Connectors / Integration
Automate Identity and CRM Sync with OneLogin + Salesforce Integration
Keep user access, roles, and customer data aligned between your identity provider and CRM without manual intervention.
OneLogin + Salesforce integration
OneLogin and Salesforce do two very different jobs in your enterprise stack — one controls who gets access to what, and the other holds your most important customer relationships. When they're not talking to each other, IT teams spend hours manually provisioning users, reps lose access at the worst possible moments, and offboarding leaves security gaps open longer than anyone's comfortable with. Integrating OneLogin with Salesforce via tray.ai means identity events automatically trigger the right actions in your CRM, keeping both systems accurate, secure, and current.
Connecting OneLogin to Salesforce gives you real lifecycle management for everyone who touches your revenue platform — employees, partners, contractors. When a new sales rep is onboarded in OneLogin, they're instantly provisioned in Salesforce with the right profile, role, and permission sets. When someone leaves or changes departments, their Salesforce access is updated or revoked in real time, which eliminates the risk of unauthorized data exposure sitting around. Beyond user lifecycle, the integration opens up richer workflows: syncing contact and account data between platforms, automating audit trail collection for compliance, and making sure SSO events in OneLogin map accurately to Salesforce user records. For operations, IT, and security teams, this replaces tedious manual processes with automation you can actually rely on.
Automate & integrate OneLogin + Salesforce
Automating OneLogin and Salesforce business processes or integrating data is made easy with Tray.ai.
Use case
Automated User Provisioning from OneLogin to Salesforce
When a new employee is created and assigned to a Salesforce-connected app in OneLogin, tray.ai automatically provisions a matching Salesforce user with the correct profile, role, and license type. No IT tickets, no delays — reps can access Salesforce from day one without any manual admin steps between HR onboarding and CRM access.
- Cut time-to-productivity for new sales hires by granting Salesforce access automatically
- Eliminate manual provisioning errors by pulling Salesforce roles directly from OneLogin groups
- Get consistent license and profile assignment tied to department or role mappings
Use case
Real-Time User Deprovisioning on OneLogin Offboarding
When a user is deactivated or removed from the Salesforce application in OneLogin, tray.ai immediately deactivates the corresponding Salesforce user and optionally reassigns their open records to a manager or successor. Former employees don't retain CRM access after departure, and both platforms stay in sync without manual IT intervention.
- Revoke Salesforce access within seconds of OneLogin deprovisioning
- Automatically reassign leads, opportunities, and accounts to prevent data orphaning
- Maintain a complete audit log of deprovisioning events for compliance reporting
Use case
Role and Profile Updates Based on OneLogin Group Changes
When a user's group membership changes in OneLogin — say, a promotion from Sales Development Rep to Account Executive — tray.ai detects it and updates the corresponding Salesforce user's profile, role hierarchy, and permission sets. CRM access stays aligned with your org structure without operations teams manually cross-referencing group changes against Salesforce admin tasks.
- Automatically adjust Salesforce permissions when job roles change in OneLogin
- Reduce misconfigured access caused by lag between HR changes and IT admin actions
- Keep role hierarchy data in Salesforce clean and in line with your actual org structure
Use case
SSO Login Activity Sync for Salesforce Compliance Auditing
tray.ai captures OneLogin authentication events and SSO login activity, then writes summarized access records or custom object entries into Salesforce for compliance and auditing. Security and compliance teams can use Salesforce reports and dashboards to track who logged in, when, and from where — without needing a separate SIEM integration.
- Centralize access logs in Salesforce for compliance reporting and audit readiness
- Flag anomalous login behavior in OneLogin and create Salesforce cases or alerts automatically
- Stop cross-referencing separate admin consoles during security reviews
Use case
Salesforce Contact Creation from OneLogin User Provisioning for Partners
When external partners or contractors are provisioned in OneLogin and assigned to partner-facing apps, tray.ai creates or updates corresponding Contact or Account records in Salesforce so partner managers have full visibility. Your Salesforce partner community reflects your live identity directory without manual data entry, and partner-facing teams can track onboarding status and access levels directly in the CRM.
