Hi. I am configuring Access Manager for Salesforce integration, roughly
based on the Cool Solutions article http://tinyurl.com/3ulgfuf

Our users are stored in eDirectory and they have a custom attribute
called employeeID. This employeeID, concatenated with an "@" sign and a
domain name, is the username at Salesforce. Note that although the
username is in email format, this is NOT the email address of the user,
so we cannot just send the value of the mail attribute in the

For example, for the user John Doe, his username at Salesforce is
111@mycompany.com, but his email address is jdoe@mycompany.com

From the Identity Server documentation, I know that I will have to
configure User Matching Expression to match users at Salesforce. My
question is : How can I configure this so that the employeeID attribute
concatenate with a string, namely "@mycompany.com" in this example to be
sent in the assertion for Salesforce to use with the Salesforce
configuration "SAML User ID Type" being "Select "Assertion contains
salesforce.com username"?

Thanks in advance for answering.


ndrw_cheung's Profile: https://forums.netiq.com/member.php?userid=5241
View this thread: https://forums.netiq.com/showthread.php?t=47942