Importing Salesforce Platform license users with assigned permission sets from an LDAP server
The following topics provide information about importing users with the Salesforce Platform license from an LDAP server into your Salesforce organization:
You can import users into your Salesforce organization by using the Pentaho Data Integration tool. The Pentaho package for importing users with the Salesforce Platform license from an LDAP server is available on the BMC Communities website. For information about how users are imported into your Salesforce organization, see Overview of how users are imported from LDAP servers.
KJB and KTR files for importing users from an LDAP server
In Pentaho, metadata is stored in XML format in the file system as KTR (transformations) or KJB files (jobs). The Pentaho package includes the TransferLDAPInfo.kjb file (job file) for importing users from an LDAP server. The job (KJB) file contains a series of transformations that run in a sequence. Each transformation maps to a KTR file that is available, along with the KJB file, in the Pentaho package. The following table provides information about the KTR files and the corresponding transformations that the KJB file contains:
| KTR file | Step or transformation in the KJB file | Description |
|---|---|---|
| LookUpExcelExport.ktr | Transfer LookUp Excel Export | Exports profiles, accounts, user roles, permission sets, users, and user-account links from the Salesforce organization into separate CSV files. |
| None | Check if delta timestamp file exists | Checks if any time stamp file exists. The Pentaho package utilizes a time stamp file to determine which records were added or modified since the last time the job was run. This step is used for incremental import. If a time stamp file does not exist, the Create the initial timestamp file step is executed; otherwise, the Update Salesforce with LDAP user information step. |
| CreateInitialTimeStampedFileForLDAP.ktr | Create the initial time stamp file | Creates the time stamp file to record the time of import. This step is executed only if you are importing for the first time or you have deleted the existing time stamp file. |
| TransferLDAPInfo.ktr | Update Salesforce with LDAP user information | Transfers data from LDAP server to the Salesforce organization. The Salesforce Upsert [For User] step of the TransferLDAPInfo transformation displays the out-of-the-box fields which are mapped from the LDAP Active Directory Users. This includes fields, such as LastName, Username, Phone, MobilePhone, Fax, and so on. |
| TransferAccountsToUsers.ktr | Assign Account to users | Transfers relationships between users and accounts from the LDAP server to the Salesforce organization. |
| AssignPermissionSets.ktr | Assign permission set to the new users | Assigns permission sets to the imported users. |
| AssignRemedyforceLicense.ktr | Assign Remedyforce License to new users | Assigns the BMC Remedyforce license to the imported users. |
| UpdateManagerInfo.ktr | Update manager information | Transfers the manager field information of the LDAP User from Active Directory. |
| StoreLDAPTimestamp.ktr | Store the current timestamp | If the data import is successful for one or more records, the time of import is saved. |
The following table provides information about the steps that are included in the TransferLDAPInfo.ktr file (Update Salesforce with LDAP user information transformation). The Pentaho package runs these steps to import users from the LDAP server into your Salesforce organization. You can view these steps only when you open the KTR file in the Pentaho Data Integration tool. The KTR file also contains mapping of the fields in the LDAP server to the fields in the Client User Import table. For more information about mapping, see Overview of how users are imported from LDAP servers.
