Just getting around to setting up some more detailed reporting in our OneLogin setup, and I'm not sure how to go about the title to this question. How would I create a new notification to alert us when a user account gets reactivated in any way and by whom it was done by?
This has been somewhat helpful, but I feel like there are more OL database values that can and/or need to be used to get what I need.
In your administration panel there is a tab for Notifications under the Activity tab. You are able to configure a email notification whenever an account is reactivated.
Upon getting the email you can log into your administration panel and view the user profile within the account to view who made the changes.
I am not an expert on the UI side of Onelogin, but I work on the engineering team. There may be an easier way to do this, but the functionality is there.
Related
Context:
We're using Publift (an ad bidding platform) for advertisement on our site.
We would like to have the ad display/hide upon user subscription status (paid / non-paid)
Problem:
We tried to load/unload the ad script conditionally and it works in most cases. Even though, when we load it, a few external scripts (loaded by Publift) will add anonymous listeners to the DOM, and we have no way to get rid of it. After that, user comes into the paid mode, the listener still exists and show the ad unintendedly.
Anyone experience with with similar ad platform and figure out better approach? Appreciate it with any of your help!
I have a little bit of problem with the authentication on Sitecore website. Basically there is a button on the navbar, and when user clicks on the button, it redirects the same user to Salesforce to log in (Implementation of SSO). Basically I am using Salesforce as a identity provider and Sitecore Website as a service provider. Now I have a question? When user is logged, how can I get the ID of that user.
Do users in Sitecore User Manager have the same ID as the users in Salesforce, or I can just get a email to identify the user?
P.S: Sorry if this is a really stupid question, but I am a begineer when it comes to making Sitecore websites and the SAML SSO. Thank you in advance
Stop with the Sitecore and Salesforce for a second, you'll need to cover some basics and click through the login process manually before you automate it.
You probably are using a "connected app" in Salesforce that includes OAuth2 config (consumer key also known as client id; a secret; a list of scopes telling what this app is allowed to do on behalf of this SF user; a list of allowed urls that can login using this consumer key and secret. Etc.) It might even have something about Canvas Apps at bottom of the page.
Next would be - who's logging in. A core Salesforce user or do you have Partner Community, Customer Community (recently rebranded to "Digital Experiences").
Open incognito window and go to https://openidconnect.herokuapp.com/
For login host leave as is if you have production user or test.salesforce.com if you go from sandbox (you can also use branded urls, mycompany--dev.my.salesforce.com etc). If you have a community user you'll have to change the url to whatever is the community base url, like https://dev-mycompany.cs123.force.com/mycommunity
Don't change anything else, click next, next, next. This will take you through OAuth2 "web server flow" (one of many ways to log in). You type the username/password to SF screen and go back to that herokuapp with "authorisation code". The app has few minutes to swap that code for actual final "access token" and couple other pieces of info. Final step in this wizard calls OpenId "userinfo" - returning some info about the user that logged in. That's where you could pull the email if needed (and if there are extra fields you'd like SF to return in this process that's configurable too)
Close that browser window. Check the "connected app" in SF. Open new incognito window, do same thing but this time put your url, consumer key and secret (you might have to edit the app in SF first to allow callbacks to https://openidconnect.herokuapp.com/callback).
So now you should have rough idea about whole login process. Your sitecore app probably does same thing, receives authorisation code and exchanges it for final token. At that point you have valid SF session ID you could use to call that "userinfo", run queries (if the app allowes API access, check the "scopes") etc.
I doubt the Sitecore developer created it all by hand, you probably have some Spring stuff like spring.security.oauth2.client... My Java days are long gone but if you get better at manual click-click-click through the flow you should be able to follow existing code?
It's a big topic and there are other ways to do it (other OAuth flows, sending info about the current user when you have external page embedded in SF as iframe, you'd need to read about "canvas apps")... but that's best guess based on info you provided. You might want to check some trailhead courses too like https://trailhead.salesforce.com/content/learn/projects/build-a-connected-app-for-api-integration/implement-the-oauth-20-web-server-authentication-flow
https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/intro_oauth_and_connected_apps.htm
https://developer.salesforce.com/docs/atlas.en-us.api_streaming.meta/api_streaming/code_sample_auth_oauth.htm (Java but very hand-crafted raw HTTP, probably that Spring security is better)
I am new to Salesforce, but am an experienced developer. I am provided a link to a Salesforce report, which mostly has the right filters (query). I would like to use an REST API to pull that information as CSV or JSON so that I can do further processing on it.
Here are my questions:
Do I need special permissions to make API calls? What are they?
Do I need to create an "app" with client-key & secret? Does my admin need to grant me permission for this too?
