General Discussion

 View Only
Back to discussions
Expand all | Collapse all

IS Insights: Automatically Provision TrueContext Users - Salesforce

  • 1.  IS Insights: Automatically Provision TrueContext Users - Salesforce

    Posted 01-25-2024 13:50
    Edited by Pat Cooney 02-06-2024 11:36

    Hey all!!

    First things first, for those who have read an Ian's Insights in the past.... I AM BACK! For those who haven't read or heard of Ian's Insights, it is nice to meet you! Going forward, we are going to change these types of posts from being Ian's Insights to IS Insights (Implementation Specialists Insights) because these are truly a team effort. 

    After a little time away, I have rejoined the TrueContext team as a Solutions Architect focusing heavily on integrating TrueContext into your current tech stack as seamlessly as possible. I figured that I would start at the beginning of a user's journey... creating the user profile. 

    I know that everyone likes to manage their users in different places, be it Salesforce, OKTA, Azure AD I am hoping to cover all of them but wanted to start on the one that I figured would be the most complicated.. Salesforce.

    Using the TrueContext API, you are able to create, edit and delete users in TrueContext. This can allow you to automatically provision new users in your other systems (like Salesforce) to make the management of users more streamlined with your current processes. The process outlined in this article will demonstrate how to set up a Salesforce Flow that can create TrueContext Users each time a new user is created in Salesforce.

    The same techniques can be used for updating a user's information, deleting users, assigning groups, expiring a password, and many more. Each different endpoint and method will need their own External Service, but the Named/External Credentials can be shared across them all. 

    Please note that you will need to have SF Admin access or work with someone that does in order to perform this automation.

    What will we cover?

    1. Create a Named Credential

    2. Create an External Credential

    3. Create a Flow (and External Service)

    4. Create Permission Set 

    Creating an External Credential

    1. Navigate to Salesforce Setup and using the Quick Find menu, search for Named Credentials.

    2. First we will need to create the External Credentials to use in the Named Credential. Navigate to the "External Credentials" tab.

    3. Give it a label like TrueContext or something easily recognizable.

    4. Under the Authentication select Custom and click Save

       

     

    1. Next, we will need to add your TrueContext API Key and Secret to the External Credentials.  Under the Principals section, click on New.

    2. Give it a name like API Key/Secret and leave the sequence number at 1.

    3. We will need to add in 2 Authentication Parameters, one that will contain the API Key and one that will contain the secret. You can name these anything but I just used key and secret to keep it consistent. You can get your TrueContext API Key and Secret from the live portal. Click Save at the bottom.

     

    1. Next in the Custom Headers section, create a new Custom Header. The Name matters for this one, name it Authorization.

    2. For the Value, we are going to reference the Authentication Parameters that we set up in the previous step. If you named your External Credential as TrueContext and your key and secret with those names respectively, in the value of the Custom Header, use this value:
      {!'Basic ' & BASE64ENCODE(BLOB($Credential.TrueContext.Key & ':' & $Credential.TrueContext.Secret))}

    3. This will take the API key and secret, encode them as BASE64, and will use that as Basic Auth in Header.

    Creating a Named Credential

    1. Back on the Named Credentials page, staying on the Named Credential tab, create a New Named Credential.

    2. Fill in the Label, set the URL to https://api.prontoforms.com/api/1.1 and ensure that the "Enabled for Callouts" box is checked.

    3. In the Authentication section select the newly created External Credential from the dropdown.

    4. Check off all the boxes under the Callout Options and click save

       

     

    Creating a Salesforce Flow

    1. In the Salesforce Setup, using the Quick Find menu search for Flows

    2. Create a new Flow and use the Record-triggered Flow Template. This will Launch the Flow Builder.

    3. Select User under the Object, leave it as "A record is created"

       

     

    1. In the main screen, click on "Add scheduled Paths (Optional)" We need to add our actions into the Scheduled Path because there is a limitation in Salesforce that you can not perform a HTTP Callout on a flow that is set to run immediately.

    2. Using the Scheduled Path, we are able to run the callout as soon as a user is created. You will give the Path a name, The time source will be "When user is created" and then in the Offset Number we will use 1 and Offset Options will be Minutes After so that the Flow runs 1 minute after the user is created.

       

    1. Next we will add in the Action that will be used to make the API call first and then configure the information that is passed through after.  Under the Scheduled Path (not the "Run immediately" path) click on the + to add a step, and we will use the Action option here.

       

     

    1. Click on the "+ Create HTTP Callout" button in this screen, this will kick off the process to create a new External Service. Name it "TrueContextCreateUser" and then select the TrueContext Named Credentials.

    2. We will then land on the Configure Invocable Action, again we will label it as "Create User", change the Method to POST, and under the URL Path insert /users which is the endpoint that we will need to use to create a user.

    3. In order to have the most flexible options to create a new user, we can upload the full request template with all the different parameters that can be used. We do not need to use them all, just will make them available.

    4. In TrueContext's API Documentation, we provide both a Sample Request and a Sample Response. We can use both of these to help build out the Service in Salesforce.

    5. Click on New next to the Provide Sample Request and paste in the Sample Request found in the docs, and then click on Review. Salesforce is pretty good at assigning the correct data types but just double check there is nothing obviously wrong. Click Done.

       

    1. Click on New next to Provide a Sample Response, Using the Sample Response from our docs, we will do the same paste in the sample response, click on review and then done.

    2. Click on Save

    3. Now under the "Set Request Body", click on Value and then "+ New Resource", name it "RequestBody" and then check off the boxes for "Available for input and output" Click Done.
      Your Action should look similar to this, if it does, click Done.

     

     

    1. Next, we will need to configure the data that we would like to pass through to the request body in order to configure the user in TrueContext. Click on the + before the action that we just created and select Assignment.

    2. Give it a Label, and then under that Set Variable Values is where we will define all the information to passthrough. Each time that you define the Variable, you can go into the "Apex-defined Variable" that we created in a previous step. You should see all of the different options that are available to pass data into, the 2 main ones that are required is 'username' and 'email'. All of the rest are optional, but if you are going to be automating this, you might as well pass through as many details as possible. In this example, I am just going to use email and username

       

    1. As the Value for these Variables, we will look into the Record that triggered the flow in the first place. When you click into the Value, scroll down and select the Record option, this will give you a list of all available fields that are in the Users object since that is the triggering object. I am using the email from the User record and passing it into both the username and the email in TrueContext

     

    1. Add in as many Assignments as you see fit and they will just get added into the Request Body.

    2. Your Flow should look like this now

     

    1. Save the Flow (you will get a warning but will still be able to save it) and click on Activate.

    Creating a Permission Set for External Credential Access

    1. This piece I will not be as specific with as every organization will have different rules and restrictions around who should have access to this but leveraging Salesforce Permission Sets you will need to assign the ability to use the Named Credentials that are being used in this Flow.

    2. You can also adjust this on the Profile level, and assign the "External Credential Principal  Access" for the new Credentials that we just created to a specific profile, or set it up with the Permission Sets and give the Permission Set to that profile.

    Are you doing any sort of Automated User Provisioning? Let us know below so we can share with everyone!

    #TechTalkImplementation
    ------------------------------
    Ian Chamberlain
    Solutions Architect
    TrueContext
    ------------------------------



Reminder: Content posted to our Community is public content.  Please be careful not to post Intellectual Property that you do not have permission to share.  For more information please refer to our Terms Of Use