Step | Description |
|---|---|
Delta timestamp | Reads the saved time stamp. |
Create time based LDAP filter string | Creates a time-based LDAP filter string that is used to fetch the new records added since you last ran the job successfully. |
LDAP input | Uses the LDAP filter string to fetch the defined attributes of the records from the LDAP server. |
Dynamic account, profile and permission set assignment | Enables assigning account, profile, and permission set information to the records that are imported based on any of the LDAP attribute. |
| Sort | Sorts the users that are imported from the LDAP server. |
| Unique Rows | Checks that the imported users are unique so that duplicate records are not created in the Salesforce organization. |
| Excel Output | Creates a CSV file that contains unique imported users. |
| Stream lookup [For Profile] | Retrieves profiles that were exported from the Salesforce organization to a CSV file in the Transfer LookUp Excel Export transformation (LookUpExcelExport.ktr file). |
| Stream lookup [For UserRole] | Retrieves user roles that were exported from the Salesforce organization to a CSV file in the Transfer LookUp Excel Export transformation (LookUpExcelExport.ktr file). |
| Stream lookup [For Account] | Retrieves accounts that were exported from the Salesforce organization to a CSV file in the Transfer LookUp Excel Export transformation (LookUpExcelExport.ktr file). |
| Stream lookup [For PermissionSet] | Retrieves permission sets that were exported from the Salesforce organization to a CSV file in the Transfer LookUp Excel Export transformation (LookUpExcelExport.ktr file). |
Salesforce Upsert [For User] | Transfers imported users to the Salesforce organization. |
Success rows | Stores the rows that are imported successfully. |
Failure rows | Stores the rows that are not imported with error code, error description, and error fields. |
| Upserted Users | Creates a Microsoft Excel worksheet on your local machine which contains the users who are successfully imported to the Salesforce organization. |
| Add UserId | Creates an internal file which is required to update the manager information. |
Before you begin
Before you can import users from an LDAP server, you must perform the following tasks:
- Register at the BMC Communities website.
- Download the Pentaho package from the BMC Communities website (https://communities.bmc.com/docs/DOC-32288).
BMC recommends that you download the job files in the folder in which you have unzipped the Pentaho Data Integration tool.
To import Salesforce Platform license users with assigned permission sets from an LDAP server
By using the LDAP Pentaho package, you can import users who are assigned the Salesforce Platform license and ServiceDesk Client permission set by default. The BMC Remedyforce package license is also assigned to the new imported users.
Note
You cannot assign a permission set to an existing user by using this Pentaho package. However, you can use the KTR file provided in the InsertPermissions folder. For more information, see To assign permission sets to existing users by using a KTR file. You can change the permission set that you want to assign to the imported users.
- To launch the Pentaho Data Integration tool, in the \pdi-ce-4.x.0-stable\data-integration or pdi-ce-5.0.1.A-stable\data-integration folder, double-click the Spoon.bat file.
- In Pentaho Spoon, select File > Open, navigate to the folder where you downloaded the Pentaho packages, and open the TransferLDAPInfo.kjb file.
- To open the LookUpExcelExport.ktr (transformation) file, right-click the Transfer LookUpExcelExport step, and select Open referenced object > Transformation.
- To provide details to access your Salesforce organization, perform the following actions:
- On the Transfer LookUp Excel Export tab, double-click the Salesforce Input [For Profile] step.
- In the Salesforce Input window, enter your Salesforce organization user name and password.
- (Optional) To verify the connection, click Test connection.
- Click OK.
- Repeat step a to step d for the following steps:
Salesforce Input[For Profile]
Salesforce Input[From Account]
Salesforce Input [From UserRole]
Salesforce Input[For User Account Link]
Salesforce Input[From Permission Set]
Salesforce Input [From User]
- To save the LookUpExcelExport.ktr file, click
. - In the TransferLDAPInfo.kjb file, right-click the Assign Account to users step, and select Open referenced object > Transformation.
- On the TransferAccountsToUsers tab, double-click the Salesforce Insert [For User Account Link] step.
- Enter the username and password details in the respective fields.
- (Optional) To verify the connection, click Test connection.
- To save the file, click .
- Repeat step f to step j for the Salesforce Update step.
- In the KJB file, right-click the Assign Permission sets to the new users step, and select Open referenced object > Transformation.
- On the AssignPermissionSets tab, double-click the Salesforce Insert step.
- Enter the username and password details in the respective fields.
- (Optional) To verify the connection, click Test connection.
- To save the KTR file, click .
- In the KJB file, right-click the Assign Remedyforce License to the new user step, and select Open referenced object > Transformation.
- On the AssignRemedyforceLicense tab, double-click the Salesforce Update step.
- Enter the username and password details in the respective fields.
- (Optional) To verify the connection, click Test connection.
- To save the KTR file, click
- To provide details to access the LDAP server, perform the following actions:
- In the KJB file, right-click the Update Salesforce with LDAP user information step, and select Open referenced object > Transformation.
- On the TransferLDAPInfo tab, double-click the LDAP input step.
- In the LDAP Input window, enter the host, username, and password details in the respective fields.
