Salesforce IAM
Salesforce Pack.#
This Integration is part of theSupported versions
Supported Cortex XSOAR versions: 6.0.0 and later.
Note: This integration should be used along with our IAM premium pack. For further details, visit our IAM pack documentation.
Integrate with Salesforce's services to perform Identity Lifecycle Management operations. For more information, please refer to the Identity Lifecycle Management article.
#
Configure Salesforce IAM in Cortex#
Required Fields in Create User CommandWhen creating a user in Salesforce there are mandatory fields that need to be set. Some of them are set with default values in the integration parameters: Default Local Sid Key, Default Email Encoding Key and Default Language Locale Key. ProfileId and Timezone Sid Key are also required, but are filled using the Salesforce mapper in the following manner: Duplicate the GenerateProfileId and the GenerateTimeZone automations, edit them according to your needs, and use them as transformers in the User Profile - Salesforce (Outgoing) mapper under the ProfileId and TimeZoneSidKey fields respectively. This configuration ensures that the user being created is created with the right permissions and settings in Salesforce.
Parameter | Description | Required |
---|---|---|
url | Salesforce url (Eg: https://domain.salesforce.com/\) | True |
credentials | User name | True |
consumer_key | Consumer Key | True |
consumer_secret | Consumer Secret | True |
insecure | Trust any certificate (not secure) | False |
proxy | Use system proxy settings | False |
create_user_enabled | Allow creating users | False |
update_user_enabled | Allow updating users | False |
enable_user_enabled | Allow enabling users | False |
disable_user_enabled | Allow disabling users | False |
create_if_not_exists | Automatically create user if not found in update and enable commands | False |
mapper_in | Incoming Mapper | True |
mapper_out | Outgoing Mapper | True |
localesidkey | Default Local Sid Key | True |
emailencodingkey | Default Email Encoding Key | True |
languagelocalekey | Default Language Locale Key | True |
#
CommandsYou can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
iam-create-userCreates a user with specific settings and permissions in Salesforce, according to the configuration of the Salesforce integration and mapper - as explained in the "Required Fields in Create User Command" section.
#
Base Commandiam-create-user
#
InputArgument Name | Description | Required |
---|---|---|
user-profile | User Profile indicator details. | Required |
allow-enable | When set to true, after the command execution the status of the user in the 3rd-party integration will be active. Possible values are: true, false. Default is true. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
IAM.Vendor.active | Boolean | If true the employee's status is active, otherwise false. |
IAM.Vendor.brand | String | Name of the integration. |
IAM.Vendor.details | string | Gives the user information if the API was successful, otherwise error information. |
IAM.Vendor.email | String | The employee's email address. |
IAM.Vendor.errorCode | Number | HTTP error response code. |
IAM.Vendor.errorMessage | String | Reason why the API failed. |
IAM.Vendor.id | String | The employee's user ID in the app. |
IAM.Vendor.instanceName | string | Name of the integration instance. |
IAM.Vendor.success | Boolean | If true, the command was executed successfully, otherwise false. |
IAM.Vendor.username | String | The employee's username in the app. |
#
Command Example!iam-create-user user-profile=`{"email":"testdemisto2@paloaltonetworks.com", "givenname":"Test","surname":"Demisto”,”timezonesidkey": "Asia/Tokyo",“localesidkey": "en_US",“profileid": “012345678912345”}`
#
Human Readable Outputbrand | instanceName | success | active | id | details | |
---|---|---|---|---|---|---|
Salesforce IAM | Salesforce IAM_instance_1 | true | true | edab746f1b142410042611b4bd4bcb23 | testdemisto2@paloaltonetworks.com |
#
iam-update-userUpdates an existing user with the data passed in the user-profile argument.
