IdentityNow Salesforce Connector: Access Provisioning for Disabled Users

Identity Security Cloud (ISC) ISC Discussion and Questions
, ,
1

I need some information: If I keep a user disabled within the Salesforce system, in the Salesforce SaaS connector in IdentityNow, when a user requests a new profile for this inactive user in the system, will we be able to enable the user’s source and grant the profile? Or will it generate an error stating that this account is disabled in the system and won’t process the access grant? Because in our current configuration we are getting an error stating that the account is disabled and does not grant access

2

Exception while updating account.Url: https://tenant.my.salesforce.com/services/data/v53.0/sobjects/PermissionSetAssignment, Message: 400 : Bad Request : [{“message”:“owner or user is inactive. Org Id:00D1U12x4B”,“errorCode”:“INACTIVE_OWNER_OR_USER”,“fields”:}], HTTP Error Code: 400

3

Hello. We are also in the process of testing a Salesforce OOTB connector and facing the same issue. I think it is a Salesforce behavior which expects an account to be enabled first in order to assign any profiles/permissions. Have you found a workaround for the OOTB connector?

4

Hi, Anna.
We haven’t been able to do it yet. We have a case with support to evaluate if we can get something different. I believe the SaaS connector has the same behavior.

5

This looks more like SalesForce API behaviour rather than just purely connector behaviour.

A good idea may be to try the same operation via API and then see if it could succeed. If so, it means something could be done at connector level.

6

We need to consider what can be done at the connector level. Do you have any suggestions?

7

If the someon requests access to it, it will try to provision and give the error message you’re seeing.

use identity states to remove the person from the Rquest center so noone request access.;