Introduction

Manually onboarding new hires onto Salesforce can be a slow and time-consuming process, especially with all the granular permissions and licenses available in the software. As this process can be prone to human error and cause delays and security issues, the system administrator should try and automate the provisioning process as much as possible. A tool like Okta can help you achieve that automation, ensuring that new hires can start from day one with all the necessary access.

The Problem with Manual Onboarding

As mentioned above, manually onboarding users to Salesforce is a tedious process that involves creating accounts, assigning various licenses and granular access that are usually based on different criteria like location, role, reports, division, etc. One small mistake could cause permission issues and lead to the chance that other users will gain access to information they shouldn’t have—especially when Salesforce is being used to process sensitive information. Also, the time it takes to manually provision users can easily accumulate and take up a lot of the sysadmin’s time, especially in big companies.

Automating that process would greatly reduce the time needed for onboarding new hires, help you completely avoid access-based risk, and ensure that your new employee can hit the ground running from day one.

Leveraging Okta for Immediate Onboarding

To enable immediate onboarding for Salesforce using Okta, the Okta and Salesforce administrators need to work together. Here’s how we can collaborate to streamline this process:

Create Custom Variables in Salesforce:

Salesforce admins need to create custom variables that reflect the attributes required for onboarding, such as location, division, role, and manager. These variables will be crucial for defining the granular permissions and licenses each new hire requires.

Translate Salesforce Variables into Okta:

Okta admins can then translate these variables into Okta’s user profiles. This involves mapping the custom variables from Salesforce to corresponding attributes in Okta via Rules, enabling seamless synchronization between the two systems.

Leverage Okta Groups and Expression Language in Rules

By leveraging Okta groups and the powerful Okta Expression Language (EL), we can create dynamic group memberships and assign the necessary permissions and licenses automatically. This allows for precise control over who gets access to what, based on their attributes.

Use Case: Onboarding a New Marketing Hire

Let’s consider a specific use case: onboarding a new hire in the Marketing department, who needs a special Salesforce license and specific access based on their location, division, and job title.

Create a Group:

First, you need to create the group Marketing_NY_Specialist for this specific use case.

Path to Create a Group in Okta: Side menu > Directory > Groups. Click on the Add Group button.

Create a Group Assignment Rule:

Using Okta Expression Language (EL), we can create a group assignment rule to dynamically assign the new hire to the appropriate group. Here’s an example of an Okta EL query for this use case:

(user.department == "Marketing") &&
(user.city == "New York") &&
(user.title == "Marketing Specialist")

Path to Find the Group Rule Page in Okta: Side menu > Directory > Groups > choose the Rules tab at the top of the page. Click on Add Rule. Here’s what the rule could look like:

After saving, make sure to activate it by clicking on the Actions dropdown of the rule you just created:

User Gets Assigned to a Group:

Once the rule is activated, any user matching the criteria will automatically be assigned to the Marketing_NY_Specialist group.

Setup Salesforce Assignment Within the Group:

After the user is assigned to the group, you need to set up the Salesforce assignment within that group to ensure the proper license and access.

Access the Marketing_NY_Specialist you just created, and then the Applications tab. Click on Assign Applications and choose Salesforce:

In the next section, work together with your Salesforce admin to understand the specific and/or custom access/profile/role/license that every user in the Marketing_NY_Specialist group will need.

For detailed steps on how to bulk assign applications to a group, refer to this guide.

By following these steps, you can ensure that the new hire in the Marketing department is immediately provisioned with the correct Salesforce license and permissions, based on their specific attributes. This process significantly reduces the time and effort required for manual onboarding, ensuring accuracy and efficiency. Here are some estimated benefits:

• Speed: Immediate provisioning can reduce onboarding time by up to 90%, allowing new hires to start working without delays.
• Accuracy: Automated assignments eliminate manual errors, ensuring that new hires have the correct permissions and access from the start.
• Efficiency: Sysadmins and the IT team can focus their time on more important tasks, instead of fixing incorrect access or putting out data security risk fires.

Conclusion

By automating the onboarding process for Salesforce using Okta, sysadmins can not only save time but also enhance security and efficiency for their organizations. By leveraging custom rules, Okta groups, and Expression Language, we can ensure immediate and accurate provisioning for new hires. This approach not only streamlines operations but also provides a better onboarding experience, enabling new employees to contribute effectively from day one.