Target
Customers who meet the following conditions are eligible:
- Using HENNGE One Pro or HENNGE One IdP Pro plan.
- Using HENNGE Access Control and Salesforce for SSO integration.
Purpose
Set up user provisioning between HENNGE Access Control and Salesforce.
By configuring this, you can synchronize user information from HENNGE Access Control to Salesforce.
Notes
- This article is based on product specifications as of July 2024 and is subject to change without notice.
- Actual screen verification and setting changes require administrator privileges in HENNGE Access Control.
- To use this feature, a plan with access to the Web Services API in Salesforce (such as Enterprise plan) is required.
- While implementing single sign-on integration with Salesforce is not mandatory, if not done, passwords for users created through the user provisioning feature must be separately set in Salesforce.
- When users are created or updated in Salesforce, they will become active users up to the number of licenses that can be granted, with any shortfall becoming inactive users. Active users can be confirmed from the logs.
- Users deleted in HENNGE Access Control after creation will be updated to inactive status in Salesforce. The users in Salesforce will not be deleted.
- If you change the value set in Salesforce's Username and synchronize users in HENNGE Access Control, a new user will be created in Salesforce. The user before the value update will become inactive in Salesforce.
Procedure
Preparation
If you have not set up single sign-on for Salesforce in [Connected Services] in HENNGE Access Control, please do so in advance.
Users who have been granted access to the relevant Connected Service will be subject to provisioning. Adjust permissions as needed.
Edit User Information
Edit Access Policy Groups
When synchronizing newly created users in HENNGE Access Control, even if a user with the same information exists in Salesforce, the values in HENNGE Access Control will overwrite the user's information.
Default Attribute Mapping
If you do not configure attribute mapping, please refer to the table below for the items to be synchronized.
|
Salesforce |
HENNGE Access Control |
Description |
|
|
User Name |
|
Email Address |
This value set in this field uniquely identifies the user. |
|
Alias |
Username |
User Name |
The [Alias] field in Salesforce can be set up to 8 characters. |
|
Family Name |
Family Name |
Family Name |
|
|
Given Name |
Given Name |
Given Name |
|
|
|
|
Email Address |
You cannot change the attribute mapping. |
|
Time Zone |
- | - |
[(GMT+09:00) Japan Standard Time (Asia/Tokyo)] will always be synchronized. |
|
Region |
- | - |
Japanese (Japan) will always be synchronized. |
|
Language |
- | - |
Japanese will always be synchronized. |
|
Email Character Code |
- | - |
UTF-8 will always be synchronized. |
Procedure
1. Open the [Provisioning Settings] screen
Open the HENNGE Access Control Administration screen, select [System] - [Provisioning Settings] from the left menu.
2. Open the settings screen
Click the [Settings] button under [Synchronization from HENNGE Access Control].
If you already have a service in use, click the [Add Service] button.
3. Selecting a Service
On the [ Step 1: Select the service to synchronize users ] screen, select [ Salesforce ].
4. Setting up HENNGE One Verification
If HENNGE One verification is already set up, proceed to step 5.
On the "Step 2: Verify the account" screen, click [ Generate verification key ].
On the "Verification settings" screen, click [ Add new verification ] for HENNGE One.
Copy the [ Client ID ] and [ Client secret ], enter them into the "HENNGE One Verification" screen, and click [ Verify ].
5. Setting up Salesforce Verification
On the "Verification settings" screen, click [ Add new verification ] for Salesforce.
On the "Salesforce Verification" screen, select [ Use sandbox ] and click the [ Verify ] button.
Enter your username and password on the Salesforce verification screen to log in.
5. Setting up Synchronization Targets
Set each item as follows:
- Synchronization service provider: Salesforce
- User profile: Profile to be set for Salesforce users
※ Users will be created in Salesforce with the profile specified in this item.
If you want to change the user's profile after creating the user, please do so in Salesforce.
After completing the setup, click [ Next ].
6. Mapping Standard Attributes
On the "Mapping standard attributes" screen, set the mapping between HENNGE One standard items and Salesforce items.
If not set, default attribute mapping will be applied.
Default attribute mapping
To add items to map, click [ Add row ].
Select items to map between HENNGE Access Control and Salesforce.
※ Users in Salesforce and HENNGE Access Control are uniquely identified by the value set in the Username attribute mapping in Salesforce.
This value must be in email format and unique in HENNGE Access Control.
※ The [ Email ] item in Salesforce will reflect the [ Email Address ] attribute in HENNGE Access Control. It will not be reflected even if mapping is set.
After completing the setup, click [ Next ].
7. Mapping Custom Attributes
On the "Mapping custom attributes" screen, set the mapping between HENNGE Access Control custom attributes and Salesforce items.
To add items to map, click [ Add row ].
Select items to map between HENNGE Access Control and Salesforce.
After completing the setup, click [ Next ].
8. Setting Excluded Users for Synchronization
Select users you want to exclude from synchronization.
If there are users you want to exclude from synchronization, check the box for Exclude from synchronization.
If you want to synchronize all users, click [ Complete ] without selecting anything.
※ If the number of selected items is different from what is displayed, there may be users remaining in HENNGE Access Control that have been deleted.
To correct the count, click the [ ? ] on the screen, then click [ Deselect invalid data ] in the popup that appears.
Once the setup is complete, "Salesforce" will be displayed on the "Provisioning settings" screen.
Reference
・Executing and confirming user provisioning
・Confirming / deleting user provisioning settings