You need to sign in to do that
Don't have an account?

Custom Profiles in Azure AD Single sign on
We tried to set up single sign on in Azure AD. We followed all the steps from the tutorial
https://azure.microsoft.com/en-us/documentation/articles/active-directory-saas-salesforce-tutorial/.
In step 3, assigning users to the saleforce, we dont see the custom profiles from salesforce. We see only standard profiles.
We tried JIT user provisioning with standard type but still no custom profile is available in the azure ad side.
Does anyone know any fix for this? Thanks in advance
https://azure.microsoft.com/en-us/documentation/articles/active-directory-saas-salesforce-tutorial/.
In step 3, assigning users to the saleforce, we dont see the custom profiles from salesforce. We see only standard profiles.
We tried JIT user provisioning with standard type but still no custom profile is available in the azure ad side.
Does anyone know any fix for this? Thanks in advance
1) Production Setup:
When we perform the task in Active Directory to Assign a User, we do not see any of the custom profiles that exist in Salesforce. In our developer instance and a test Azure Active Directory, every profile, including a custom one, is available.
2) Test Setup:
Once the initial setup is completed, we see all the profiles from Salesforce available to assign to a user in Active Directory. However, if a new custom profile is created, that never seems to come available in Active Directory.
Any ideas on what to try or other resources?
I'm not an Aure AD expert, but as of Jan 2021, I will say that the way I got this working was setting up Auto Provisioning in Azure AD so that Azure can call into and read the target Salesforce org. Let the provision run once, and then once that was done, go back to setting up your users in Azure AD and all the profiles were up to date. There didn't seem to be a way to have an accurate profile list of your target org without doing this, or at least I couldn't find another way.
Note that turning on and configging auto-provisioning is something else beyond my response, mainly because I couldn't get it to work with my Developer Edition. :P
I was trying to set this up in an Salesforce Developer Edition, and while I could connect to the org, I could never get provisioning to work because my Developer org had two profiles both named "Authenticated Website". Azure wouldn't sync because it expected a unique name for the list of profiles. Makes sense, SF doesn't let you create profiles with the same names, but in looking at all my developer edition trial orgs, they had the same problem. No idea why.
But if you got yourself a prouction org, then maybe this tutorial will be helpful: https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/salesforce-provisioning-tutorial
Good luck!
Encountered the issue as well with only standard profiles displaying. Try the following:
1) Go to the provisioning section in Azure.
2) Under the option Provisioning mode, select 'Automatic'.
thanks
Thanks in advance!
This will eliminate the duplicate profile names so that you can get the correct profile names in AAD from the developer environment.
One more thing!
Please make sure to check the Enable Single Sign-On checkbox in your profile settings.
Below are the steps to update the profiles in the Azure AD Salesforce Enterprise Application
You may need to make additional changes depending on your configuration. Contact me or reply to this post if you need additional support.
Please give a thumbs up if this guidance was useful to you.
Best,
Ty
enthyco.com
If you don't want to provision users and don't want to choose a role you need to do:
- App registration
- Manifest change isEnable > false
- App roles delete them all.
- Add the users in the enterprise application
Manage the users in salesforce instead with your custom roles.