Previous Topic: Account Template AttributesNext Topic: SAP R/3 Connector

CA Identity Manager Connector GuidesConnectors GuideConnecting to EndpointsSalesforce.com ConnectorConnector FeaturesCustom Attributes

Custom Attributes

This section applies to CA CloudMinder and CA Identity Manager. It does not apply to CA Identity Governance.

The Salesforce connector supports the creation of custom attributes. You can customize the metadata of the Salesforce connector to create additional attributes for a Salesforce user object, including custom Salesforce fields.

You can only create custom attributes that have a string data type, for example, text fields, integer fields, date and time fields, and such.

How to Display Salesforce.com Custom Attributes in the User Console

This section applies to CA CloudMinder and CA Identity Manager. It does not apply to CA Identity Governance.

The Salesforce.com connector supports the creation of custom attributes. You can customize the metadata of the Salesforce.com connector to create additional attributes for a Salesforce.com user object, including custom Salesforce.com fields.

You can create custom attributes only for attributes that have a string data type. Strings include text fields, integer fields, and date and time fields.

If you create custom attributes in your Salesforce.com organization, you can display the custom attributes in your client Identity Lifecycle Management application. To display the custom attributes, customize the metadata of the Salesforce.com connector using Connector Xpress.

To display the custom attributes in the User Console do the following:

  1. Get the API name of the custom attribute in your Salesforce.com organization that you want to display in the User Console.

    Note: For more information, see your Salesforce.com organization.

  2. Add custom attributes to the Salesforce.com connector metadata using Connector Xpress.
  3. Modify the properties of the attribute as required, for example, Maximum Length, Allowed Operations, and such.
  4. Create the presentation metadata that defines how the attribute is displayed in the User Console.
  5. Generate the Account Management screens for the Salesforce.com connector.

Example: Display Salesforce.com Custom Attributes

The following example shows you how to display a custom attribute that you create in your Salesforce.com organization in your client ILM application. This example uses CA Identity Manager as the client application. This example shows you how to customize the metadata of the Salesforce.com connector by using Connector Xpress, and how to display the custom attribute in User Console Salesforce.com account management screens.

This example assumes that you have created a custom attribute named MyCustomAttribute in your Salesforce.com Organization, and defined it as a text field with a length of 25 characters.

The example shows you how to display a custom Salesforce.com text attribute named MyCustomAttribute, and then how to change the length of the field.

Follow these steps:

  1. Get the API name of your custom Salesforce.com attribute MyCustomAttributeName.

    This is the attribute that you want to display on the User tab of the Salesforce.com Account dialog in the User Console.

    Example: MyCustomAttribute__c.

  2. Add and configure a Provisioning Server, in Connector Xpress.
  3. Create a project based on the existing Salesforce.com connector metadata.
  4. Click Attributes, in the Mapping tree, under User Class.

    The Attributes Summary dialog appears.

  5. Under Mapped Attributes, add the custom attribute MyCustomAttribute.

    You have added the custom attribute MyCustomAttribute to the Salesforce user class.

  6. In the Mapping tree, click MyCustomAttribute.

    The Attributes Details dialog appears.

  7. On the Attributes Details dialog, do the following:
    1. Complete the Connector Map To field with the API name of your custom attribute MyCustomAttribute. For example, MyCustomAttribute__c
      Connector Map To

      Specifies which name to map an object class (including the connector itself) or attribute to in connector-speak. For a dynamic connector, this attribute specifies the name of the native system item to map the attribute to.

    2. Select String from the Data Type list.
      Data Type

      Specifies the data type of the provisioning attribute that you have mapped to the native attribute.

    3. In the Maximum length field, change the length to 50.
      Maximum Length

      Specifies the maximum byte length of values for this attribute value. This value is used for input validation.

  8. In the mapping tree, click Attributes.

    The Attributes Summary dialog appears.

  9. On the Attributes Summary dialog, do the following:
    1. Under Account Screens, click User.

      The page sections on the User tab appear.

    2. On the Organization page section, select MyCustomAttribute from the drop-down list.

      You have created the presentation metadata that defines how the custom attribute MyCustomAttribute is displayed in the CA Identity Manager User Console.

  10. Deploy the Salesforce connector to the Provisioning Server.
  11. Use the Role Definition Generator to generate the User Console Salesforce account management screens.

    The custom attribute appears in the Organization section of the User tab of the Salesforce Account dialog in the User Console.

Note: For more information about how to add and configure a provisioning server, create a project, and generate CA Identity Manager User Console account screens, see the Connector Xpress Guide.

More information:

Add and Configure a Provisioning Server

Create a Project Based on Existing Metadata

How you Generate User Console Account Screens

How you Generate Account Screens

Deleting Salesforce.com Accounts

This section applies to CA CloudMinder and CA Identity Manager. It does not apply to CA Identity Governance.

You cannot use the Salesforce.com connector to delete a Salesforce.com user, as Salesforce.com does not support account deletion.

The connector simulates account deletion when any operation that attempts to delete a Salesforce.com account directly or indirectly occurs, for example, removing the role that created that account.

When the option Accounts will be deleted from the provisioning directory and suspended on the managed endpoint is selected on the Endpoint Settings tab in the User Console, the account is deactivated and placed in a group called CA ILM SFDC Connector Suspended on the Salesforce.com endpoint.

During an add operation, the Salesforce.com connector verifies that the account exists on the Salesforce.com endpoint and checks to see if the account is in the CA ILM SFDC Connector Suspended group.

If the account is in the CA ILM SFDC Connector Suspended group, the connector removes the Suspended membership and modifies the account, instead of adding a new account.

During an explore and correlate, the connector ignores all accounts in the CA ILM SFDC Connector Suspended group.

The Salesforce.com connector creates the CA ILM SFDC Connector Suspended group as required.