This connector supports both identity and Provisioning.
The Identity functionalities of this connector enable you as an Identity administrator to configure Salesforce CRM as a connected system and then make Identity users part of the Salesforce CRM system. This enables the user or Identity administrator to reset Salesforce CRM account passwords. This also enables you to enable and disable user accounts.
The Provisioning functionalities of this connector enable exporting and importing user accounts on a Salesforce CRM system.
- Functionalities
- Creating the Connected System
- Using the Connected System for Identity
- Using the Connected System for Provisioning
Functionalities
Identity Integration
Product Feature |
Supported |
---|---|
Authenticate(Test Connection) |
Yes |
Validate User |
Yes |
Enable/Disable User |
Yes |
Reset Password |
Yes |
Expire Password |
Yes: Immediate |
Provisioning Integration
Data Format |
Export |
Create |
Modify |
Delete |
Trigger |
User |
Yes |
Yes |
Yes |
No |
No |
User Role |
Yes |
No |
No |
No | No |
Profiles |
Yes |
No |
No |
No |
No |
Prerequisites
Ensure that these prerequisites are satisfied:
- An administrator account that can be used to establish a connection and has authority to manage accounts on the Salesforce organization.
- Identity administrator
- Salesforce CRM Enterprise Edition or Unlimited Edition Version 7.0 or later.
Creating the Connected System
Admin UI
Log in to Identity Administration and click the Systems tab.
On the Connected System View page, click the Add button and select the Salesforce CRM connected system from the Type drop-down list. The Connected System Details page displays the default values:
-
Enter the desired information:
Definition Supported Connectors Displays whether the connected system is Identity only, Provisioning only, or both.
Type Select the connected system type. Locale Select the preferred language (default: English). Locale specific information such as Display Name and Description can be added only while modifying the connected system.
Name The name for this connected system. Note: The name cannot be modified later. Display Name The display name of the new connected system. Description The description of the connected system. Associated With Select how the connector associated with this system will run:
- Server (default) - Runs locally on the Provisioning/Identity Server.
- Global Identity Gateway - Runs remotely on a Global Identity Gateway cluster member. Note: Only GIG clusters that have at least one registered and enabled member will display in this list.
- See Using the Global Identity Gateway with Connected Systems for additional information.
Password Reset By Enables administrators to configure password management functions normally available to Users and OBO (On Behalf Of) Users: - OBO User Only - Connected system and account association information is displayed only in Self-Service user management (for OBO Users). OBO Users can reset passwords for accounts on this connected system. Administrators can perform all user management functions for this connected system (e.g., enable/disable, validate, associate user, and password reset). End users will not see their accounts on this connected system in Self-Service and Kiosk; therefore, they cannot reset passwords for accounts on this connected system.
- Users and OBO User - Connected system and account association information is displayed in Self-Service password reset, Self-Service - Kiosk, and Self-Service user management. Self-Service users, Kiosk users, and OBO Users can reset passwords for accounts on this connected system. Administrators can perform all user management functions for this connected system (e.g., enable/disable, validate, associate user, and password reset).
- External - Connected system and account association information is not displayed in Self-Service password reset, Self-Service - Kiosk, and Self-Service user management. Self-Service users, Kiosk users, and OBO Users cannot reset passwords for accounts on this connected system.
Note: When user management configuration enables OBO Users to perform password resets, this definition must be set to OBO User Only or Users and OBO User. For connectors that support Provisioning only, there is no password reset capability.
Provisioning Option Select the provisioning option: - Automated (default) - The connected system functions as a normal connected system; there are no restrictions.
- Administrative - The connected system cannot be used as an object in a workflow.
Enable HPAM Support Select to make the connected system HPAM enabled (default: cleared). Note: This can only be set for systems that support Identity. Enable Transfer of Accounts
Select to make the connected system Transfer of Accounts enabled (default: cleared).
Connection Information SalesForce Domain Name This is normally left blank and assumes www.Salesforce.com. The runtime libraries negotiate with the Salesforce domain you specify, using the Service Account Name, and determine the actual server to use. Under certain special circumstances, such as while developing workflows in the SandBox, you might be required to enter something such as sandbox.Salesforce.com or test.Salesforce.com.
Use Secure Connection Specifies SSL protection. This is required in a production environment, as both administrative and user passwords, including those of the service account are transmitted in plain text using the HTTP/SOAP protocol. When selected, no further action is normally required because the Salesforce certificate is trusted by most PKIs.
Note: This connector uses the Microsoft PKI and Java keystore to authenticate the Salesforce Server certificates. If the connector is running on a computer that is a member of the same domain as the Salesforce Server, and the domain controller has the Salesforce Certificate Services role, and that domain controller has signed the certificate of the Salesforce Server, then those certificates are automatically trusted. See the guide Configuring SSL for additional information about enabling SSL.
Allow HTTP Compression This causes GZIP compression of the payload in HTTP[S] transactions and responses.
Service Account Name The name of the administrative user account used to connect to the server.
Service Account Password The administrative user password. Service Account Security Token This is the security token for the Salesforce service account. Connection Timeout The maximum number of seconds to wait for the Web Service to respond before the connection attempt times-out. 0 means no time out.
LogLevel Allows the amount of trace information for the connected system to be increased.
System Owner Add or Remove users assigned as the owners of the system. Displays the Connected System Owner Search page for selecting users. The HPAM column indicates whether the system owner is authorized to use the HPAM feature. The Approvers column indicates whether the system owner is an approver in the approval process. -
Click the Test Connection button to test the Connection Information:
- If successful, one or both of these messages may display:
Message: Connection from Provisioning to the connected system was established successfully.
Message: Connection from Identity to the connected system was established successfully.- If unsuccessful, one or both of these messages may display these messages may display:
Error: Failed to establish connection from Provisioning to the connected system.
Note: If the connection fails, additional messages may display providing more information regarding the failure, and additional information may be posted to the Provisioning and Identity logs.
Error: Failed to establish connection from Identity to the connected system.
- If the connection fails, additional messages may display providing more information regarding the failure, and additional information may be posted to the Provisioning and Identity
- Verify that you have the correct
- You may need to generate and configure a Service Account security token by following these steps:
- Log on to https://login.salesforce.com/ using the Service
- Expand My Personal Information under Personal Setup in the left hand
- Click the Reset My Security Token
- Click the Reset Security Token button in the new screen. Your new security token is sent to you in an e-mail.
- Either append the security token to your password in the Admin screen or enter it in the Security Token field that conveniently keeps it separate from your password.
The security token is tied to the user password. When a password is changed, the old security token is invalidated and Salesforce sends a notification e-mail containing the new secu- rity token to the e-mail address for that account.
- To work without a security token, follow these steps:
- In Salesforce, go to Administration Setup _ Security Controls _ Network Access.
- In the Trusted IP Ranges, click New.
- Enter the IP address or range of IP addresses from which your system will be connecting to Salesforce. It may take some time, on the order of half an hour or so, for this to take effect.
-
(Optional) To select owners of the system, click the System Owner Add button. The Connected System Owner Search page displays:
-
Select the owners and then click the Select button. The system owner displays under the System Owner section:
Note: More than one user can be assigned as an owner.
To add additional system owners, click the Add button.
-
- On the Connected System Details page, click the Add button to save the configured connected system. The Object Category Association page displays a list of categories that are already associated and/or can be selected to add additional associations to this connected system:
Select one or more available object categories or provide search criteria and click the Search button to find specific categories to select. If there are no available categories to select, proceed to Step 7.
