Hi Guys,
I’m trying to integrate Salesforce with SailPoint using REST APIs. There are many different Salesforce endpoints available, and I’m a bit confused about which ones should be used for the integration.
If anyone has integrated Salesforce via REST API before, could you please share which endpoints you used?
Thanks!
Hello Sandy,
Welcome to the SailPoint Developer Community
Out of curiosity, is there a reason you are going with the Web Services connector? There’s already a SailPoint-built Salesforce connector that handles accounts, Profiles, Roles, Permission Sets, Permission Set Groups, Public Groups, and Queues natively. The Account Attributes page shows the full schema you would get out of the box.
Hi @punna0001 ,
Thanks for the reply.
In this Salesforce app, when creating a user, they’re adding a code and dates in the UI. This code is not required initially, but in some cases it becomes required later. They usually don’t know the code at the time of user creation, so they add it afterwards.
Got it. Are those code & date values stored directly on the Salesforce User object as custom fields, or are they on a separate custom object or related record in Salesforce?
If they are User object custom fields, you may not need the Web Services connector. The Salesforce connector supports custom User attributes for both aggregation and update, as long as the exact Salesforce API field names (with the __c suffix) are added to the account schema. You could keep them optional at create time and push the values later when they’re known.
If those values live on a different Salesforce object, Web Services with the Salesforce REST API may be the right direction.
Thanks Harish,
I forgot to mention another case. When the user leaves the organization, we need to disable the account right. They don’t directly disable the user account, they need to reassign the user’s current assignments to a new user until the their replacement comes. Until a new replacement comes they’ll hold the account, and after reassigning all the assignments they’ll disable the acount
If you don’t want to immediately disable the user account, exclude your Salesforce source from lifecyle management state
For Salesforce with SailPoint ISC, most REST integrations use:
/services/data/vXX.X/query → aggregation
/services/data/vXX.X/sobjects/User → create/update users
/services/data/vXX.X/sobjects/Profile
/services/data/vXX.X/sobjects/PermissionSet
/services/data/vXX.X/sobjects/PermissionSetAssignment
Usually SOQL query endpoints are used for aggregation and sobjects endpoints for provisioning.
Hi @sandy_sandy ,
Please refer to this document for Salesforce rest api
https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/resources_list.htm
Hope this works,
Thank you
