Single Role Feature (Optional)


Note: This section only applies if you are using the Security Connector.

There are two ways to implement Sitecore roles. Ony one should be chosen:

    • Multi-Role using fields in the contact (or lead) record to specify the Sitecore role(s). This is the default. One or more Sitecore roles have the same names as selections in a custom multi-pick list in the Salesforce contact (or lead).
    • Single-Role using the Salesforce Account to specify the Sitecore role. All contacts that belong to the Account will be Sitecore users in a Sitecore role with the same name as the Salesforce Account. Single-Role is not as flexible as Multi-role.

Single Role

The Sitecore role equates to the Salesforce account. In this configuration, each contact can only have one role (the associated Account). An account can be made a Sitecore role by checking the Sitecore Role checkbox in the Sitecore section of Account. Single-Role cannot be used with leads because they do not have a relationship with the Accounts object. This section covers the additional steps to set up Single Role role support for all Salesforce editions.

Salesforce Enterprise / Unlimited Edition Single-Role Download

For organizations using the Enterprise / Unlimited Edition who only want a single role associated with the account object should use this package download.

Note: The package for the Enterprise / Unlimited Edition contains APEX classes and Triggers that cannot be installed on Salesforce Professional Edition. This will mean that the Enterprise / Unlimited Edition package has additional installation steps that are not displayed for the FuseIT Sitecore for Salesforce Standard Edition installer.

Salesforce Professional Edition Single-Role Download

For all other Salesforce Editions, use this package download (where a single role associated with the account object is required)

Accounts Page Layout

Account Settings

To enable Contacts to log into Sitecore, their Account need to be Sitecore enabled.

Add new custom field

Navigate to an existing Account and edit the page layout > Add a new Section to the bottom of the Account details called Sitecore > Add the new custom filed called Sitecore Role.

Adding the Sitecore Role Field to the Account Page Layout

Save the modified Account page layout.

Auto-population with Single Role

If the FuseIT S4S Single Role package has been installed then checking the Sitecore Role checkbox on an Account will automatically create Sitecore usernames and passwords for each Contact belonging to that Account. The Salesforce Account will be exposed as a Role in Sitecore with the same name.

Enabling the Salesforce Account as a Sitecore Role

The default Username will be the Contacts name with whitespace and special characters removed.

  • The password will be set to Passw0rd
  • The Sitecore password will be encrypted.

Example default Username and Password for Jack Rogers Contact


Note: The Standard Edition package will not automatically create Sitecore Usernames and Passwords for each Contact. These will have to be manually entered.


Note: The Standard Edition package will not automatically encrypt the Contacts password when it is entered. The encryption of the password will take place on the first successful login into Sitecore by the Contact.

Example of Standard Edition Contact where Password is not yet Encrypted.

Please ensure that the Salesforce Configuration (required) steps at the beginning of this document have been completed.

Enabling the Switching Providers for Single Role

Add new providers by domains

Ensure the standard Sitecore security providers have been configured. After making these changes you need to configure the S4S security providers by adding the following elements:

  •  To the sitecore » switchingProviders » membership element (the order is not important)
<provider providerName="salesforce" storeFullNames="false" wildcard="%" domains="salesforce" />

  • To the sitecore » switchingProviders » roleManager element (the order is not important)
<provider providerName="salesforce" storeFullNames="false" wildcard="%" domains="salesforce" />

  • To the sitecore » switchingProviders » profile element (it must come before the "sql" definition in this group)
<provider providerName="salesforce" storeFullNames="false" wildcard="%" domains="salesforce" />

Enabling the Switching Providers Example

      <provider providerName="sql" storeFullNames="true" wildcard="%" domains="*" />
    <provider providerName="salesforce" storeFullNames="false" wildcard="%" domains="salesforce" />
    <provider providerName="sql" storeFullNames="true" wildcard="%" domains="*" />
    <provider providerName="salesforce" storeFullNames="false" wildcard="%" domains="salesforce" />
    <!—If using Salesforce S4S Multiple Role, use the following line-->
    <!--provider providerName="salesforceContact" storeFullNames="false" wildcard="%" domains="salesforce" /-->
    <!-- This line must go before the SQL provider which can handle all requests -->
    <provider providerName="salesforce" storeFullNames="false" wildcard="%" domains="salesforce" />
    <provider providerName="sql" storeFullNames="true" wildcard="%" domains="*" />

Add the Membership, Role and Profile Entries

  • Add the following element to the system.web » membership » providers section of the web.config file:
<add name="salesforce" type="FuseIT.Sitecore.SalesforceSecurityProvider.SalesforceMembershipProvider, FuseIT.Sitecore.SalesforceSecurityProvider" readOnly="false" connectionStringName="S4SConnString" applicationName="sitecore" minRequiredPasswordLength="1" minRequiredNonalphanumericCharacters="0" passwordStrengthRegularExpression=".*" requiresUniqueEmail="false" passwordFieldName="SitecorePassword__c" userNameFieldName="SitecoreUsername__c" isEncryptedFieldName="SitecorePasswordEncrypted__c"/>

  • Add the following element to the system.web » roleManager » providers section of the web.config file:
<add name="salesforce" type="FuseIT.Sitecore.SalesforceSecurityProvider.SalesforceRoleProvider, FuseIT.Sitecore.SalesforceSecurityProvider" connectionStringName="S4SConnString" readOnly="false"/>

  • Add the following element to the system.web » profile » providers section of the web.config file:
<add name="salesforce" type="FuseIT.Sitecore.SalesforceSecurityProvider.SalesforceProfileProvider, FuseIT.Sitecore.SalesforceSecurityProvider" connectionStringName="S4SConnString" readOnly="false"/>