Click the Add Association button to associate the selected object categories to the connected system.
Click the Back button to return to the Connected System View page. The new connected system displays in the list.
See Copying, Modifying, and Deleting Connected Systems for additional information.
Studio
- Log in to the Workflow and Connectivity Studio and click Connectivity ► Add Systems on the menu bar. The Add Connected Systems window displays.
- Select the Salesforce CRM connected system from the Type drop-down list. The default values display:
-
Enter the desired information:
Definition Type Select the connected system type. Name The name for this connected system. Note: The name cannot be modified later. Display Name The display name of the new connected system. Description The description of the connected system. Supported Connectors Displays whether the connected system is Identity only, Provisioning only, or both. Only connectors that support Provisioning are available here. Associated With Select how the connector associated with this system will run: - Server (default) - Runs locally on the Provisioning/Identity Server.
- Global Identity Gateway - Runs remotely on a Global Identity Gateway cluster member. Note: Only GIG clusters that have at least one registered and enabled member will display in this list.
Password Reset By Enables administrators to configure password management functions normally available to Users and OBO (On Behalf Of) Users: - OBO User Only - Connected system and account association information is displayed only in Self-Service user management (for OBO Users). OBO Users can reset passwords for accounts on this connected system. Administrators can perform all user management functions for this connected system (e.g., enable/disable, validate, associate user, and password reset). End users will not see their accounts on this connected system in Self-Service and Kiosk; therefore, they cannot reset passwords for accounts on this connected system.
- Users and OBO User - Connected system and account association information is displayed in Self-Service password reset, Self-Service - Kiosk, and Self-Service user management. Self-Service users, Kiosk users, and OBO Users can reset passwords for accounts on this connected system. Administrators can perform all user management functions for this connected system (e.g., enable/disable, validate, associate user, and password reset).
- External - Connected system and account association information is not displayed in Self-Service password reset, Self-Service - Kiosk, and Self-Service user management. Self-Service users, Kiosk users, and OBO Users cannot reset passwords for accounts on this connected system.
Note: When user management configuration enables OBO Users to perform password resets, this definition must be set to OBO User Only or Users and OBO User. For connectors that support Provisioning only, there is no password reset capability.
Provisioning Option Select the provisioning option:
- Automated (default) - The connected system functions as a normal connected system; there are no restrictions.
- Administrative - The connected system cannot be used as an object in a workflow.
Enable HPAM Support Select to make the connected system HPAM enabled (default: cleared). Note: This can only be set for systems that support Identity. Enable Transfer of Accounts Select to make the connected system Accounts to be transferred.
Note: This can only be set for systems that support Identity.
Connection Information SalesForce Domain Name This is normally left blank and assumes www.Salesforce.com. The runtime libraries negotiate with the Salesforce domain you specify, using the Service Account Name, and determine the actual server to use. Under certain special circumstances, such as while developing workflows in the SandBox, you might be required to enter something such as sandbox.Salesforce.com or test.Salesforce.com.
Use Secure Connection Specifies SSL protection. This is required in a production environment, as both administrative and user passwords, including those of the service account are transmitted in plain text using the HTTP/SOAP protocol. When selected, no further action is normally required because the Salesforce certificate is trusted by most PKIs.
Note: This connector uses the Microsoft PKI and Java keystore to authenticate the Salesforce Server certificates. If the connector is running on a computer that is a member of the same domain as the Salesforce Server, and the domain controller has the Salesforce Certificate Services role, and that domain controller has signed the certificate of the Salesforce Server, then those certificates are automatically trusted. See the guide Configuring SSL for additional information about enabling SSL.
Allow HTTP Compression This causes GZIP compression of the payload in HTTP[S] transactions and responses.
Service Account Name The name of the administrative user account used to connect to the server.
Service Account Password The administrative user password. Service Account Security Token This is the security token for the Salesforce service account. Connection Timeout The maximum number of seconds to wait for the Web Service to
respond before the connection attempt times-out. 0 means no time out.
LogLevel Allows the amount of trace information for the connected system to be increased. - Click the Connect button to test the Connection Information:
- If successful, this message will display:
Connection from Studio to the connected system was established successfully.
- If unsuccessful, this message will display:
Failed to establish connection from Studio to the connected system.
Note: If the connection fails, additional messages may display providing more information regarding the failure.
-
Click the Apply button to apply changes. The Category Association window displays.
Select one or more object categories from the Available Categories list or enter a category name and click the Search button to find a specific category to select. If there are no available categories to select, proceed to Step 6.
Click the Add button to associate the selected object categories to the connected system.
Click OK to accept selected categories.
See Copying, Modifying, and Deleting Connected Systems for additional information.
Using the Connected System for Identity
Perform these procedures to configure the connector:
- Connector Details for Identity
- Identity Password Management
Connector Details for Identity
Field |
System Attribute |
Example Value |
---|---|---|
Login ID |
username |
BLANE |
Account ID |
username |
BLANE |
Identity Password Management
See User Management for details on password management.
Using the Connected System for Provisioning
Perform these procedures to configure the connector:
- Configuring for Export
- Configuring for Import
- Connector Details for Provisioning
Note: If the number of records to be processed exceeds one thousand, we recommend configuring the workflow to use bulk mode, which lowers the memory consumption of the system by streaming data to files. Because data is streamed for every task, performance of the workflow execution will be decreased due to increased read-write operations. See the Workflow and Connectivity Studio document for details on how to configure bulk mode.
Configuring for Export
Perform these procedures to configure the connector for data export:
- Configuring the Export Connector
- Configuring the Export Link
From the Workflow and Connectivity Studio, select the Salesforce CRM UserExport workflow listed under the projects folder.
If a workflow does not already exist, create an export workflow. See the Workflow and Connectivity Studio document for details on creating export workflows.
Configuring the Export Connector
- In the Design pane, double-click the export object (the first workflow object after the Start object). The Configure Data Source window displays:
-
From the Configure Plug-in tab, set these properties as required:
Associated Connected System Select the connected system from the list. The export operation will be done from this connected system. Data Formats Select the type of data format to use: Profiles (default) or ChangeLog. DeltaExportMode Select the type of attribute to export if a change takes place (this works in conjunction with ExportMode when DeltaExport is selected):
- OnlyChangedAttributes - Performs a partial export of only the changed attributes from the last time the query was
- ChangedAndMandatoryAttributes (default) - Performs a partial export of both changed and mandatory attributes from the last time the query was run. Mandatory attributes are exported whether they have been changed or
- AllAttributes - Performs a full export of all attributes that contain a
DynamicConnectedSystem Select the global variable to use as the dynamic connected system name. This works in conjunction with DynamicConnectedSystemOption when GlobalVariable is selected. DynamicConnectedSystemOption Select how to control Dynamic System Support (DSS): - None - There will not be any Dynamic System Support.
- Transaction-SystemName - The value of the Transaction-SystemName attribute in data will be used as the dynamic connected system. The connected system name must be passed as the value of the attribute Transaction-SystemName; if it is missing in data, the operation will fail.
- GlobalVariable - Select a global variable to use as the dynamic connected system name from the property DynamicConnectedSystem.