#
Base Commandiam-update-user
#
InputArgument Name | Description | Required |
---|---|---|
user-profile | A User Profile indicator. | Required |
allow-enable | When set to true, after the command execution the status of the user in the 3rd-party integration will be active. Possible values are: true, false. Default is true. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
IAM.Vendor.active | Boolean | If true the employee's status is active, otherwise false. |
IAM.Vendor.brand | String | Name of the integration. |
IAM.Vendor.details | string | Gives the user information if the API was successful, otherwise error information. |
IAM.Vendor.email | String | The employee's email address. |
IAM.Vendor.errorCode | Number | HTTP error response code. |
IAM.Vendor.errorMessage | String | Reason why the API failed. |
IAM.Vendor.id | String | The employee's user ID in the app. |
IAM.Vendor.instanceName | string | Name of the integration instance. |
IAM.Vendor.success | Boolean | If true, the command was executed successfully, otherwise false. |
IAM.Vendor.username | String | The employee's username in the app. |
#
Command Example!iam-update-user user-profile=`{"email":"testdemisto2@paloaltonetworks.com", "givenname":"Test","surname":"Demisto_updated"}`
#
Human Readable Outputbrand | instanceName | success | active | id | details | |
---|---|---|---|---|---|---|
Salesforce IAM | Salesforce IAM_instance_1 | true | true | edab746f1b142410042611b4bd4bcb23 | testdemisto2@paloaltonetworks.com |
#
iam-get-userRetrieves a single user resource.
#
Base Commandiam-get-user
#
InputArgument Name | Description | Required |
---|---|---|
user-profile | A User Profile indicator. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
IAM.Vendor.active | Boolean | If true the employee's status is active, otherwise false. |
IAM.Vendor.brand | String | Name of the integration. |
IAM.Vendor.details | string | Gives the user information if the API was successful, otherwise error information. |
IAM.Vendor.email | String | The employee's email address. |
IAM.Vendor.errorCode | Number | HTTP error response code. |
IAM.Vendor.errorMessage | String | Reason why the API failed. |
IAM.Vendor.id | String | The employee's user ID in the app. |
IAM.Vendor.instanceName | string | Name of the integration instance. |
IAM.Vendor.success | Boolean | If true, the command was executed successfully, otherwise false. |
IAM.Vendor.username | String | The employee's username in the app. |
#
Command Example!iam-get-user user-profile=`{"email":"testdemisto2@paloaltonetworks.com"}`
#
Human Readable Outputbrand | instanceName | success | active | id | details | |
---|---|---|---|---|---|---|
Salesforce IAM | Salesforce IAM_instance_1 | true | true | edab746f1b142410042611b4bd4bcb23 | testdemisto2@paloaltonetworks.com | "AboutMe": null, "AccountId": null, "Address": null, "Alias": "testdemi", "BadgeText": "", "BannerPhotoUrl": "/profilephoto/", "CallCenterId": null, "City": null, "CommunityNickname": "User1", "CompanyName": null, "ContactId": null, "Country": null, "CreatedById": "123", "CreatedDate": "2020-12-29T09:07:00.000+0000", "DefaultGroupNotificationFrequency": "N", "DelegatedApproverId": null, "Department": null, "DigestFrequency": "D", "Division": null, "Email": "testdemisto2@paloaltonetworks.com", "EmailEncodingKey": "ISO-8859-1", "EmailPreferencesAutoBcc": true, "EmailPreferencesAutoBccStayInTouch": false, "EmailPreferencesStayInTouchReminder": true, "EmployeeNumber": null, "Extension": null, "Fax": null, "FederationIdentifier": null, "FirstName": "test", "ForecastEnabled": false, "FullPhotoUrl": "https://profilephoto/", "GeocodeAccuracy": null, "Id": "123", "IndividualId": null, "IsActive": true, "IsExtIndicatorVisible": false, "IsProfilePhotoActive": false, "JigsawImportLimitOverride": null, "LanguageLocaleKey": "en_US", "LastLoginDate": null, "LastModifiedById": "0054K000001WwcuQAC", "LastModifiedDate": "2021-01-03T13:53:24.000+0000","LastName": "test2", "LastPasswordChangeDate": null, "LastReferencedDate": "2021-01-03T14:14:00.000+0000", "LastViewedDate": "2021-01-03T14:14:00.000+0000", "Latitude": null, "LocaleSidKey": "en_US", "Longitude": null, "ManagerId": null, "MediumBannerPhotoUrl": "/profilephoto/", "MediumPhotoUrl": "https:/profilephoto/", "MobilePhone": null, "Name": "test", "OfflinePdaTrialExpirationDate": null, "OfflineTrialExpirationDate": null, "OutOfOfficeMessage": "", "Phone": null, "PostalCode": null, "ProfileId": "012345678912345", "ReceivesAdminInfoEmails": false, "ReceivesInfoEmails": false, "SenderEmail": null, "SenderName": null, "Signature": null, "SmallBannerPhotoUrl": "/profilephoto/", "SmallPhotoUrl": "profilephoto", "State": null, "StayInTouchNote": null, "StayInTouchSignature": null, "StayInTouchSubject": null, "Street": null, "SystemModstamp": "2021-01-03T13:53:24.000+0000", "TimeZoneSidKey": "Asia/Tokyo", "Title": null, "UserPermissionsCallCenterAutoLogin": false, "UserPermissionsInteractionUser": false, "UserPermissionsJigsawProspectingUser": false, "UserPermissionsKnowledgeUser": false, "UserPermissionsMarketingUser": false, "UserPermissionsMobileUser": false, "UserPermissionsOfflineUser": false, "UserPermissionsSFContentUser": true, "UserPermissionsSiteforceContributorUser": false, "UserPermissionsSiteforcePublisherUser": false, "UserPermissionsSupportUser": false, "UserPermissionsWorkDotComUserFeature": false, "UserPreferencesActivityRemindersPopup": true, "UserPreferencesApexPagesDeveloperMode": false, "UserPreferencesCacheDiagnostics": false, "UserPreferencesContentEmailAsAndWhen": false, "UserPreferencesContentNoEmail": false, "UserPreferencesCreateLEXAppsWTShown": false, "UserPreferencesDisCommentAfterLikeEmail": false, "UserPreferencesDisMentionsCommentEmail": false, "UserPreferencesDisProfPostCommentEmail": false, "UserPreferencesDisableAllFeedsEmail": false, "UserPreferencesDisableBookmarkEmail": false, "UserPreferencesDisableChangeCommentEmail": false, "UserPreferencesDisableEndorsementEmail": false, "UserPreferencesDisableFeedbackEmail": false, "UserPreferencesDisableFileShareNotificationsForApi": false, "UserPreferencesDisableFollowersEmail": false, "UserPreferencesDisableLaterCommentEmail": false, "UserPreferencesDisableLikeEmail": true, "UserPreferencesDisableMentionsPostEmail": false, "UserPreferencesDisableMessageEmail": false, "UserPreferencesDisableProfilePostEmail": false, "UserPreferencesDisableSharePostEmail": false, "UserPreferencesDisableWorkEmail": false, "UserPreferencesEnableAutoSubForFeeds": false, "UserPreferencesEventRemindersCheckboxDefault": true, "UserPreferencesExcludeMailAppAttachments": false, "UserPreferencesFavoritesShowTopFavorites": false, "UserPreferencesFavoritesWTShown": false, "UserPreferencesGlobalNavBarWTShown": false, "UserPreferencesGlobalNavGridMenuWTShown": false, "UserPreferencesHasCelebrationBadge": false, "UserPreferencesHideBiggerPhotoCallout": false, "UserPreferencesHideCSNDesktopTask": false, "UserPreferencesHideCSNGetChatterMobileTask": false, "UserPreferencesHideChatterOnboardingSplash": false, "UserPreferencesHideEndUserOnboardingAssistantModal": false, "UserPreferencesHideLightningMigrationModal": false, "UserPreferencesHideS1BrowserUI": false, "UserPreferencesHideSecondChatterOnboardingSplash": false, "UserPreferencesHideSfxWelcomeMat": true, "UserPreferencesJigsawListUser": false, "UserPreferencesLightningExperiencePreferred": true, "UserPreferencesNewLightningReportRunPageEnabled": false, "UserPreferencesPathAssistantCollapsed": false, "UserPreferencesPipelineViewHideHelpPopover": false, "UserPreferencesPreviewCustomTheme": false, "UserPreferencesPreviewLightning": false, "UserPreferencesRecordHomeReservedWTShown": false, "UserPreferencesRecordHomeSectionCollapseWTShown": false, "UserPreferencesReminderSoundOff": false, "UserPreferencesShowCityToExternalUsers": false, "UserPreferencesShowCityToGuestUsers": false, "UserPreferencesShowCountryToExternalUsers": false, "UserPreferencesShowCountryToGuestUsers": false, "UserPreferencesShowEmailToExternalUsers": false, "UserPreferencesShowEmailToGuestUsers": false, "UserPreferencesShowFaxToExternalUsers": false, "UserPreferencesShowFaxToGuestUsers": false, "UserPreferencesShowManagerToExternalUsers": false, "UserPreferencesShowManagerToGuestUsers": false, "UserPreferencesShowMobilePhoneToExternalUsers": false, "UserPreferencesShowMobilePhoneToGuestUsers": false, "UserPreferencesShowPostalCodeToExternalUsers": false, "UserPreferencesShowPostalCodeToGuestUsers": false, "UserPreferencesShowProfilePicToGuestUsers": false, "UserPreferencesShowStateToExternalUsers": false, "UserPreferencesShowStateToGuestUsers": false, "UserPreferencesShowStreetAddressToExternalUsers": false, "UserPreferencesShowStreetAddressToGuestUsers": false, "UserPreferencesShowTitleToExternalUsers": true, "UserPreferencesShowTitleToGuestUsers": false, "UserPreferencesShowWorkPhoneToExternalUsers": false, "UserPreferencesShowWorkPhoneToGuestUsers": false, "UserPreferencesSortFeedByComment": true, "UserPreferencesSuppressEventSFXReminders": false, "UserPreferencesSuppressTaskSFXReminders": false, "UserPreferencesTaskRemindersCheckboxDefault": true, "UserPreferencesUserDebugModePref": false, "UserRoleId": null, "UserType": "Standard", "Username": "testdemisto2@paloaltonetworks.com", |
#
iam-disable-userDisable an active user.
#
Base Commandiam-disable-user
#
InputArgument Name | Description | Required |
---|---|---|
user-profile | A User Profile indicator. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
IAM.Vendor.active | Boolean | If true the employee's status is active, otherwise false. |
IAM.Vendor.brand | String | Name of the integration. |
IAM.Vendor.details | string | Gives the user information if the API was successful, otherwise error information. |
IAM.Vendor.email | String | The employee's email address. |
IAM.Vendor.errorCode | Number | HTTP error response code. |
IAM.Vendor.errorMessage | String | Reason why the API failed. |
IAM.Vendor.id | String | The employee's user ID in the app. |
IAM.Vendor.instanceName | string | Name of the integration instance. |
IAM.Vendor.success | Boolean | If true, the command was executed successfully, otherwise false. |
IAM.Vendor.username | String | The employee's username in the app. |
#
Command Example!iam-disable-user user-profile=`{"email":"testdemisto2@paloaltonetworks.com"}`
#
Human Readable Outputbrand | instanceName | success | active | id | details | |
---|---|---|---|---|---|---|
Salesforce IAM | Salesforce IAM_instance_1 | true | false | edab746f1b142410042611b4bd4bcb23 | testdemisto2@paloaltonetworks.com |
#
get-mapping-fieldsRetrieves a User Profile schema which holds all of the user fields within the application. Used for outgoing-mapping through the Get Schema option.
#
Base Commandget-mapping-fields
#
InputThere are no input arguments for this command.
#
Context OutputThere is no context output for this command.