Security Settings
...
At search time when users log into ViaWorks they are authenticated with Active Directory. Fields in this needs to log into their Salesforce accounts in ViaWorks.
Identification
Authorization
Items User attributes for the authenticated user are used to find a username in Salesforce. This happens automatically in the plug-in and the user does not need provide the Salesforce credentials.
Identification
To be able to identify the user in Salesforce the Salesforce username must be stored for the authenticated AD user. The connector first checks if the UserPrincipalName is a username in Salesforce. If a user is not found, then the AD attributes Proxyaddresses and Mail are examined for a Salesforce username. If the Salesforce user can not be determined for this AD user, no access tokens and search hits from Salesforce will be provided for the authenticated user.
Authorization
Document items are marked with a list of Salesforce groups and user SIDs at fetching time. At search time, users are given SIDs based on the Salesforce account associated with the ViaWorks login.
Example:
- Salesforce_999 005A0000004wzojIAA (User)
- Salesforce_999 00GA0000001LnPuMAK (Group)
- Salesforce_999 Account (View all account - from user settings)
- Salesforce_999 AllData (View all data - from profile settings)
- Salesforce_999 Users (View all users - from profile settings)
...