- (Optional) To verify the connection, click Test connection.
- (Optional) To fetch more fields from the LDAP server, in the Fields tab, click Get Fields.
- (Optional) Double-click the Dynamic account, profile and permission set assignment step, and perform any of the following actions:
- Modify or assign default value for account, profile, permission set, BMC Remedyforce package license, role, and custom values for specific condition in the script.
- Modify the default value for Locale, Language, TimeZone, and EmailEncoding fields.
- Update the default permission set assigned to the imported users by updating the value in the permissionSet variable.
- Disable the BMC Remedyforce package license assignment to imported users by updating the value of the AssignRemedyforceLic variable to false.
- In the Script Values / Mod window, refer to the commented examples that are provided.
Double-click the Salesforce Upsert [For User] step, and enter your Salesforce organization username and password.
Note
If you are using previous versions of the Pentaho data integration tool (for example, Pentaho 4.1 or 4.2), you must modify the Salesforce Webservice URL to https://www.salesforce.com/services/Soap/u/20.0.
- (Optional) To update the predefined mapping between the LDAP fields and the Salesforce client user import object, click Edit Mapping.
For more information about mapping, see Overview of how users are imported from LDAP servers. - (Optional) To verify the connection, click Test connection.
- Click OK.
- To provide your Salesforce organization access the manager field information of the LDAP User from Active Directory:
In the TransferLDAPInfo job file, right-click the Update manager information step, and select Open referenced object > Transformation.
Double-click the Salesforce Update step and perform the following:
Ensure that the correct Salesforce Webservice URL has been entered
Enter your Salesforce organization username and password.
(Optional) To verify the connection, click Test connection.
Click OK.
- Double-click the LDAP Input step and perform the following:
- In the Host section, ensure that the correct LDAP host connectivity configuration has been entered.
- In the authentication section, enter your Salesforce organization user name and password.
(Optional) To verify the connection, click Test connection.
- Click OK.
- Click .
- (Optional) If you have enabled the setting to access your Salesforce organization from limited IP addresses, to enable communication between Salesforce and the Pentaho Data Integration tool, perform the following actions:
In Salesforce, navigate to Setup > Reset My Security Token.
Note
If you have enabled the improved Setup user interface in your Salesforce organization, navigate to My Settings > Personal > Reset My Security Token. For more information, see http://help.salesforce.com/apex/HTViewHelpDoc?id=admin_setup_improved.htm&language=en_US.
- Click Reset Security Token.
An email message is sent to your email address stored in Salesforce. - In the Password field of the Salesforce Upsert [For User] step, append the security token to the password.
For example, if your password is mypassword and your security token is XXXXXXXXX, then you must enter mypasswordXXXXXXXXX in the Password field.
You must also append the security token to the password in all steps in which you have entered the user name and password of your Salesforce organization.
- To save the KTR and KJB files, click .
- In the KJB file, click
.
Complete transformations are depicted using
. 
indicates currently running transformations, and
indicates unsuccessful transformations. - (Optional) To view logs, in the Execution results section, click the Logging tab.
All errors are displayed in red.
To assign permission sets to existing users by using a KTR file
To assign permission sets to existing users by using the KTR file provided in the InsertPermissions folder, you need the AssigneeId of users and the IDs of the permission sets that you want to assign to the users.
- From the InsertPermissions folder, double-click the PermissionSetAssignment.csv file, and enter the user IDs (AssigneeIds) and the permission set IDs.
- To launch the Pentaho Data Integration tool, in the \pdi-ce-4.x.0-stable\data-integration or pdi-ce-5.0.1.A-stable\data-integration folder, double-click the Spoon.bat file.
- In Pentaho Spoon, select File > Open and navigate to the folder where you downloaded the Pentaho packages.
- From the InsertPermissions folder, open the InsertPermissionSets.ktr file to assign permission sets to existing users.
- In the InsertPermissionSets.ktr file, double-click the Salesforce Insert step, and enter your Salesforce organization user name and password.
- To save the file, click .
- To run the KTR file, click .
Related topics
Overview of how users are imported from LDAP servers
Comments
Log in or register to comment.