Permission Set to Active Directory Group Mapping behavior in Identity Connect 1.0.4
|Knowledge Article Number||000205392|
|Description||The following is Permission Set to Active Directory Group Mapping behavior in Identity Connect Version 1.0.4|
|Resolution||1) Adding a permission set and mapping it to None ( AD Group) will result in the users being removed from the permission set.
2) Adding a permission set and mapping it to a AD Group will cause the users in that AD Group get the assigned permission set.
3) Deleting a permission set to AD Group mapping will cause the users already linked to that permission set , be removed from that permission set.
4) Update cache will cause any PermissionSetAssignments associated with the mapped PermissionSets to be Sync'd to Identity Connect. As a consequence this will cause the latest AD Group to permission set mappings to take affect. ( Any changed prior that meet conditions 1,2,3 above will also be honored)
5) Scheduled Sync, LiveSync and 'Sync Now' will all cause PermissionSet mappings to be applied to Salesforce and PermissionSetAssignments to be updated accordingly.