ExecuteGIGAssociatedTaskAsynchronously If this property is True, GIG associated tasks will execute asynchronously. ExportMode Select the type of data to export:
- FullExport - Exports all
- DeltaExport - Exports changed, mandatory, or all attributes, depending on the DeltaExportMode property
Filter Specify search criteria to determine the objects to be exported from the container specified in ExportDN. Use the Set Filter button that becomes active to create a filter. See "Set Filter" on page 34 for additional information. Set Filter
Element Description Attribute Select the attribute of the filter. This represents the attribute name for searching the Grouper directory.
Comparison Select the operator value for this filter.
Value Enter the required result value AND Condition List Creates an AND statement comparing selected conditions. If there is more than one condition in this list box, all conditions must be true. OR Condition List Creates an OR statement comparing selected conditions. If there is more than one condition in this list box, one of the conditions must be true.
Filter Syntax Displays the filter syntax used to retrieve entries from the LDAP directory and to build the export list. Edit Filter Manually Check this box to manually edit the filter in the Filter Syntax to build complex filters.
Using logical AND/OR, generate the complex filter to narrow the search result.
Click OK when complete to return to the Configure Data Source window.
-
(Optional)Select the Attributes tab. Only standard attributes display
-
Modify schema attributes using these buttons.
Description Add Adds additional attributes to the list. The Add New Attribute dialog displays. Export Exports the schema list to an XML file. Import Imports the schema list from an XML file. Reset Schema Resets the schema definition to the default schema prepackaged with the IdM Suite, plus any global variable added.
Reset Schema Resets the schema definition to the default schema prepackaged with the IdM Suite, plus any global variable added.
-
-
Click the Add button to display the Add New Attribute window:
Element Description Name Enter the name for this attribute. Type Select the Attribute Type. (SingleValued/MultiValued) Update Global Attribute List Check this box if you want this attribute to be available when selecting this connected system objectfor all future workflows. - (Optional) Select the Appearance tab to change how the Connected System object displays in the Design pane.
- Click OK to save any changes and return to the Workflow and Connectivity Studio window.
Configuring the Export Link
-
In the Design pane, double-click the export link between the export object (the first workflow object after the Start object) and the Data Mapper object. The Configure Link window displays:
-
From the Configure Plug-in tab, set these properties as required:
Description Source Attributes Select the attributes to export. Selected Attributes Displays default attributes and those attributes that have been selected from the Source Attributes.
Notes: The check boxes are used only for delta export operations. These checked attributes will always be exported whether they were changed or not. Usually, the attributes that are selected as mandatory attributes help in identifying or verifying an entry when completing mapping functions
Format Displays the Format Date window to specify a date/time format to be applied to the selected date type attribute, for example, whenChanged. During export, the attribute’s value is converted to the specified format. See the Format Date steps below for additional information.
Notes:
- The Format button is only enabled for date attributes.
- The Refresh Schema button on the Configure Data Source window’s Attributes tab must be used to refresh the schema and enable the Format button for date attributes.
Advanced Settings Displays the Configure Attributes window for configuring advanced settings for attributes. See the Configure Attributes window on page 39 for additional information.
-
- From the Attribute Selection tab, select attributes to export.
- (Optional) Click the Format button to specify a date/time format to be applied to the selected date type attribute. The Format Date window displays.
-
Select the Include Time check box to add the timestamp with the date.
- Select the 24 Hour or 12 Hour option button and then select the required date/time format.
-
Click OK to save the selected format. The Configure Link window displays.
-
Select the Include Time check box to add the timestamp with the date.
-
(Optional) Select the Appearance tab to change how the link displays in the Design pane.
- Click OK to save any changes and return to the Workflow and Connectivity Studio window.
- (Optional) To create scripts for advanced functionality, right-click the export link and select the export task properties. See the section ‘Success Scripts and Failure Scripts’ in the Workflow and Connectivity Studio document for specific details.
- Deploy the workflow by selecting Deploy ► New Deployment. See the Workflow and Connectivity Studio documentation for details of deployment options.
- Manage and run the deployed workflow from the Admin UI ► Server tab. See the Identity Suite Administration documentation for details.
Configuring for Import
Perform these procedures to configure the connector for data import:
Configuring the Import Connector
Configuring the Import Link
From the Workflow and Connectivity Studio, select the Salesforce CRM UserAdd, UserModify, or UserDelete workflow listed under the projects folder.
If a workflow does not already exist, create an import workflow. See the Workflow and Connectivity Studio documentation for details on creating import workflows.
Configuring the Import Connector
- In the Design pane, double-click the import object (the last workflow object). The Configure Data Source window displays:
-
From the Configure Plug-in tab, set these properties as required:
Associated Connected System Select the connected system from the list. The import operation will be done to this connected system. Data Formats Select the type of data format to use: User(default), Incident, Group or Role. CreateIfParentFolderDoesNotExist If this property is set to TRUE, parent folder will be created during group creation if it does not exists.
DynamicConnectedSystem
Select the global variable to use as the dynamic connected system name. This works in conjunction with DynamicConnectedSystemOption when GlobalVariable is selected.DynamicConnectedSystemOption
Select how to control Dynamic System Support (DSS):- None - There will not be any Dynamic System Support.
- Transaction-SystemName - The value of the Transaction-SystemName attribute in data will be used as the dynamic connected system. The connected system name must be passed as the value of the attribute Transaction-SystemName; if it is missing in data, the operation will fail.
- GlobalVariable - Select a global variable to use as the dynamic connected system name from the property DynamicConnectedSystem.
See the Dynamic System Support appendix in the Workflow and Connectivity Studio document for additional information.
ExecuteGIGAssociatedTaskAsynchronously If this property is True, GIG associated tasks will execute asynchronously. Id *
Enter the attribute that contains the value used to uniquely identify the user account user ID on the connected system.loginId *
Enter the attribute that contains the value used to uniquely identify the user account login ID on the connected system.Notes:
* Id and loginId are used by the Provisioning Policy and IdentityHub features to populate the ACCOUNT_ID and ACCOUNT_USERNAME columns of the FISC_USER_ACCOUNT table of the Product database. See the ‘Provisioning Policy’ and ‘Provisioning Using the IdentityHub’ chapters of the Identity Suite Administration Guide for details.
Hover the pointer over a property to view its description.
-
(Optional) Select the Attributes tab. Only standard attributes display:
Modify schema attributes with the buttons.
Description Add Adds additional attributes to the list. The Add New Attribute dialog displays. Export Exports the schema list to an XML file. Import Imports the schema list from an XML file. Reset Schema Resets the schema definition to the default schema prepackaged with the IdM Suite, plus any global variable added.
- (Optional) Select the Appearance tab to change how the Connected System object displays in the Design pane.
- Click OK to save any changes and return to the Workflow and Connectivity Studio window.
Configuring the Import Link
-
In the Design pane, double-click the import link between the Data Mapper object and the import object (the last workflow object). The Configure Link window displays:
Element Description Source Attributes Select the attributes to import. Check for attribute-level auditing. If auditing is enabled and these attributes below are checked, Provisioning will log all events for auditing purposes.
Selected Attributes Displays default attributes and those attributes that have been selected from the Source Attributes. Note: The default attributes are those that are commonly used to create a new user. Advanced Settings Displays the Configure Attributes window for configuring advanced settings for attributes. Under the Encrypted column, check the box of any attribute that needs to be encrypted.
Under the Diff With Target column, check the box of any attribute to update using differencing (DiffWithTarget, AddDiffWithTarget, and RemoveDiffWithTarget).Audit Key Select the attribute to associate with the Audit Key.
