Provisioning in Salesforce can be more complex than in the average SaaS application. This is due to Salesforce's complexity and how it is managed within some organizations. 

In our experience, Salesforce is managed by a dedicated team of technical experts, not necessarily within IT. This is because Salesforce is at the sharp end of the business and heavily customized to meet the needs of complex sales and marketing organizations. 

Salesforce onboarding workflow in Trelica

Handling provisioning in Salesforce is a critical task that requires care and precision. However, automating and streamlining this process is equally important, freeing up the Salesforce team’s resources for more strategic business support.

In this article, we’ll show you how Trelica can solve the problem with an out-of-the-box solution. So, whether it’s IT or a dedicated Salesforce team, you’ll leave behind the custom-built in-house solutions and save time, money, and hassle.

The difficulty of Salesforce provisioning

Before we get into solutions, let's quickly identify the fundamental challenges with Salesforce provisioning:

  1. Data Dependency: Salesforce licensing often depends on employee data, such as role, seniority, department, etc.
  2. Licensing Complexity: Salesforce user management isn't just about creating a user account. It involves a multi-layered system of:some text
    • Licenses: Determining the appropriate license type (e.g., Sales Cloud, Service Cloud, Platform)
    • Permission Sets: Assigning additional permissions that extend a user's access beyond their base profile
    • Salesforce Profiles: Configuring pre-defined sets of permissions that also confer licenses

This intricate system means that proper Salesforce user provisioning requires careful consideration of multiple factors and precise configuration across several interconnected elements.

Managing employee data outside of your HR system for the sole purpose of provisioning in Salesforce poses a potential compliance concern. This is because it introduces additional data access points and potential security risks. It is also yet another piece of custom middleware and persistence to actively maintain.

While the HR system provides details required for correct provisioning in Salesforce, it’s not usually the trigger for a person to join. Typically, that would be the identity provider (IdP), like Okta, EntraID or Google Workspace. These systems provide real-time access to user lifecycle events and are also responsible for authentication and authorization. 

Without a platform such as Trelica to orchestrate the provisioning, you’d also need to build out the integration with an IdP to trigger your custom workflows. Trelica simplifies this process by providing seamless integration with your chosen IdP, ensuring user access to Salesforce is always up-to-date and secure.

Trelica - Salesforce integration features

Salesforce provisioning with Trelica

What are the ingredients needed to make Salesforce provisioning seamless? 

  • Employee data: Trelica integrates with your HR system to gather critical information like seniority, team, and role.
  • Authorization data: With a direct connection to your IdP, Trelica knows when your employees have joined the organization and can be provided with access to Salesforce.
  • Salesforce data: Trelica’s integration with Salesforce pulls in all standard and custom fields for users. So, there is no need to do any manual work after provisioning to update new users with the correct information.
  • Automation: Trelica workflows provide a no-code solution for pulling all the data together at the right time to provision a user in Salesforce with the correct data.
  • Collaboration: Get alerts on Slack, Teams, or email where it makes sense for you, whether at the beginning, middle, or end of the process. For example, you can set up alerts to notify the Salesforce admin when a new user is provisioned or to inform the user's manager when their access is ready. These alerts can be customized to suit your organization's specific needs and workflows.

Automating Salesforce Provisioning with Workflows

Every organization we work with has different requirements for provisioning, but let’s use a simple example from one of our customers to give you a flavour.

Step 1: Trigger the workflow

When a new employee joins, the Person joins trigger starts the workflow.

Step 2: Apply a filter

The Person condition filter lets you decide who can pass to the next stage. One customer uses Seniority to decide what Salesforce license to provision, e.g., Standard vs. Platform. The filter step could use any other attribute Trelica is syncing from your IdP or HRIS. The filter sends people matching one seniority level (>=6) down one arm of the workflow and the others (<6) down the other.

Salesforce provisioning: Person condition step

Step 3: Provision the user

Once the employee has passed the filter, they are assigned the relevant Salesforce profile/license combination in the specialized Create Salesforce user step. Trelica knows which fields are mandatory in Salesforce, so this step is where the data comes together to populate the Salesforce user with the correct details.

Salesforce provisioning: create Salesforce user step

Step 4: Notify the relevant people

At the end of the workflow, we might add a step to inform the relevant people of the successful provisioning. An example of this would be the Send Microsoft Teams message step. This could be the workflow owner, most likely the Salesforce admin, or the person’s manager, for example.

Salesforce provisioning: Send Teams message step

Next steps

This simple example shows what’s possible for a single scenario. It’s only simple because all of the complexity is abstracted, allowing you to focus on getting the business logic right and checking the output. There are a myriad of other automation use cases we could discuss, not least Salesforce offboarding. Here’s a flavor of the depth of our integration with Salesforce, and that’s only our current User actions:

Salesforce User actions steps

If the logic becomes more complex, for instance, if there are more than the two Salesforce user types included the example above, Trelica supports lookup tables to streamline the process. These lookup tables allow you to dynamically set Salesforce attributes based on reference values, using a simple array structure. This approach eliminates the need for numerous nested, conditional steps, which would otherwise result in a very complex workflow. By leveraging lookup tables, you can easily scale your user type management while keeping your workflow efficient and maintainable. We'll explore this feature in depth in a future article.

Trelica lookup tables

For now, our message is this: If you’re a Salesforce admin or IT team in charge of Salesforce provisioning, let us help you bring it all together and streamline the process.