1

In Salesforce, when I create a user via their REST API, no activation email is sent. There's also no ability to specify a password when the new user is created, which means the user cannot login. This also means the user can't verify their email at the same time as activating.

Is there a way to ensure an activation email gets sent to new SFDC users when they're created via API?

The Salesforce developer documentation is pretty lacking in this regard, so I'm not sure if I'm overlooking something.

The only two "solutions" I've come across are:

  1. A SFDC admin has to manually press the "reset password" button for the user.
  2. You need to make a second API call after the user is created, but this time to reset the password to whatever you want. Then I could set up a Flow to send an email to the user telling them what their initial password is. The problem with this approach is that the user's email is still unverified.

Tried adding a new user via API but no activation email was sent. Was expecting one to be sent.

Brian Tompsett - 汤莱恩
  • 5,753
  • 72
  • 57
  • 129
Jesse
  • 27
  • 5
  • P.S. I find many salesforce community posts like this one that are all dead ends. It's a shame that this hasn't gotten more attention. https://developer.salesforce.com/forums/?id=906F0000000BVdjIAG – Jesse Jul 13 '23 at 00:24

1 Answers1

1

Uh, good question!

"Normal" Apex has DmlOptions (triggerUserEmail) for that or System.resetPassword('user id goes here') call.

SOAP API has corresponding headers: https://developer.salesforce.com/docs/atlas.en-us.api.meta/api/sforce_api_header_emailheader.htm

But looks like REST API is lacking and has only Case/Lead Assignment Rule header.

Would it be an option to try the SOAP route? Disappointing but you'd "just" have to craft the right XML, the session id (a.k.a. access_token, the "Authorization: Bearer ..." value) is reusable across APIs

Would it be an option to combine the REST calls into 1 "all or nothing" operation. It's called composite requests. Insert, then use the referenceId to call https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/resources_sobject_user_password_delete.htm ? I've used composites in the past, not for user stuff but they're pretty cool: https://salesforce.stackexchange.com/a/274696/799 (for more complex integrations I'd still prefer to expose an Apex webservice for all-or-nothing atomic operation rather than trusting the calling system to do it right... but hey, it's there, it's neat, it's "just" a little more involved JSON to write)

Or you could write something in SF itself

  • piece of Apex exposed as REST Service that inserts user (with dml options) or explicitly resets password
  • or after insert trigger on User (check if user type is Standard, if Quiddity is REST and call System.resetPassword() for each of them)
  • or a flow if you're after click-click-click solutions (flows can be called from REST... although no idea if there's something for dmloptions/pass reset in Flow editor)
  • batch job running every 15 minutes sniffing for users with full license created today that have "Last Password Change or Reset = Never"? Crude but could work too.
eyescream
  • 18,088
  • 2
  • 34
  • 46
  • Thank you so much for all of the great ideas. I didn't know about the "all or nothing" approach. I'll give that a try in another project I'm working on that might benefit from it. As for the activation email, I'm going to play around with it some more and may resort to either using Apex if possible, or resetting the password and then sending a separate communication to the user to inform them of what their temporary initial password is (they'll need to reset it the first time they log in with it). I think I can then use a Screen Flow to force the user to verify their email when they login. Thx – Jesse Jul 13 '23 at 14:47
  • Login flows are special subset of screen flows: https://help.salesforce.com/s/articleView?id=sf.security_login_flow_examples.htm&type=5 Google around, maybe somebody has a blog post you can reuse. Glad I could help some :) – eyescream Jul 13 '23 at 17:28
  • I did find this blog post with some guidance on how to use Flow to force a new user to verify their email: https://medium.com/@Suraj_Pillai/using-flows-to-verify-emails-in-salesforce-a25858be5f25 – Jesse Jul 14 '23 at 16:26