- From the Attribute Selection tab, select attributes to import.
- (Optional) Select the Appearance tab to change how the link displays in the Design pane.
- Click OK to save any changes and return to the Workflow and Connectivity Studio window.
- Deploy the workflow by selecting Deploy ► New Deployment. See the Workflow and Connectivity Studio for details of deployment options.
- Manage and run the deployed workflow from the Admin UI ► Server tab. See the Identity Suite Administration documentation for details.
Connector Details for Provisioning
Configuration import properties Id and loginId are used by the Provisioning Policy and IdentityHub features to populate the ACCOUNT_ID and ACCOUNT_USERNAME columns of the FISC_USER_ACCOUNT table of the Product database. See the 'Provisioning Policy' and 'Provisioning Using the IdentityHub' chapters of the Identity Suite Administration Guide for details.
This table shows the default attributes specified for these properties for the connected system:
Identity Property |
System Attribute |
---|---|
Id |
username |
loginId |
username |
Special Usage of Attributes
Id, Username
One of these two attributes must be specified for modify operations. Salesforce uses the Id to identify records for modification. However, this value is often not conveniently available. When Username is specified, the connector first does a search for the Username, retrieves the Id, and replaces the Username attribute with Id in the modification.
Original_Username (rename Operation)
This attribute is used in a modify operation when the Username (Login ID) attribute is to be changed. Either Id or Original_Username must be specified to identify the user to be renamed. When Original_Username is specified, the connector first does a search for the Original_Username, and retrieves the Id. The Id is then added to the modify request. The Username attribute specifies the new Username (Login ID) to be assigned to the user. Other attributes may also be modified at the same time.
isActive
This attribute is used for enabling and disabling user accounts in Identity, and in the Delete User scenario (among others) in Provisioning. In Salesforce, an inactive user account cannot log in to Salesforce, does not occupy a ‘seat’ (license count), and has restrictions on what attributes may be updated.
password
This attribute can be used in add and modify operations to specify the new value to be assigned to the user’s password. The User object does not have a password attribute, so the connector uses the SetPassword API call to set or change the password. When the connector creates a new user account, no e-mail notification is sent. However, when the password is changed, a notification letter is sent to the user’s e-mail address containing the new security token. The password cannot be modified while the account is inactive.
Supported Data Formats
This connector can provision these data formats (Salesforce object types):
- User - Represents a user in an See Complete List of Fields in the User Object for the data dictionary.
- UserRole - Represents a user role in an See Complete List of Fields in the UserRole Object for the data dictionary.
- Profile - Represents a profile, which defines a set of permissions to perform different operations, such as querying, adding, updating, or deleting information. See Complete List of Fields in the Profile Object for the data dictionary.
All Salesforce objects can be customized to match different organizations’ requirements. When custom objects and fields are added to a Salesforce object, the new attributes must be manually added to the connected system schema. See the sections Configuring the Export Connector and Configuring the Import Connector for information about adding attributes to the export and import connector configuration and making the schema change global.
Data Format: User
The User data format is used to query information about users and to provision and modify users in an organization. The records in the User table represent actual users.
This is the usage of the User object:
- Disabling users: You cannot delete users in the Salesforce user interface or the AppExchange Web Service. To disable a user, deactivate that user in the Salesforce user interface.
- Deleting users: User records are never deleted. But you can mark them not active, change the Login ID (making the Login ID re-assignable), and change the e-mail To effectively delete joe@example.com, change the Login ID to joe@example.com.deleted (for example), and mark it inactive. If desired, it can be renamed back, or to some other Login ID and/or marked active at a later time.
- Passwords: For security reasons, you cannot query users' passwords via the AppExchange Web Service or the Salesforce user interface. However, the AppExchange Web Service allows you to set and reset users' This connector supports setting a user’s password by assigning a value to the password attribute.
Complete List of Fields in the User Object
Field |
Field Type |
Description |
Alias |
string |
The user's alias, for example, jsmith. |
City |
string |
The city associated with the user. |
CompanyName |
string |
The name of the user's company. |
Country |
string |
The country associated with the user. |
CreatedById |
reference |
The ID of the user who created this object (read-only). |
CreatedDate |
dateTime |
The date and time when this object was created (read-only). |
Department |
string |
The company department associated with the user. |
Division |
string |
The user's working division. Only applicable if divisions are enabled for your organization. |
The user's e-mail address. |
||
EmailEncodingKey |
picklist |
The e-mail encoding for the user, such as ISO-8859-1 or UTF- 8. |
EmployeeNumber |
string |
The user's employee number. |
Fax |
phone |
The user's fax number. |
FirstName |
string |
The user's first name. |
ForecastEnabled |
boolean |
Indicates whether the user is enabled as a forecast user (True) or not (False) in customizable forecasting. Forecast users see forecast rollups from users below them in the forecast hierarchy. |
Id |
ID |
Globally unique string that identifies a particular record (read- only). |
IsActive |
boolean |
Indicates whether the user has access to log in (True) or not (False). You can modify a user's active status from the Salesforce user interface or via the API. |
LanguageLocaleKey |
picklist |
The user's language, such as French or Chinese (Traditional). |
LastLoginDate |
dateTime |
The date and time when the user last logged in. |
LastModifiedById |
reference |
The ID of the user who last updated this object (read-only). |
