Introduction
The purpose of this article is to provide you with the necessary information to set up the user provisioning in Docebo with SAML, OpenID Connect, and Auth0.
When the SSO is configured, users defined in the Identity Provider will be provisioned in Docebo straight away, together with the selected attribute used for the login (i.e. username, email address, name, and surname), so that they can access and use the platform with no delays caused by the provisioning of secondary user data and additional fields. This data will be provisioned afterward with the standard provisioning delays.
Because of the SSO configuration, data will also be continuously synchronized in Salesforce, Docebo, and in the Identity Provider databases.
Begin by activating the user provisioning toggle for the Identity Provider you are using in the user Import Options section of the user synchronization area in the Salesforce configuration section in Docebo.
Activating User Provisioning
In order to trigger the user provisioning in Salesforce, you must create and configure these parameters in your SSO provider:
- Integration. Set this value to salesforce. Please note that this field is case-sensitive and that this value cannot be changed: the user provisioning works only when this parameter is set as described.
- sfdc_user_type. Explains whether the provisioned user is a user or contact in Salesforce.
- sfdc_id. You need to use the 18-digit version of this field. Please note that the 15-digit ID is not usable at all
Without these three parameters, the user provisioning between your Identity Provider and Salesforce will not trigger. Please note that this is an advanced integration, so the person in charge of managing this configuration should be very knowledgeable in both the SSO provider of choice and Salesforce.
Managing User Additional Fields
When provisioning users in Docebo and Salesforce, Salesforce is the data master for user additional fields, as well as for any user data. When setting up the integration with your Single-Sign-On provider, do not enable the provisioning of the additional fields in the User Provisioning section of the configuration panel of the Single-Sign-On provider in Docebo.
Also, never provision branch codes and the branch names in order not to interfere with the organization chart management configured in the user synchronization between Salesforce and Docebo.
Disclaimer
This article describes the synchronization process and how to use the integration in detail. Please note, however, that the integration covers a large number of scenarios and it is not possible to list all of them here. If this documentation does not provide enough information for your specific case, please contact us via the Help Center.