0

我想在 okta 中有多个销售人员“应用程序”,每个都配置有配置。将有一个“基本”帐户,它实际上提供基本销售人员帐户。但后来我想在 okta 中配置额外的销售人员“应用程序”,它们只是提供(或删除)额外的权限集 - 向基本帐户添加或删除权限集。这些权限集表示授予或撤销对托管在同一 salesforce 组织中的自定义 force.com 应用程序的访问权限。

我尝试使用以下映射来执行此操作:

Okta User Profile / user
  Arrays.add(salesforce_1.publicGroups,'My perm set')

映射到:

Salesforce.com (add my perm set) / appuser
  salesforceGroups

这个想法是上面只会将“我的烫发集”权限集添加到销售人员帐户已经拥有的任何权限集。

但它给了我以下错误:

Unable to resolve salesforce_1 in expression Arrays.add(salesforce_1.publicGroups,
'My perm set'). Attributes from the same profile cannot be mapped to each other.

我也没有看到我有机会在哪里配置取消配置逻辑......这将是:

Arrays.remove(salesforce_1.publicGroups,'My perm set')

有什么方法可以实现我在这里尝试做的事情吗?

4

1 回答 1

0

The provisioning in Okta is tied to a named account in SFDC. What you are trying to do will not work because each SFDC app in Okta will provision or deprovision the actual SFDC account of the user. You can't really split things up as you've intended within Okta.

You will need to rely on updating the user profile in a single okta app instance - keeping track of the consolidated permissions needed each time you update the user to make sure "all the permissions" governing "all the custom force apps" are captured.

于 2015-12-30T19:51:09.053 回答