LastModifiedDate |
dateTime |
The date and time when this object was last modified by a user (read-only). |
LastName |
string |
The user's last name. |
LocaleSidKey |
picklist |
This is a restricted picklist field. This value affects formatting and parsing of values, especially numeric values, in the user interface. It does not affect the API. The values are named according to the language, and country if necessary, using two-letter ISO codes. The set of names is based on the ISO standard. It can often be more convenient to manually set a user's locale in the user interface, and then use that value for inserting or updating other users via the API. |
MobilePhone |
phone |
The user's mobile or cellular phone number. |
OfflinePdaTrialExpirationDate |
dateTime |
The date and time when the user's Offline Edition trial expires. |
OfflineTrialExpirationDate |
dateTime |
The date and time when the user's Sales Anywhere trial expires. Sales Anywhere was formerly known as Offline PDA Edition. |
Phone |
phone |
The user's phone number. |
Postal Code |
string |
The user's postal or ZIP code. |
ProfileId |
reference |
The ID of the user's profile. |
ReceivesAdminInfoEmails |
boolean |
Indicates whether the user receives e-mail for administrators from salesforce.com (True) or not (False). |
ReceiveInfoEmails |
boolean |
Indicates whether the user receives informational e-mail from salesforce.com (True) or not (False). |
State |
string |
The state associated with the user. |
Street |
textarea |
The street address associated with the user. |
SystemModstamp |
dateTime |
The date and time when this record was last modified by a user or by a workflow process, such as a trigger (read-only). |
TimeZoneSidKey |
picklist |
This is a restricted picklist field. A user's time zone affects the offset used when displaying or entering times in the user interface. However, the API does not use a user's time zone when querying or setting values. This field’s values are named using region and key city, according to ISO standards. It can often be more convenient to manually set a user's time zone in the user interface, and then use that value for inserting or updating other users via the API. |
Title |
string |
The user's business title, such as Vice President. |
Username |
string |
This contains the name that a user enters to log in to the API or the Salesforce user interface. This must be in the form of an e-mail address. It must also be unique across all Salesforce instances. If you try to create or update a user with a duplicate Username, the operation is rejected. Each inserted user also counts as a license in Salesforce. Every organization has a maximum number of licenses. If you attempt to exceed the maximum number of licenses by inserting users, the create call is rejected. |
UserPermissionsMarketingUser |
boolean |
Indicates whether the user is enabled to manage campaigns in the online application (True) or not (False). |
UserPermissionsOfflineUser |
boolean |
Indicates whether the user is enabled to use Offline Edition (True) or not (False). |
UserRoleId |
reference |
The ID of the user's UserRole. |
User’s Fields and Operations Supported
Field |
Field Type |
Multi-valued |
Required |
Search |
Create |
Modify |
Alias |
string |
N |
Y |
Y |
Y |
Y |
City |
string |
N |
N |
Y |
Y |
Y |
CompanyName |
string |
N |
N |
Y |
Y |
Y |
Country |
string |
N |
N |
Y |
Y |
Y |
CreatedById |
reference |
N |
Y |
Y |
N |
N |
CreatedDate |
dateTime |
N |
Y |
Y |
N |
N |
Department |
string |
N |
N |
Y |
Y |
Y |
Division |
string |
N |
N |
Y |
Y |
Y |
N |
Y |
Y |
Y |
Y |
||
EmailEncodingKey |
picklist |
N |
Y |
Y |
Y |
Y |
EmployeeNumber |
string |
N |
N |
Y |
Y |
Y |
Fax |
phone |
N |
N |
Y |
Y |
Y |
FirstName |
string |
N |
N |
Y |
Y |
Y |
ForecastEnabled |
boolean |
N |
Y |
Y |
Y |
Y |
Id |
ID |
N |
N |
Y |
N |
N |
IsActive |
boolean |
N |
Y |
Y |
Y |
Y |
LanguageLocaleKey |
picklist |
N |
Y |
Y |
Y |
Y |
LastLoginDate |
dateTime |
N |
N |
Y |
N |
N |
LastModifiedById |
reference |
N |
Y |
Y |
N |
N |
LastModifiedDate |
dateTime |
N |
Y |
Y |
N |
N |
LastName |
string |
N |
Y |
Y |
Y |
Y |
LocaleSidKey |
picklist |
N |
Y |
Y |
Y |
Y |
MobilePhone |
phone |
N |
N |
Y |
Y |
Y |
OfflinePdaTrialExpirationDate |
dateTime |
N |
N |
Y |
N |
N |
OfflineTrialExpirationDate |
dateTime |
N |
N |
Y |
N |
N |
Phone |
phone |
N |
N |
Y |
Y |
Y |
Postal Code |
string |
N |
N |
Y |
Y |
Y |
ProfileId |
reference |
N |
Y |
Y |
Y |
Y |
ReceivesAdminInfoEmails |
boolean |
N |
Y |
Y |
Y |
Y |
ReceiveInfoEmails |
boolean |
N |
Y |
Y |
Y |
Y |
State |
string |
N |
N |
Y |
Y |
Y |
Street |
textarea |
N |
N |
Y |
Y |
Y |
SystemModstamp |
dateTime |
N |
Y |
Y |
N |
N |
TimeZoneSidKey |
picklist |
N |
Y |
Y |
Y |
Y |
Title |
string |
N |
N |
Y |
Y |
Y |
Username |
string |
N |
Y |
Y |
Y |
Y |
UserPermissionsMarketingUser |
boolean |
N |
Y |
Y |
Y |
Y |
UserPermissionsOfflineUser |
boolean |
N |
Y |
Y |
Y |
Y |
UserRoleId |
reference |
N |
N |
Y |
Y |
Y |
The tables below list values for the fields of picklist type in the User object. These four picklist fields are required when creating a new user.
TimeZoneSidKey Values
Value |
Label |
Is Default |
Pacific/Kiritimati |
(GMT+14:00) Line Is. Time (Pacific/Kiritimati) |
false |
Pacific/Enderbury |
(GMT+13:00) Phoenix Is. Time (Pacific/Enderbury) |
false |
Pacific/Tongatapu |
(GMT+13:00) Tonga Time (Pacific/Tongatapu) |
false |
Pacific/Chatham |
(GMT+12:45) Chatham Standard Time (Pacific/Chatham) |
false |
Asia/Kamchatka |
(GMT+12:00) Petropavlovsk-Kamchatski Summer Time (Asia/ Kamchatka) |
false |
Pacific/Auckland |
(GMT+12:00) New Zealand Standard Time (Pacific/Auckland) |
false |
Pacific/Fiji |
(GMT+12:00) Fiji Time (Pacific/Fiji) |
false |
Pacific/Norfolk |
(GMT+11:30) Norfolk Time (Pacific/Norfolk) |
false |
Pacific/Guadalcanal |
(GMT+11:00) Solomon Is. Time (Pacific/Guadalcanal) |
false |
Australia/Lord_Howe |
(GMT+10:30) Load Howe Standard Time (Australia/Lord_Howe) |
false |
Australia/Brisbane |
(GMT+10:00) Eastern Standard Time (Queensland) |
false |
Australia/Sydney |
(GMT+10:00) Eastern Standard Time (New South Wales) |
false |
Australia/Adelaide |
(GMT+09:30) Central Standard Time (South Australia) |
false |
Australia/Darwin |
(GMT+09:30) Central Standard Time (Northern Territory) |
false |
Asia/Seoul |
(GMT+09:00) Korea Standard Time (Asia/Seoul) |
false |
Asia/Tokyo |
(GMT+09:00) Japan Standard Time (Asia/Tokyo) |
false |
Asia/Hong_Kong |
(GMT+08:00) Hong Kong Time (Asia/Hong_Kong) |
false |
Asia/Kuala_Lumpur |
(GMT+08:00) Malaysia Time (Asia/Kuala_Lumpur) |
false |
Asia/Manila |
(GMT+08:00) Philippines Time (Asia/Manila) |
false |
Asia/Shanghai |
