Methods to Provision or give Access to Salesforce Communities Users

Contact associated with and Impact on user provisioning

Person account - Can only create customer users

Non-partner account - Can only create customer users

Partner account - Can create customer and partner users

Manual Creation

To manually provision an external user for a Person account or non-partner account:

1. Go to the Contact detail page.

2. Click Manage External User.

3. Click Enable Customer User or Enable Partner User.

Enable Self-Registration in the Community

Go to the Communities setup overlay, select the “Login Page” tab, and enable Self-Registration. Optionally, select a default profile to assign to self-registered users. Only profiles that were previously added to the community are shown.

API Provisioning

You can provision community users by using the SOAP or REST API on the User object. When using this API, keep in mind that the Community user has to be associated to a valid contact and account so these fields need to be set. The account must also be owned by a Salesforce user that has a role.

We also provide the following methods to provision a new user through Apex:

createPortalUser(user, accountId, password) lets you create an external user associated to a Customer or Partner account.

createPersonAccountPortalUser(user, ownerId, password) lets you create an external user associated to a Person Account.

Social Sign-On Provisioning

Social Sign-On enables users to authenticate from a range of identity providers, including Facebook, Google, Microsoft, Amazon, Paypal, any OpenID Connect provider, and even other orgs  ( future plans include support for LinkedIn and Twitter as well ). Social sign-on is key to a new way of acquiring prospects, and servicing customers.   As part of the process users are created or updated on the fly using Registration Handlers.

Just-In-Time Provisioning over SAML 

With Just-in-Time provisioning, you can use a SAML assertion to create regular and portal users on the fly the first time they try to log in. This eliminates the need to create user accounts in advance. For example, if you have a customer that needs access to your support Community, you don’t need to manually create the user in Salesforce. When they log in with single sign-on, their account is automatically created for them, eliminating the time and effort with on-boarding the account. This greatly simplifies the integration work required in scenarios where users need to be dynamically provisioned, by combining the provisioning and single sign-on processes into a single message.

Just-in-Time provisioning works with your SAML identity provider to pass the correct user information to Salesforce in a SAML 2.0 assertion attribute statement. You can both create and modify users, contacts, and accounts this way. Because Just-in-Time provisioning uses SAML to communicate, your organization must have SAML-based single sign-on enabled.

Mass-User Provisioning

Data Loader
Data Loader is a great option for non-developers who want to mass upload users.

Follow these steps to mass upload users using Data Loader:

1. Set up your Community accounts (Partner or Customer).

2. Add contacts to the accounts.

3. Create the Community Role that your Users will be using (for role-based users only).

4. Create a .csv import file for importing users.

5. Export the contacts for which you want to create users.

6. Add contact info to the .csv import file; complete empty fields.

7. Import the .csv file through Data Loader.

Once your accounts and contacts are set up, create a .csv file with the following information to create new users:

– RoleId (optional, otherwise default to user role)

– FirstName

– LastName

– ContactId (use the contact id of previously created contact)

– ProfileId

– Username

– Email

– Alias

– TimeZoneSidKey

– LocaleSidKey

– EmailEncodingKey

– LanguageLocaleKey


No comments:

Post a Comment