Note

 

This documentation supports the 20.17.01 version of BMC Remedyforce.

To view the latest or an earlier version, select the version from the Product version menu.

Importing Salesforce Platform license users with assigned permission sets from an LDAP server

You can import users into your Salesforce organization by using the Pentaho Data Integration tool. The Pentaho package for importing Salesforce Platform license users with assigned permission sets from an LDAP server is available on the BMC Communities website.

By using the LDAP Pentaho package, you can import users who are assigned the Salesforce Platform license and ServiceDesk Client permission set by default. The BMC Remedyforce package license is also assigned to the new imported users. For information about how users are imported into your Salesforce organization, see Overview of how users are imported from LDAP servers.

The following topics provide information about importing Salesforce Platform license users with assigned permission sets from an LDAP server into your Salesforce organization:

Note

For information about the LDAP versions that BMC Remedyforce supports, see Supported browsers, mobile devices, and integrations.

Before you begin

Before you can import users from an LDAP server, you must perform the following tasks:

To import Salesforce Platform license users with assigned permission sets from an LDAP server

You cannot assign a permission set to an existing user by using this Pentaho package. Instead, you can use the KTR file provided in the InsertPermissions folder. For more information, see To assign permission sets to existing users by using a KTR file.

Important

Consider the following points when providing the access details for your Salesforce organization:

  • If you have enabled the setting to access your Salesforce organization from limited IP addresses, you must append the security token to your Salesforce organization password.
    For example, if the password for your Salesforce organization is mypassword and your security token is XXXXXXXXX, specify mypasswordXXXXXXXXX in the Password fields.
  • BMC recommends that you do not change the default API version in the Salesforce Webservice URL.
  1. To launch the Pentaho Data Integration tool, perform the following actions:
    1. Navigate to the location where you downloaded and unzipped the Pentaho Data Integration tool.

    2. Navigate to the data-integration folder and double-click the Spoon.bat.

  2. In Pentaho Spoon, select File > Open, navigate to the folder where you downloaded the Pentaho packages, and open the TransferLDAPInfo.kjb file.
  3. On the TransferLDAPInfo tab, in the Transfer Lookup Excel Export step (transformation), provide your Salesforce organization access details.

     Click here to see the detailed steps.
    1. Right-click the Transfer LookUp Excel Export step, and select Open referenced object > Transformation.
    2. On the LookUp Excel Export tab, double-click one of the following steps:
      • Salesforce Input [From User]
      • Salesforce Input[For Profile]
      • Salesforce Input[From Account]
      • Salesforce Input[From UserRole]
      • Salesforce Input[For User Account Link]
      • Salesforce Input[From Permission Set]
    3. In the Salesforce Input window, enter your Salesforce organization user name and password.
    4. (Optional) To verify the connection, click Test connection and then click OK.
    5. To save your changes and close the Salesforce Input window, click OK.
    6. Repeat step 3b to step 3e for the other steps listed in step 3b.
    7. To save the KTR file, click Save.
  4. On the TransferLDAPInfo tab, right-click the Assign Account to users step, and select Open referenced object > Transformation.
    1. On the TransferAccountsToUsers tab, double-click the Salesforce Insert [For User Account Link] step.
    2. Enter your Salesforce organization user name and password.
    3. (Optional) To verify the connection, click Test connection and then click OK.
    4. To save your changes and close the window, click OK.
    5. Double-click the Salesforce Update step and repeat step 4b to step 4d.
    6. To save the KTR file, click Save.
  5. On the TransferLDAPInfo tab, right-click the Assign Permission sets to the new users step, and select Open referenced object >  Transformation.
    1. On the AssignPermissionSets tab, double-click the Salesforce Insert step.
    2. Enter your Salesforce user name and password.
    3. (Optional) To verify the connection, click Test connection and then click OK.
    4. To save your changes and close the window, click OK.
    5. To save the KTR file, click Save.
  6. On the TransferLDAPInfo tab, right-click the Assign Remedyforce License to the new user step, and select Open referenced object > Transformation.
    1. On the AssignRemedyforceLicense tab, double-click the Salesforce Update step.
    2. Enter your Salesforce user name and password.
    3. (Optional) To verify the connection, click Test connection and then click OK.
    4. To save your changes and close the window, click OK.
    5. To save the KTR file, click Save.
  7. On the TransferLDAPInfo tab, in the Update Salesforce with LDAP user information step (transformation), provide your LDAP server and Salesforce organization access details and, if required, customize the Pentaho package.

     Click here to see the detailed steps.
    StepActionDetails
    a.Open the Update Salesforce with LDAP user information transformation.