(GMT+08:00) China Standard Time (Asia/Shanghai) |
false |
Asia/Singapore |
(GMT+08:00) Singapore Time (Asia/Singapore) |
false |
Asia/Taipei |
(GMT+08:00) China Standard Time (Asia/Taipei) |
false |
Australia/Perth |
(GMT+08:00) Western Standard Time (Australia) |
false |
Asia/Bangkok |
(GMT+07:00) Indochina Time (Asia/Bangkok) |
false |
Asia/Jakarta |
(GMT+07:00) West Indonesia Time (Asia/Jakarta) |
false |
Asia/Saigon |
(GMT+07:00) Indochina Time (Asia/Saigon) |
false |
Asia/Rangoon |
(GMT+06:30) Myanmar Time (Asia/Rangoon) |
false |
Asia/Colombo |
(GMT+06:00) Sri Lanka Time (Asia/Colombo) |
false |
Asia/Dacca |
(GMT+06:00) Bangladesh Time (Asia/Dacca) |
false |
Asia/Katmandu |
(GMT+05:45) Nepal Time (Asia/Katmandu) |
false |
Asia/Calcutta |
(GMT+05:30) India Standard Time (Asia/Calcutta) |
false |
Asia/Karachi |
(GMT+05:00) Pakistan Time (Asia/Karachi) |
false |
Asia/Tashkent |
(GMT+05:00) Uzbekistan Time (Asia/Tashkent) |
false |
Asia/Yekaterinburg |
(GMT+05:00) Yekaterinburg Summer Time (Asia/Yekaterinburg) |
false |
Asia/Kabul |
(GMT+04:30) Afghanistan Time (Asia/Kabul) |
false |
Asia/Dubai |
(GMT+04:00) Gulf Standard Time (Asia/Dubai) |
false |
Asia/Tehran |
(GMT+03:30) Iran Daylight Time (Asia/Tehran) |
false |
Africa/Nairobi |
(GMT+03:00) Eastern African Time (Africa/Nairobi) |
false |
Asia/Baghdad |
(GMT+03:00) Arabia Daylight Time (Asia/Baghdad) |
false |
Asia/Kuwait |
(GMT+03:00) Arabia Standard Time (Asia/Kuwait) |
false |
Asia/Riyadh |
(GMT+03:00) Arabia Standard Time (Asia/Riyadh) |
false |
Asia/Tbilisi |
(GMT+03:00) Georgia Summer Time (Asia/Tbilisi) |
false |
Europe/Moscow |
(GMT+03:00) Moscow Daylight Time (Europe/Moscow) |
false |
Africa/Cairo |
(GMT+02:00) Eastern European Summer Time (Africa/Cairo) |
false |
Africa/Johannesburg |
(GMT+02:00) South Africa Standard Time (Africa/Johannesburg) |
false |
Asia/Jerusalem |
(GMT+02:00) Israel Daylight Time (Asia/Jerusalem) |
false |
Europe/Athens |
(GMT+02:00) Eastern European Summer Time (Europe/Athens) |
false |
Europe/Bucharest |
(GMT+02:00) Eastern European Summer Time (Europe/Bucharest) |
false |
Europe/Helsinki |
(GMT+02:00) Eastern European Summer Time (Europe/Helsinki) |
false |
Europe/Istanbul |
(GMT+02:00) Eastern European Summer Time (Europe/Istanbul) |
false |
Europe/Minsk |
(GMT+02:00) Eastern European Summer Time (Europe/Minsk) |
false |
Europe/Amsterdam |
(GMT+01:00) Central European Summer Time (Europe/Amsterdam) |
false |
Europe/Berlin |
(GMT+01:00) Central European Summer Time (Europe/Berlin) |
false |
Europe/Brussels |
(GMT+01:00) Central European Summer Time (Europe/Brussels) |
false |
Europe/Paris |
(GMT+01:00) Central European Summer Time (Europe/Paris) |
false |
Europe/Prague |
(GMT+01:00) Central European Summer Time (Europe/Prague) |
false |
Europe/Rome |
(GMT+01:00) Central European Summer Time (Europe/Rome) |
false |
Europe/Dublin |
(GMT+00:00) Irish Summer Time (Europe/Dublin) |
false |
Europe/Lisbon |
(GMT+00:00) Western European Summer Time (Europe/Lisbon) |
false |
Europe/London |
(GMT+00:00) British Summer Time (Europe/London) |
false |
GMT |
(GMT+00:00) Greenwich Mean Time (GMT) |
false |
Atlantic/Cape_Verde |
(GMT-01:00) Cape Verde Time (Atlantic/Cape_Verde) |
false |
Atlantic/South_Georgia |
(GMT-02:00) South Georgia Standard Time (Atlantic/South_Georgia) |
false |
America/Buenos_Aires |
(GMT-03:00) Argentine Time (America/Buenos_Aires) |
false |
America/Sao_Paulo |
(GMT-03:00) Brasilia Time (America/Sao_Paulo) |
false |
America/St_Johns |
(GMT-03:30) Newfoundland Daylight Time (America/St_Johns) |
false |
America/Caracas |
(GMT-04:00) Venezuela Time (America/Caracas) |
false |
America/Halifax |
(GMT-04:00) Atlantic Daylight Time (America/Halifax) |
false |
America/Puerto_Rico |
(GMT-04:00) Atlantic Standard Time (America/Puerto_Rico) |
false |
Atlantic/Bermuda |
(GMT-04:00) Atlantic Daylight Time (Atlantic/Bermuda) |
false |
America/Bogota |
(GMT-05:00) Colombia Time (America/Bogota) |
false |
America/Indianapolis |
(GMT-05:00) Eastern Daylight Time (America/Indianapolis) |
false |
America/Lima |
(GMT-05:00) Peru Time (America/Lima) |
false |
America/New_York |
(GMT-05:00) Eastern Daylight Time (America/New_York) |
false |
America/Panama |
(GMT-05:00) Eastern Standard Time (America/Panama) |
false |
America/Chicago |
(GMT-06:00) Central Daylight Time (America/Chicago) |
false |
America/Mexico_City |
(GMT-06:00) Central Daylight Time (America/Mexico_City) |
false |
America/Denver |
(GMT-07:00) Mountain Daylight Time (America/Denver) |
false |
America/Phoenix |
(GMT-07:00) Mountain Standard Time (America/Phoenix) |
false |
America/Los_Angeles |
(GMT-08:00) Pacific Daylight Time (America/Los_Angeles) |
false |
America/Tijuana |
(GMT-08:00) Pacific Daylight Time (America/Tijuana) |
false |
America/Anchorage |
(GMT-09:00) Alaska Daylight Time (America/Anchorage) |
false |
Pacific/Honolulu |
(GMT-10:00) Hawaii Standard Time (Pacific/Honolulu) |
false |
Pacific/Niue |
(GMT-11:00) Niue Time (Pacific/Niue) |
false |
Pacific/Pago_Pago |
(GMT-11:00) Samoa Standard Time (Pacific/Pago_Pago) |
false |
LocaleSidKey Values
Value |
Label |
Is Default |
ar |
Arabic |
false |
ca |
Catalan |
false |
ca_ES_EURO |
Catalan (Spain, Euro) |
false |
ca_ES |
Catalan (Spain) |
false |
zh |
Chinese |
false |
zh_CN |
Chinese (China) |
false |
zh_HK |
Chinese (Hong Kong) |
false |
zh_TW |
Chinese (Taiwan) |
false |
cs_CZ |
Czech (Czech Republic) |
false |
da_DK |
Danish (Denmark) |
false |
nl_BE |
Dutch (Belgium) |
false |
nl_NL |
Dutch (Netherlands) |
false |
en_AU |
English (Australia) |
false |
en_CA |
English (Canada) |
false |
en_IE_EURO |
English (Ireland, Euro) |
false |
en_IE |
English (Ireland) |
false |
en_NZ |
English (New Zealand) |
false |
en_ZA |
English (South Africa) |
false |
en_GB |
English (United Kingdom) |
false |
en_US |
English (United States) |
false |
fi_FI_EURO |
Finnish (Finland, Euro) |
false |
fi_FI |
Finnish (Finland) |
false |
fr |
French |
false |
fr_BE |
French (Belgium) |
false |
fr_CA |
French (Canada) |
false |
fr_FR_EURO |
French (France, Euro) |
false |
fr_FR |
French (France) |
false |
fr_LU |
French (Luxembourg) |
false |
fr_CH |
French (Switzerland) |
false |
de |
German |
false |
de_AT_EURO |
German (Austria, Euro) |
false |
de_AT |
German (Austria) |
false |
de_DE_EURO |
German (Germany, Euro) |
false |
de_DE |
German (Germany) |
false |
de_LU_EURO |
German (Luxembourg, Euro) |
false |
de_LU |
German (Luxembourg) |
false |
de_CH |
German (Switzerland) |
false |
el_GR |
Greek (Greece) |
false |
iw |
Hebrew |
false |
it |
Italian |
false |
it_IT |
Italian (Italy) |
false |
it_CH |
Italian (Switzerland) |
false |
ja |
Japanese |
