Salesforce Integrations

Let Oomnitza be your single source of truth!

With Oomnitza you get visibility of Salesforce user data as the data is automatically transformed into consumable information and actionable insights.

Connect Oomnitza + Salesforce in minutes

Get the information and insights that you need to reduce costs and the time that you spend on administration tasks such as:

  • Configurable dashboards and list views of key information

  • Configurable workflows that you can create:

    • For managing the provisioning of hardware to employees

    • For tracking the assignment of virtual machines (VMs) to employees

    • For deactivating underutilized SaaS accounts

    • For deleting the subscriptions of the SaaS accounts of employees who have left the company

  • Configurable reports to share information about users with your colleagues and management

Before you start

Complete these actions:

Set up the Oomnitza connector

To set up the Oomnitza connector on your platform, see Oomnitza connector.

Set the global subdomain address for Salesforce

Instead of entering the subdomain address for Salesforce each time you create a workflow, you can set a global default for the subdomain address.

  1. Log in to Oomnitza.
  2. Click Settings > Global Settings.
  3. Select Salesforce.Subdomain and click Edit variable.
  4. Enter your subdomain address. For example, if your subdomain address is “https://<>”, you enter <> as the subdomain address. 


When you create Oomnitza integrations or add credentials in Oomnitza for Salesforce, the subdomain address will be automatically populated.

Create 0Auth 2.0 credentials

To stream Salesforce user data into Oomnitza, you must add 0Auth 2.0 credentials to the credentials vault in Oomnitza. 

To do this:

Create OAuth 2.0 credentials for Salesforce

To learn more about creating 0Auth 2.0 credentials for Salesforce, see: 

Add 0Auth 2.0 credentials to the vault in Oomnitza

When you’ve created your 0Auth 2.0 credentials, complete this task:

  1. Click Settings > Credentials, and then click Add new credentials (+). 
  2. Enter the information details and the authorization details.
  3. Authenticate and then click Create.

For more information, see Oomnitza vault

To add credentials to the Oomnitza vault, you need the client ID and client secret that was generated when you created your 0Auth 2.0 credentials. 

You also need to enter values in the following fields


The value that you enter enter a value is full refresh_token offline_access. For more information, see the OAuth scopes section in OAuth Tokens and Scopes.


The subdomain is automatically set if you’ve added it to your global settings. See Set the global subdomain address for Salesforce.

Integrate Salesforce with Oomnitza

Info and connect details

  1. Click Settings.
  2. On the Integrations page, scroll down to User Integrations.
  3. In the Extended section, click NEW INTEGRATION.
  4. In the New User Integration sidebar, click Salesforce.
  5. To integrate Oomnitza with the Salesforce User Load, click APPLY and then click NEXT twice.

On the Connect page, complete these steps:

  1. Enter a descriptive name for the integration such as Salesforce Users. That'll be the name of the integration that is shown on the Integrations page.
  2. From the User Selection list, select User plus SaaS User.  
  3. Select Cloud as the installation type.
  4. From the Credentials list, select the credentials from the Oomnitza vault that you added for the connection.
  5. Enter the name of the user of the integration.
  6. Enter your Salesforce subdomain.
  7. Click Next.


Map the Salesforce fields to Oomnitza fields and create custom mappings to get the information that you need to manage your desktop assets.

You can map the following Salesforce fields to Oomnitza:

  • Email
  • Salesforce Username
  • User ID
  • Connector Sync Time
  • Is Active?
  • User Role ID
  • User Type
  • User’s Last Login

More information Object Reference for Salesforce and Lightning Platform | User

Do you want to map more Salesforce fields to Oomnitza? Contact

Use a filter to exclude system users

By default, information is collected about all active users of Salesforce. For example, when the Salesforce Object Query Language (SOQL) query is run to collect user information, user information is also collected about guests and other types of system users.

To exclude the user information, such as user information about guests and automated processes, complete these steps:

  1. On the Mappings page, click Edit Connector.
  2. Click create/update the record in Oomnitza if.
  3. Click Add Condition.
  4. For each type of user, complete these steps:
    1. Select Connector field value
    2. Select User Type.
    3. Select does not equal.
    4. Enter the type of user, such as Guest, CloudIntegrationUser, and AutomatedProcess
  5. Click Save.


Only the user information that you want to upload is streamed to Oomnitza.

Learn more about mapping.

Create workflows

Before you create workflows to get actionable insights, you must retrieve information about SaaS users. 

Retrieve SaaS user information

  1. Click Software
  2. From the Workflow list, click SaaS Users
  3. Click Add (+).
  4. Enter the name of the workflow such as Retrieve Salesforce SaaS information. You can also enter a description of the workflow so you know what the purpose of the workflow is.
  5. Click Add new.

Edit the begin block

The begin block is the workflow’s trigger. In this case, you create a workflow that retrieves SaaS user information from Salesforce.

  1. Click Edit.
  2. Enter a description of the workflow such as Upload SaaS user info for Salesforce
  3. Configure the schedule so that the user information is streamed to Oomnitza when your system is least busy.
  4. Select run for Active records.
  5. Click Add Rule and add this rule: SaaS name = Salesforce.
  6. Click Save.

Learn more about the Begin block

Edit the SaaS User Role retrieval block

  1. Drag and drop the SaaS User Role retrieval block onto the Sandbox, and then click Edit.
  2. Select Salesforce User Role and click the arrow (>).
  3. Complete the following actions:
    1. Select the credentials that you added to the Oomnitza vault.
    2. Enter the subdomain. You don’t need to do this if you set up a global subdomain.
    3. Enter the version of the Salesforce API.

By default, the Deactivate checkbox is selected. This means that information about SaaS user accounts that were deactivated in Salesforce won’t be uploaded to Oomnitza.

Learn more about the SaaS user role.

You can add additional features to your workflow. For example, you can add a Notifications block to send messages. See Add metadata to notifications.

Connect the blocks

To complete the workflow, you connect the blocks.


  1. Link the boxes as shown in the diagram.
  2. Validate, launch, and save your workflow.


Depending on the schedule that you configured in the Begin block, the SaaS user information, such as the user role and last login date is streamed to Oomnitza.

Deactivate SaaS users

You can easily create a workflow in Oomnitza to deactivate SaaS users in salesforce.

  1. To create a new workflow, complete the steps in Retrieve SaaS user information.
  2. Edit the Begin block, and add rules to specify the criteria that you want to use for deactivating users such as:
    1. SaaS name = Salesforce
    2. Last login date Days before 30
  3. Save your changes.
  4. Drag and drop the API block onto the sandbox.
  5. Click Edit.
  6. Select Salesforce Deactivate User.
  7. Add the following information:
    1. Credentials
    2. Subdomain
    3. API version
  8. Save your changes and link the boxes to create the workflow.
  9. Validate, launch, and save your workflow.


Depending on the criteria that you specified in the Begin block, the SaaS account in Salesforce will be deactivated when the workflow is run.

Have more questions? Submit a request


Please sign in to leave a comment.
Powered by Zendesk