triggers the call. Select LocaleSidkey and click the arrow to move it under Will Trigger Update. Click Save & Next.
- Click Connect & Collect.
- This will take you to a page where you will select how users are linked. Select Email for both of the drop downs to link based on their email address. You may also opt to select username for the Salesforce User attribute. Click Save & Next.
- Click Analyze Collected Information. This may take a few moments.
- Click Commit to commit the changes. Once the changes are committed, click Next. Click Finish to return to the Connected App Detail Page.
Adding Permission Sets
To set the users that will sync with LearnCore, you will need to add the Permission Set that you created to the app.
- Click Manage Permission Sets. Find the Permission Set that you created and check the box in front of it and click Save.
Adding and Updating Users
Now that the configuration is complete, users can be added and updated to LearnCore from Salesforce using the permission set that you created. There are 4 actions that will trigger an update in LearnCore; adding a new user to the permission set, updating the locale for the user, freezing a user, and deactivating a user.
Adding Users in Real Time
Adding an active Salesforce user to the permission set that you created above and assigned to the SCIM configuration will create the user in LearnCore in real-time. Any user added that has not been added to the permission set will not be added to LearnCore. In addition, as the user is created, they will be placed into a LearnCore group matching the language of their “locale” field in Salesforce. If a matched group does not exist in LearnCore, one will be created.
Please note that we do not advise using this method for user creation in bulk as it is taxing on the system. To bulk create users, we advise a manual sync with Salesforce Automated Provisioning (this is a nightly sync or can be run manually) or performing a .csv upload.
Updating the Locale of a User
Users who have been synced into LearnCore will be grouped by the Salesforce “locale” field. To update the group as the needed, change the locale field for the user in Salesforce and the group in LearnCore will be updated appropriately.
Please note that changing the user’s locale will trigger the update, but changing the language will not.
Freezing a User
If you freeze a user within Salesforce, this will trigger the user in LearnCore to be deactivated. In LearnCore, the user will remain in the account, but will not be able to log in. Unfreezing a user in Salesforce will reactivate the user in LearnCore.
Deactivating a User
If a user is deactivated within Salesforce or removed from the configured permission set, they will be removed from the corresponding account within LearnCore.
Reporting on the Sync
The Salesforce Identity User Provisioning Utils provides 3 reports that may be helpful for monitoring and debugging the real-time sync.
To access these reports:
1. Navigate to the Reports tab in Salesforce.
2. Select the User Provisioning Reports folder
3. Here you will see three report types:
- User Provisioning Requests - Displays each request, the timestamp it was made, and state of the request.
- User Provisioning Accounts - Displays each user that is linked between Salesforce and LearnCore and the status of that connection.
- User Provisioning Logs - Displays the log of each provisioning request and details of the transaction.