false |
ja_JP |
Japanese (Japan) |
false |
ko |
Korean |
false |
ko_KR |
Korean (South Korea) |
false |
no |
Norwegian |
false |
no_NO |
Norwegian (Norway) |
false |
pl |
Polish |
false |
pt |
Portuguese |
false |
pt_BR |
Portuguese (Brazil) |
false |
pt_PT |
Portuguese (Portugal) |
false |
ru |
Russian |
false |
es |
Spanish |
false |
es_AR |
Spanish (Argentina) |
false |
es_CO |
Spanish (Colombia) |
false |
es_MX |
Spanish (Mexico) |
false |
es_ES_EURO |
Spanish (Spain, Euro) |
false |
es_ES |
Spanish (Spain) |
false |
es_VE |
Spanish (Venezuela) |
false |
sv |
Swedish |
false |
sv_SE |
Swedish (Sweden) |
false |
th |
Thai |
false |
tr |
Turkish |
false |
EmailEncodingKey Values
Value |
Label |
Is Default |
UTF-8 |
Unicode (UTF-8) |
false |
ISO-8859-1 |
General US & Western Europe (ISO-8859-1, ISO-LATIN-1) |
false |
Shift_JIS |
Japanese (Shift-JIS) |
false |
ISO-2022-JP |
Japanese (JIS) |
false |
EUC-JP |
Japanese (EUC) |
false |
ks_c_5601-1987 |
Korean (ks_c_5601-1987) |
false |
Big5 |
Traditional Chinese (Big5) |
false |
GB2312 |
Simplified Chinese (GB2312) |
false |
LanguageLocaleKey Values
Value |
Label |
Is Default |
en_US |
English |
false |
de |
German |
false |
es |
Spanish |
false |
fr |
French |
false |
it |
Italian |
false |
ja |
Japanese |
false |
sv |
Swedish |
false |
ko |
Korean |
false |
zh_TW |
Chinese (Traditional) |
false |
zh_CN |
Chinese (Simplified) |
false |
pt_BR |
Portuguese (Brazilian) |
false |
nl_NL |
Dutch |
false |
Data Format: UserRole
The UserRole object is used to query the set of currently configured user roles in an organization. It can be used in the client application to obtain valid UserRole IDs to use when querying or modifying a User.
Complete List of Fields in the UserRole Object
Field |
Field Type |
Description |
CaseAccessForAccountOwner |
picklist |
Picklist values: None, Read, Edit. Case Access Level for Account Owner. This controls the level of visibility that users have to cases that they do not own that are associated with accounts they do own. This is not visible if your organization’s sharing model is Public Read/ Write. |
ForecastUserId |
reference |
|
Id |
ID |
Globally unique string that identifies a particular record (read-only). |
LastModifiedById |
reference |
The ID of the user who last updated this object (read- only). |
LastModifiedDate |
dateTime |
The date and time when this object was last modified by a user (read-only). |
Name |
string |
The Role name. |
OpportunityAccessForAccountOwner |
picklist |
Picklist values: None, Read, Edit. Opportunity Access Level for Account Owner. This controls the level of visibility that users have to opportunities that they do not own that are associated with accounts they do own. This is not visible if your organization’s sharing model is Public Read/Write. |
ParentRoleId |
reference |
The parent role ID. |
RollupDescription |
string |
The description. |
SystemModstamp |
dateTime |
The date and time when this record was last modified by a user or by a workflow process, such as a trigger (read- only). |
UserRole’s Fields and Operations Supported
Field |
Field Type |
Multi-valued |
Required |
Search |
Create |
Modify |
CaseAccessForAccountOwner |
picklist |
N |
N |
Y |
N |
N |
ForecastUserId |
reference |
N |
N |
Y |
N |
N |
Id |
ID |
N |
N |
Y |
N |
N |
LastModifiedById |
reference |
N |
N |
Y |
N |
N |
LastModifiedDate |
dateTime |
N |
N |
Y |
N |
N |
Name |
string |
N |
N |
Y |
N |
N |
OpportunityAccessForAccountOwner |
picklist |
N |
N |
Y |
N |
N |
ParentRoleId |
reference |
N |
N |
Y |
N |
N |
RollupDescription |
string |
N |
N |
Y |
N |
N |
SystemModstamp |
dateTime |
N |
N |
Y |
N |
N |
Data Format: Profile
The Profile object is used to query the set of currently configured user profiles in an organization. The client application can use Profile objects to obtain valid profile IDs for use when querying or modifying users through the API.
Complete List of Fields in the Profile Object
Field |
Field Type |
Description |
CreatedById |
reference |
The ID of the user who created this object (read-only). |
CreatedDate |
dateTime |
The date and time when this object was created (read- only). |
Description |
string |
The description. |
Id |
ID |
Globally unique string that identifies a particular record. Read-only. |
LastModifiedById |
reference |
The ID of the user who last updated this object (read- only). |
LastModifiedDate |
dateTime |
The date and time when this object was last modified by a user (read-only). |
Name |
string |
The profile name. |
PermissionsApiUserOnly |
boolean |
Api User Only. |
PermissionsConvertLeads |
boolean |
Convert Leads. |
PermissionsCreateMultiforce |
boolean |
Create Multiforce. |
PermissionsCustomizeApplication |
boolean |
Customize Application. |
PermissionsEditActivatedOrders |
boolean |
Edit Activated Orders. |
PermissionsEditEvent |
boolean |
Edit event. |
PermissionsEditForecast |
boolean |
Edit forecasts. |
PermissionsEditOppLineItemUnitPrice |
boolean |
Edit Opp Line Item Unit Price. |
PermissionsEditPublicDocuments |
boolean |
Manage Public Documents. |
PermissionsEditReadonlyFields |
boolean |
Edit Read Only Fields. |
PermissionsEditTask |
boolean |
Edit task. |
PermissionsImportLeads |
boolean |
Import Leads. |
PermissionsInstallMultiforce |
boolean |
Install Multiforce. |
PermissionsManageCases |
boolean |
Manage cases. |
PermissionsManageCategories |
boolean |
Manage Categories. |
PermissionsManageCssUsers |
boolean |
Edit Self-Service Users. |
PermissionsManageDashboards |
boolean |
Manage Dashboards. |
PermissionsManageLeads |
boolean |
Manage Leads. |
PermissionsManageSelfService |
boolean |
Manage Self-Service Portal. |
PermissionsManageSolutions |
boolean |
Review and Publish Solutions. |
PermissionsManageTerritories |
boolean |
Manage Territories. |
PermissionsManageUsers |
boolean |
Manage users. |
PermissionsModifyAllData |
boolean |
Modify all data. |
PermissionsPasswordNeverExpires |
boolean |
Password Never Expires. |
PermissionsPublishMultiforce |
boolean |
Publish Multiforce. |
PermissionsRunReports |
boolean |
Run Reports. |
PermissionsSendSitRequests |
boolean |
Send Sit Requests. |
PermissionsTransferAnyEntity |
boolean |
Transfer Record. |
PermissionsTransferAnyLead |
boolean |
Transfer Leads. |
PermissionsUseTeamReassignWizards |
boolean |
Use Team Reassign Wizards. |
PermissionsViewAgentConsole |
boolean |
|
PermissionsViewAllData |
boolean |
View All Data. |
PermissionsViewSetup |
boolean |
View Setup and Configuration. |
SystemModstamp |
dateTime |
The date and time when this record was last modified by a user or by a workflow process (such as a trigger). Read-only. |