There are a lot of REST APIs from Salesforce, which one do I need to get the info from the report? Analytics?
How do I authenticate in code?
You'd have to work with the System Administrator on the security pieces. Anybody who knows how the company works, can all users see everything, is there Single Sign-On in place, how likely is the report to change...
You will need an user account to pull the data. You need to decide if it'll be some "system account" (you know username and password and have them stored in your app) or can it run for any user in this org. It might not matter much but reports are "fun". If there will be data visibility issues 6 months from now, you'll be asked to make sure the report shows only French data to French users etc... you can make it in report filters or have multiple reports - or you can just use current users access and then it's the sysadmin that has to set the sharing rules right. (would you ever think about packaging what you did and reusing in another SF instance? Making a mobile app out of it? Things like that, they may sound stupid now but will help you decide on best path)
The user (whether it'll be system account or human) needs Profile permissions like "API Enabled" + whatever else you'd need normally ("Run Reports" etc). If you're leaning towards doing it with system user - you might want to look at Password Policies and maybe set password to Never Expires. Now this is bit dangerous so there would be other things you might want to read up about: "API only user" (can't login to website), maybe even locking down the account so it can login only from certain IP ranges or at certain times when the job's supposed to be scheduled...
Connected App and OAUth2 stuff - it's a good idea to create one, yes. Technically you don't have to, you could use SOAP API to call login, get session id... But it's bit weak, OAuth2 would give you more control over security. If you have sandboxes - there's little-known trick. You can make connected app in production (or even totally unrelated Developer Edition) and use client id & secret from it to login to sandboxes. If you create app in sandbox and you refresh it - keys stop working.
(back to security piece - in connected app you can let any user allow/deny access or sysadmin would allow only say these 3 users to connect, "pre-authorize". Could be handy)
Login - there are few REST API ways to login. Depends on your decision. if you have 1 dedicated user you'll probably go with "web server flow". I've added example https://stackoverflow.com/a/56034159/313628 if you don't have a ready SF connection library in your programming language.
If you'll let users login with their own credentials there will be typical OAuth "dance" of going to the target page (Google login, LinkedIn, Twitter...) and back to your app on success. This even works if client has Single Sign-On enabled. Or you could let people type in their username and pass into your app but that's not a great solution.
Pull the actual report already
Once you have session id. Official way would be to use Reporting API, for example https://developer.salesforce.com/docs/atlas.en-us.api_analytics.meta/api_analytics/sforce_analytics_rest_api_get_reportdata.htm
A quick & dirty and officially not supported thing is to mimic what happens when user clicks the report export in UI. Craft a GET request with right cookie and you're golden. See https://stackoverflow.com/a/57745683/313628. No idea if this will work if you went with dedicated account and "API access only" permission.
I have a UI that needs to either show icons on a timeline view or not based on user profile. How can I show for some users and not for others? For example : the Sports Admin team needs to see the scores of all teams over time in the view (showing all years visually) but the players (when they login to the same web app) only see the timeline view with their team's performance over the years (not other details for a particular year). How can I achieve this? I am using Angular JS and javascript
I have looked into role based SSO login and show selectively and also cookies. My goal is faster performance - meaning the page needs to load fast.
I was able to find a solution for the problem above that we have been facing. After many design sessions, the best approach was to have a "User Settings" link that would save the preferences at a backend database per user id that's already captured via SSO login. The backend returns data based on the user settings as the queries to get data from backend are now made dynamic to take the selections from User Settings into account while querying the backend. As a result the front end shows data specific to user.
Tested this and seems to work perfectly without any affecting any page load performance whatsoever.
I'm working on a Proof of Concept. I would like to have be the homepage be g.co/hangouts in a conference room where it shows all the meeting in that room.
I think to do this I would either have to sign into google with the resource's account info OR have a user account named "UserRoom1" and whenever someone, using their own account schedules the resource "Room1," "UserRoom1" is invited to that meeting.
any way this can be accomplished? I want to make this as invisible/user-proof as possible so asking users to remember to simply invite "UserRoom1" to all of the meetings in "Room1" is significantly less ideal.
I wanted to do the exact same thing, and I think it is only possible if you buy one of Google's Chromebox for Meetings products, which costs a minimum $1K, and then requires a $250/yr subscription after the first year. This page shows how to associate a Chromebox for Meetings with a calendar, which seems to be the functionality we are missing. Ultimately I think you have to do the "User as Resource" setup, so "UserRoom1" shows up in the list as a user (rather than a resource). Slightly janky but it mostly gets the job done.
We also have a few common hangouts that I have bookmarks set up for on the conference room computer's Chrome bookmarks bar, so we're not totally bound to the meeting invite hangouts.