Enable Salesforce provisioning


You can upgrade to the latest version of our Salesforce integration that uses OAuth authentication for Provisioning and Imports. This new version is the default version for new orgs. For more information, see Configure OAuth and REST integration.

To allow user and group data to be shared between Okta and Salesforce, you need to configure the provisioning settings. You'll need the Salesforce account username and password and the token to configure the provisioning settings. In future, if you reset the account password, Salesforce provides you with a new token and you'll need to edit the Salesforce provisioning settings.

  1. Create an administrator account in Salesforce.

  2. In the Admin Console, go to Applications > Applications.

  3. In the search field, enter Salesforce and click Salesforce.com.
  4. Click the Provisioning tab and click Configure API Integration.
  5. Select the Enable API integration check box.

  6. Complete the Username and Password + Token fields. Do not add spaces or other characters between the password and token.

    Important Note


    • To avoid breaking the integration when the password is reset, use a dedicated API account for connecting Okta to Salesforce.
    • Do not enable delegated authentication in Salesforce for the API user specified here.
  7. Optional. Select the Allow Pushing Null Values check box to allow null values to be pushed from Salesforce to Okta.

  8. Optional. Click Test API Credentials to test the API integration.
  9. Click Save.

  10. Optional. To edit the Okta to Salesforce provisioning settings, select To App in the SETTINGS list and then click Edit.
  11. Click Save.

  12. Optional. To edit the Salesforce to Okta provisioning settings, select To Okta in the SETTINGS list and then click Edit.

  13. Click Save.

  14. Assign users to Salesforce. See Assign applications to users.