Profile’s Fields and Operations Supported
Field |
Field Type |
Multi- valued |
Required |
Search |
Create |
Modify |
CreatedById |
reference |
N |
N |
Y |
N |
N |
CreatedDate |
dateTime |
N |
N |
Y |
N |
N |
Description |
string |
N |
N |
Y |
N |
N |
Id |
ID |
N |
N |
Y |
N |
N |
LastModifiedById |
reference |
N |
N |
Y |
N |
N |
LastModifiedDate |
dateTime |
N |
N |
Y |
N |
N |
Name |
string |
N |
N |
Y |
N |
N |
PermissionsApiUserOnly |
boolean |
N |
N |
Y |
N |
N |
PermissionsConvertLeads |
boolean |
N |
N |
Y |
N |
N |
PermissionsCreateMultiforce |
boolean |
N |
N |
Y |
N |
N |
PermissionsCustomizeApplication |
boolean |
N |
N |
Y |
N |
N |
PermissionsEditActivatedOrders |
boolean |
N |
N |
Y |
N |
N |
PermissionsEditEvent |
boolean |
N |
N |
Y |
N |
N |
PermissionsEditForecast |
boolean |
N |
N |
Y |
N |
N |
PermissionsEditOppLineItemUnitPrice |
boolean |
N |
N |
Y |
N |
N |
PermissionsEditPublicDocuments |
boolean |
N |
N |
Y |
N |
N |
PermissionsEditReadonlyFields |
boolean |
N |
N |
Y |
N |
N |
PermissionsEditTask |
boolean |
N |
N |
Y |
N |
N |
PermissionsImportLeads |
boolean |
N |
N |
Y |
N |
N |
PermissionsInstallMultiforce |
boolean |
N |
N |
Y |
N |
N |
PermissionsManageCases |
boolean |
N |
N |
Y |
N |
N |
PermissionsManageCategories |
boolean |
N |
N |
Y |
N |
N |
PermissionsManageCssUsers |
boolean |
N |
N |
Y |
N |
N |
PermissionsManageDashboards |
boolean |
N |
N |
Y |
N |
N |
PermissionsManageLeads |
boolean |
N |
N |
Y |
N |
N |
PermissionsManageSelfService |
boolean |
N |
N |
Y |
N |
N |
PermissionsManageSolutions |
boolean |
N |
N |
Y |
N |
N |
PermissionsManageTerritories |
boolean |
N |
N |
Y |
N |
N |
PermissionsManageUsers |
boolean |
N |
N |
Y |
N |
N |
PermissionsModifyAllData |
boolean |
N |
N |
Y |
N |
N |
PermissionsPasswordNeverExpires |
boolean |
N |
N |
Y |
N |
N |
PermissionsPublishMultiforce |
boolean |
N |
N |
Y |
N |
N |
PermissionsRunReports |
boolean |
N |
N |
Y |
N |
N |
PermissionsSendSitRequests |
boolean |
N |
N |
Y |
N |
N |
PermissionsTransferAnyEntity |
boolean |
N |
N |
Y |
N |
N |
PermissionsTransferAnyLead |
boolean |
N |
N |
Y |
N |
N |
PermissionsUseTeamReassignWizards |
boolean |
N |
N |
Y |
N |
N |
PermissionsViewAgentConsole |
boolean |
N |
N |
Y |
N |
N |
PermissionsViewAllData |
boolean |
N |
N |
Y |
N |
N |
PermissionsViewSetup |
boolean |
N |
N |
Y |
N |
N |
SystemModstamp |
dateTime |
N |
N |
Y |
N |
N |
Delete User Scenario
User records are never deleted. But you can mark them not active (which decrements the ‘seat’ or license usage count), change the Login ID (making the Login ID re-assignable), and you can change the e-mail address (to affect e-mail forwarding). To effectively delete joe@example.com, change the Login ID to joe@example.com.deleted (for example), mark it inactive, and forward the e-mail to an administrator. If desired, it can be renamed back, or to some other Login ID and/or marked active at a later time.
This scenario is a three-step process because human intervention is required to accept the e-mail address change.
When this account is terminated, the Salesforce account is disabled, the login name changed to indicate both deleted and the original owner, and the e-mail changed to forward the user’s e-mail to a “dead letter office”. Note that an e-mail is sent to the e-mail address, which must be responded to in order to complete the mailbox change.
Example Delete User import datasets:
- The Login ID is changed, the password is set to a random value to make the account unusable, and the e-mail is changed to the “dead letter office”:
<?xml version="1.0" ?>
<root>
<entry changetype="modify" modifytype="replace" >
<Original_Username>GoneUser@example.com</Original_Username>
<Username>GoneUser@example.com.gone</Username>
<password>1ih34189u</password>
<Email>DeadLetters@example.com</Email>
</entry>
</root>
- The administrator at DeadLetters@example.com must receive the authorization e-mail, click the enclosed link, and then initiate the third
- The account is marked inactive:
<?xml version="1.0" ?>
<root>
<entry changetype="modify" modifytype="replace" >
<Username>GoneUser@example.com.gone</Username>
<IsActive>false</IsActive>
</entry>
</root>
Restore User Scenario
This scenario is the reverse of the Delete User scenario, except that it can take place in a single step. The original values of the user's attributes are restored, and the Login ID and e-mail address are put back into service. Because the notification e-mail is sent to the new e-mail address, it falls upon the user being assigned the account to complete the process.
No e-mail notification is sent about the password by Salesforce. It is the responsibility of the user account administrator to coordinate the new Salesforce account password with the user.
Example Restore User import dataset:
<?xml version="1.0" ?>
<root>
<entry changetype="modify" modifytype="replace" >
<Original_Username>GoneUser@example.com.gone</Original_Username>
<Username>GoneUser@example.com</Username>
<IsActive>true</IsActive>
<Email>GoneUser@example.com</Email>
<password>something</password>
</root>
Troubleshooting
Setting the connected system property LogLevel to Debug causes trace information to be written to the log, which may be helpful.
INVALID_LOGIN: Invalid username or password or locked out
This error may occur when there are policy restrictions in place that prevent this account from using the API from this IP address.
Recommended Procedure
Obtain and apply a security token.
LOGIN_MUST_USE_SECURITY_TOKEN: Invalid username, password, security token; or user locked out
This error may occur when there are policy restrictions in place that prevent this account from using the API from this IP address.
Recommended Procedure
Obtain and apply a security token.
Known Issues
‘%’ in Export Filter Specification
The ‘%’ character is a wild card in SOQL and is used in the Starts With, Ends With, and Contains specifications. When entered in the text to be used in the filter, the filter malfunctions. There may be other special characters that do not operate as expected.
Changing an E-mail Address
When the Email attribute is changed, the change does not take place immediately. Instead, Salesforce sends a notification e-mail to the old e-mail address, and one to the new e-mail address, which contains an activation link. The recipient at the new e-mail address must click the enclosed link for the address change to take place.
Security Token
When the password attribute is changed, the security token is regenerated to correspond to the new password. Salesforce sends a notification e-mail to the Email address containing the new security token.