- Surface new partner users in Salesforce automatically so partner managers can act immediately
- Keep Contact records accurate with identity data sourced directly from OneLogin
- Cut the delay between provisioning and CRM record creation for a smoother partner experience
Use case
Automated Salesforce User License Reclamation
tray.ai regularly queries OneLogin for inactive or suspended users and cross-references them against active Salesforce licenses to find reclamation opportunities. When a Salesforce license is held by someone who's no longer active in OneLogin, an automated alert or deactivation workflow fires. IT and operations teams get control over licensing costs without running manual audits.
- Reclaim unused Salesforce licenses automatically by syncing inactivity signals from OneLogin
- Cut wasted SaaS spend without periodic manual license audits
- Track reclaimed licenses over time in Salesforce to report on cost savings
Challenges Tray.ai solves
Common obstacles when integrating OneLogin and Salesforce — and how Tray.ai handles them.
Challenge
Mapping OneLogin Groups to Salesforce Profiles and Permission Sets
OneLogin organizes access through groups and roles, while Salesforce uses a layered model of profiles, roles, permission sets, and permission set groups. Keeping an accurate mapping between these two systems — especially as the org changes — is genuinely complex and breaks down fast when done manually.
How Tray.ai helps
tray.ai lets you define and manage a dynamic mapping table inside your workflow that translates OneLogin group names or role IDs to the exact Salesforce profile API names and permission set IDs. When mappings change, you update the configuration in one place rather than digging through code or manual processes.
Challenge
Handling Salesforce API Limits During Bulk Provisioning Events
Large-scale onboarding events — a new team coming over after an acquisition, for instance — can trigger hundreds of simultaneous provisioning requests to Salesforce, and hitting API rate limits means partial or failed user creation.
How Tray.ai helps
tray.ai has built-in rate limiting, retry logic, and batch processing that queues and throttles Salesforce API calls to stay within governor limits. Failed operations are automatically retried with exponential backoff and surfaced in error logs for review.
Challenge
Ensuring Bidirectional Data Consistency Between Systems
Changes made directly in Salesforce — like a Salesforce admin manually adjusting a user's profile — can fall out of sync with the authoritative state in OneLogin, creating drift that causes access inconsistencies over time.
How Tray.ai helps
tray.ai can run scheduled reconciliation workflows that compare the current state in both OneLogin and Salesforce, identify discrepancies, and either auto-correct them based on a defined source of truth or flag them for IT review.
Templates
Pre-built workflows for OneLogin and Salesforce you can deploy in minutes.
Provision Salesforce User on OneLogin App Assignment
OneLogin 
Salesforce Automatically creates a new Salesforce user with the correct profile, role, and license type whenever a user is assigned to the Salesforce application in OneLogin, mapping group attributes to Salesforce fields.
Deactivate Salesforce User on OneLogin Offboarding
OneLogin Salesforce Listens for user deactivation or app removal events in OneLogin and immediately deactivates the matching Salesforce user, then reassigns their open records to a designated manager or team queue.
Sync OneLogin Group Changes to Salesforce Profiles and Roles
OneLogin Salesforce Monitors changes to a user's group membership in OneLogin and automatically updates their Salesforce profile, role, and permission set assignments to reflect their new position in the org.
Write OneLogin SSO Events to Salesforce Custom Object for Audit
OneLogin Salesforce Captures authentication and SSO login events from the OneLogin event stream and writes structured records to a Salesforce custom object, enabling compliance dashboards and security review directly within Salesforce.
Reclaim Inactive Salesforce Licenses Based on OneLogin Status
OneLogin Salesforce Runs on a schedule to compare active Salesforce licensed users against current OneLogin user status, flagging or deactivating Salesforce accounts for users who are suspended or inactive in OneLogin.
Create Salesforce Partner Contact on OneLogin External User Provisioning
OneLogin Salesforce When an external partner or contractor is provisioned in OneLogin and assigned to a designated partner application, automatically creates or updates a corresponding Salesforce Contact under the correct Account for partner visibility.
How Tray.ai makes this work
OneLogin + Salesforce runs on the full Tray.ai platform
Intelligent iPaaS
Integrate and automate across 700+ connectors with visual workflows, error handling, and observability.
Learn more →Agent Builder
Build AI agents that read, write, and take action in OneLogin and Salesforce — with guardrails, audit, and human-in-the-loop.
Learn more →Agent Gateway for MCP
Expose OneLogin + Salesforce actions as governed MCP tools — observable, rate-limited, authenticated.
Learn more →Ship your OneLogin + Salesforce integration.
We'll walk through the exact integration you're imagining in a tailored demo.