Hi community,
I’ve successfully integrated Salesforce SaaS as a source in IdentityNow (IDN) and I’m able to provision user accounts with most of the attributes, including several UserPermissions flags like:
UserPermissionsMarketingUserUserPermissionsOfflineUser
However, I am facing an issue where only two attributes are not being set during provisioning:
UserPermissionsInteractionUser(Flow User)UserPermissionsKnowledgeUser(Knowledge User)
Context and What I’ve Verified:
-
These attributes are present in the schema and I can see their values during account aggregation, confirming correct attribute names.
-
I can manually enable/disable the corresponding checkboxes (Flow User, Knowledge User) directly in the Salesforce UI for the user.
-
These two fields are included in the provisioning plan, just like other user permission attributes which are working.
-
My provisioning plan is explicitly passing:
{
"UserPermissionsInteractionUser": "true",
"UserPermissionsKnowledgeUser": "true"
}
- Via Postman we can pass it.
- No errors appear in the provisioning transaction logs, but the values for these two attributes are simply not applied.
What I Suspect (but need help verifying or resolving):
- These fields may have API-level restrictions or may not be writeable via SOAP/REST API, even if they are visible in the UI.
- There may be a licensing or profile-based restriction affecting only these fields.
- Possible field access metadata issues, where these fields are not marked as
updateablefor the integration user via API. - Potential limitation in Salesforce SaaS connector in IDN for these two fields.
What I Need Help With:
- Has anyone successfully provisioned
UserPermissionsInteractionUserand/orUserPermissionsKnowledgeUservia IDN Salesforce connector? - Are there known limitations or extra configuration steps required to enable API write access for these permission flags?
- Any tips on verifying field
updateablestatus using Workbench or metadata API?
Thanks in advance for your help!