Highlighted
Absent Member.
Absent Member.
428 views

Salesforce : username is concatenation of attribute & string


Hi. I am configuring Access Manager for Salesforce integration, roughly
based on the Cool Solutions article http://tinyurl.com/3ulgfuf

Our users are stored in eDirectory and they have a custom attribute
called employeeID. This employeeID, concatenated with an "@" sign and a
domain name, is the username at Salesforce. Note that although the
username is in email format, this is NOT the email address of the user,
so we cannot just send the value of the mail attribute in the
assertion.

For example, for the user John Doe, his username at Salesforce is
111@mycompany.com, but his email address is jdoe@mycompany.com

From the Identity Server documentation, I know that I will have to
configure User Matching Expression to match users at Salesforce. My
question is : How can I configure this so that the employeeID attribute
concatenate with a string, namely "@mycompany.com" in this example to be
sent in the assertion for Salesforce to use with the Salesforce
configuration "SAML User ID Type" being "Select "Assertion contains
salesforce.com username"?

Thanks in advance for answering.

-Andrew


--
ndrw_cheung
------------------------------------------------------------------------
ndrw_cheung's Profile: https://forums.netiq.com/member.php?userid=5241
View this thread: https://forums.netiq.com/showthread.php?t=47942

0 Likes
2 Replies
Highlighted
Absent Member.
Absent Member.

Re: Salesforce : username is concatenation of attribute & string


I don't believe this is possible with AM LDAP Attribute mapping....but
if you're licensed for IDM, investigate implementing a policy in a Null
Driver to detect employeeID and concat it to another unused (or custom)
attribute...


--
ScorpionSting
------------------------------------------------------------------------
ScorpionSting's Profile: https://forums.netiq.com/member.php?userid=469
View this thread: https://forums.netiq.com/showthread.php?t=47942

0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Salesforce : username is concatenation of attribute & string


Thanks for your reply and your suggestion of using IDM to populate
another custom attribute. I'm hoping to be able to achieve this without
creating and using another attribute, 'cause the employeeID is really
all we need (the domain name is a constant in this case).

Another alternate is to use the Federation Identifier as the SAML User
ID type, but I haven't got the configuration for this correctly yet.

-Andrew


--
ndrw_cheung
------------------------------------------------------------------------
ndrw_cheung's Profile: https://forums.netiq.com/member.php?userid=5241
View this thread: https://forums.netiq.com/showthread.php?t=47942

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.