Enable Salesforce provisioning

You can upgrade to the latest version of our Salesforce integration that uses OAuth authentication for Provisioning and Imports. This new version is the default version for new orgs. For more information, see Configure OAuth and REST integration.

SOAP/REST integrations: REST functionality creates a complete profile for a user while legacy SOAP user creation is a multi-step process. Therefore all data/data types must be accurate or user profile creation may not take place. Take particular care with attributes for IDs (for example, employeeID). See Object Reference for Salesforce and Lightning Platform for more details and troubleshooting.

To allow user and group data to be shared between Okta and Salesforce, you need to configure the provisioning settings.

Prerequisites

  • A custom user profile in Salesforce. After you create a custom profile in the Salesforce portal, edit the profile's Administrative Permissions to enable the following:

    • API Enabled

    • Manage Users: Enabling this option automatically enables the following permissions: Assign Permission Sets, Manage Internal Users, Manage IP Addresses, Manage Login Access Policies, Manage Password Policies, Manage Profiles and Permission Sets, Manage Roles, Manage Sharing, Reset User Passwords and Unlock Users, View All Users, View Roles and Hierarchy, View Setup and Configuration.

    See also Salesforce Create or Clone Profiles documentation.

    Assign the permissions directly to the profile. Don't add the permissions through permission sets.

Configure provisioning

  1. Create an administrator account in Salesforce.

  2. In the Admin Console, go to ApplicationsApplications.

  3. In the search field, enter Salesforce and click Salesforce.com.
  4. Click the Provisioning tab and click Configure API Integration.
  5. Select Enable API integration.

  6. Enter your OAuth Consumer Key and OAuth Consumer Secret, and then click Authentication with Salesforce.com. See Configure OAuth and REST integration for more details.

  7. Optional. Select Allow Pushing Null Values to allow null values to be pushed from Okta to Salesforce.

  8. Optional. Click Test API Credentials to test the API integration.
  9. Click Save.
  10. Optional. To edit the Okta to Salesforce provisioning settings, select To App under Settings and then click Edit.

  11. Click Save.

  12. Optional. To edit the Salesforce to Okta provisioning settings, select To Okta under Settings and then click Edit.

  13. Click Save.
  14. Assign users to Salesforce. See Assign applications to users.