You need to sign in to do that
Don't have an account?
![reeti bibhuti reeti bibhuti](https://dfc-org-production.my.site.com/img/userprofile/default_profile_45_v2.png)
JIT Not working for Internal Users
Hello,
I set up the JIT SSO configuration for communities and passing these attributes :
I set up the JIT SSO configuration for communities and passing these attributes :
Contact.Email |
Contact.LastName |
User.Email |
User.FederationIdentifier |
User.LastName |
User.ProfileId |
User.Username |
eduPersonPrincipalName |
givenName |
surname |
uid External users can log in and it also creates a new community user but for existing internal users. I am getting errors : https://abc.my.salesforce.com/_nc_external/identity/saml/SamlError?ErrorCode=5&ErrorDescription=Unable+to+create+user&ErrorDetails=Changing+User+Type+from+Standard+to+MSSC+Community+Portal+Login+User+is+not+allowed.+Select+a+different+profile. |
https://support.box.com/hc/en-us/articles/360043695094-Collecting-a-SAML-Trace-to-Troubleshoot-SSO-Issues
They can use the same credentials for logging in org as well as in community so no need to pass contact and account information.
Below are the user details which you need to pass in order to create a standard user using JIT and if you want to update more fields of user then just add it:-
User.Username=test2@test.com;
User.Email=test2@salesforce.com;
User.LastName=test2last;
User.ProfileId=Standard User
Thanks
https://developer.salesforce.com/docs/atlas.en-us.sso.meta/sso/sso_jit_requirements.htm
You can refer the below article for portal users:-
https://developer.salesforce.com/docs/atlas.en-us.sso.meta/sso/sso_jit_portal_requirements.htm
For Standard User below are fields which you need to pass and if you want to add more then refer above article:-
User.Username=test2@test.com;
User.Email=test2@salesforce.com;
User.LastName=test2last;
User.ProfileId=Standard User
For PortalUser below are fields which you need to pass and if you want to add more then refer above article:-
Contact.Account=001U0000004Pqwau200Bt;
Contact.LastName=user8;
Contact.Email=customeruser8@cmort.org;
User.LastName=user8;
User.Email=customeruser8@cmort.org;
User.Username=customeruser8@cmort.org;
User.ProfileId=00eU0000000MKc9;
User.PortalRole=Worker
Which third party you are using as an IDP and how you are testing the scenario for community user?
I think the best option will be to reach out to your IDP to help you further as every IDP has different setup.
Unless you have separate SPs set up for employees and students, Shibboleth will return both sets of attributes for all users since it has no way of knowing who is who or to withhold any attributes. Is this what you really want?
Students: Community profile Users
Employee : Salesforce Standrad profiles