    Right-click the Update Salesforce with LDAP user information step, and select Open referenced object > Transformation.

    b.Provide LDAP server access details.

    On the TransferLDAPInfo tab, perform the following actions:

      1. Double-click the LDAP input step.
      2. In the LDAP Input window, on the General tab, enter the host, user name, and password of the LDAP server from which you are importing users.
      3. (Optional) To verify the connection, click Test connection and then click OK.
      4. (Optional) To fetch more fields from the LDAP server, on the Fields tab, click Get fields.
      5. To save your changes and close the LDAP Input window, click OK.
    c.(Optional) Customize the assignment of account and profile information to imported records based on specific LDAP attributes.Perform the following actions:
      1. Double-click the Dynamic account and profile assignment step.
      2. In the Script Values / Mod window, refer to the commented examples that are provided.
      3. Perform any of the following actions:
        • Modify or assign default value for account, profile, permission set, BMC Remedyforce package license, role, and custom values for specific condition in the script.
        • Modify the default value for LocaleLanguageTimeZone, and EmailEncoding fields. 
        • Update the default permission set assigned to the imported users by updating the value in the permissionSet variable.
        • Disable the BMC Remedyforce package license assignment to imported users by updating the value of the AssignRemedyforceLic variable to false.
      4. Click OK.
    d.Provide the Salesforce organization access details.Perform the following steps:
      1. Double-click the Salesforce Upsert [For User] step.
      2. In the Salesforce Upsert window, enter your Salesforce organization user name and password.
      3. (Optional) To verify the connection, click Test connection and then click OK.
      4. To save your changes and close the window, click OK.
    e.(Optional) Update the predefined mapping between the LDAP fields and the Salesforce User object.Perform the following actions:
      1. Double-click the Salesforce Upsert [For User] step.
      2. In the Salesforce Upsert window, click Edit Mapping.
      3. In the Enter Mapping window, update mappings for other fields based on your requirements.
        For more information about mapping, see Overview of how users are imported from LDAP servers.
      4. To save your settings and close the Enter Mapping window, click OK.
      5. To save your changes and close the Salesforce Upsert window, click OK.
    f.Save the KTR file.Click Save.
  8. On the TransferLDAPInfo tab, in the Update manager information step, provide your Salesforce organization and LDAP server access details:

     Click here to see the detailed steps.
    1. Right-click the Update manager information step and select Open referenced object > Transformation.

    2. To provide the Salesforce organization access details, perform the following actions:

      1. Double-click the Salesforce Update step.

      2. Enter your Salesforce organization user name and password.

      3. (Optional) To verify the connection, click Test connection and then click OK.

      4. To save your changes and close the window, click OK.

    3. To provide LDAP server access details, perform the following actions:
      1. Double-click the LDAP Input step.
      2. In the Host section, ensure that the correct LDAP host connectivity configuration has been entered.
      3. In the authentication section, enter the user name and password of the LDAP server from which you are importing users.
      4. (Optional) To verify the connection, click Test connection and then click OK.

      5. To save your changes and close the window, click OK.
    4. To save the KTR file, click Save.
  9. To save the KJB file, click Save.
  10. In the KJB file, click Run this job.
  11. Perform one of the following actions based on the Pentaho version that you are using:

    Pentaho versionAction
    6.1In the Run Options window, click Run.
    5.4In the Execute a job window, click Launch.

    Transformation status is depicted by using the following icons:

    • — Complete
    •   — Running
    • — Unsuccessful
  12. (Optional) To view logs, in the Execution results section, click the Logging tab.
    All errors are displayed in red.

To assign permission sets to existing users by using a KTR file

To assign permission sets to existing users by using the KTR file provided in the InsertPermissions folder, you need the AssigneeId of users and the IDs of the permission sets that you want to assign to the users. You can change the permission set that you want to assign to the imported users.

  1. From the InsertPermissions folder, double-click the PermissionSetAssignment.csv file, and enter the user IDs (AssigneeIds) and the permission set IDs.
  2. To launch the Pentaho Data Integration tool, perform the following actions:
    1. Navigate to the location where you downloaded and unzipped the Pentaho Data Integration tool.

    2. Navigate to the data-integration folder and double-click the Spoon.bat.

  3. In Pentaho Spoon, select File > Open and navigate to the folder where you downloaded the Pentaho packages.
  4. To assign permission sets to existing users, from the InsertPermissions folder, open the InsertPermissionSets.ktr file.
  5. In the InsertPermissionSets.ktr file, double-click the Salesforce Insert step, and enter your Salesforce organization user name and password.
  6. To save your changes and close the window, click OK.
  7. To save the KTR file, click Save.
  8. To run the KTR file, click Run this job.

KJB and KTR files for importing users from an LDAP server

In Pentaho, metadata is stored in XML format in the file system as KTR (transformations) or KJB files (jobs). The Pentaho package includes the TransferLDAPInfo.kjb file (job file) for importing users from an LDAP server. The job (KJB) file contains a series of transformations that run in a sequence. Each transformation maps to a KTR file that is available, along with the KJB file, in the Pentaho package.

The following table provides information about the KTR files and the corresponding transformations that the KJB file contains:

KTR file

Step or transformation in the KJB file

Description

LookUpExcelExport.ktrTransfer LookUp Excel ExportExports profiles, accounts, user roles, permission sets, users, and user-account links from the Salesforce organization into separate CSV files.
None

Check if delta timestamp file exists

Checks if any time stamp file exists.

The Pentaho package utilizes a time stamp file to determine which records were added or modified since the last time the job was run.

This step is used for incremental import. If a time stamp file does not exist, the Create the initial timestamp file step is run; otherwise, the Update Salesforce with LDAP user information step.

CreateInitialTimeStampedFileForLDAP.ktr

Create the initial time stamp file

Creates the time stamp file to record the time of import.

This step is run only if you are importing for the first time or you have deleted the existing time stamp file.

TransferLDAPInfo.ktr

Update Salesforce with LDAP user information

Transfers data from LDAP server to the Salesforce organization.

The Salesforce Upsert [For User] step of the TransferLDAPInfo transformation displays the out-of-the-box fields which are mapped from the LDAP Active Directory Users. This includes fields, such as LastName, Username, Phone, MobilePhone, Fax, and so on.

TransferAccountsToUsers.ktr

Assign Account to users

Transfers relationships between users and accounts from the LDAP server to the Salesforce organization.

AssignPermissionSets.ktrAssign permission set to the new usersAssigns permission sets to the imported users.
AssignRemedyforceLicense.ktrAssign Remedyforce License to new usersAssigns the BMC Remedyforce license to the imported users.
UpdateManagerInfo.ktrUpdate manager informationTransfers the Manager field information of the LDAP User from Active Directory.
StoreLDAPTimestamp.ktr

Store the current timestamp

If the data import is successful for one or more records, the time of import is saved.


The following table provides information about the steps that are included in the TransferLDAPInfo.ktr file (Update Salesforce with LDAP user information transformation). The Pentaho package runs these steps to import users from the LDAP server into your Salesforce organization. You can view these steps only when you open the KTR file in the Pentaho Data Integration tool.

The KTR file also contains mapping of the fields in the LDAP server to the fields in the User table. For more information about mapping, see Overview of how users are imported from LDAP servers.

Step

Description

Delta timestamp

Reads the saved time stamp.

Create time based LDAP filter string

Creates a time-based LDAP filter string that is used to fetch the new records added since you last ran the job successfully.

LDAP input

Uses the LDAP filter string to fetch the defined attributes of the records from the LDAP server.

Dynamic account, profile and permission set assignment

Enables assigning account, profile, and permission set information to the records that are imported based on any of the LDAP attribute.

SortSorts the users that are imported from the LDAP server.
Unique RowsChecks that the imported users are unique so that duplicate records are not created in the Salesforce organization.
Excel OutputCreates a CSV file that contains unique imported users.
Stream lookup [For Profile]

Retrieves profiles that were exported from the Salesforce organization to a CSV file in the Transfer LookUp Excel Export transformation (LookUpExcelExport.ktr file).

Stream lookup [For UserRole]Retrieves user roles that were exported from the Salesforce organization to a CSV file in the Transfer LookUp Excel Export transformation (LookUpExcelExport.ktr file).
Stream lookup [For Account]Retrieves accounts that were exported from the Salesforce organization to a CSV file in the Transfer LookUp Excel Export transformation (LookUpExcelExport.ktr file).
Stream lookup [For PermissionSet]Retrieves permission sets that were exported from the Salesforce organization to a CSV file in the Transfer LookUp Excel Export transformation (LookUpExcelExport.ktr file).

Salesforce Upsert [For User]

Transfers imported users to the Salesforce organization.

Success rows

Stores the rows that are imported successfully.

Failure rows

Stores the rows that are not imported with error code, error description, and error fields.

Upserted UsersCreates a Microsoft Excel worksheet on your local machine which contains the users who are successfully imported to the Salesforce organization.
Add UserId

Creates an internal file which is required to update the manager information.

Related topics

Overview of how users are imported from LDAP servers

Scheduling jobs to import data

Troubleshooting common issues when importing data

Was this page helpful? Yes No Submitting... Thank you

Comments