2,483 questions
How to convert appRoleAssignments parameter from XML to only comma-separated string value of roles a user has in a Salesforce application?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 57.00000000000001%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBM%3C/text%3E%3C/svg%3E)
Bianca Micu
0
Reputation points
Hello, I am using a Salesforce application integrated with Entra ID for SSO and user provisioning services. In my application, users are organized into several groups, and each user can belong to multiple groups.
I would like to store the roles assigned to a user in a specific field on the Salesforce User object. To achieve this, I have mapped the appRoleAssignments attribute from Entra ID to a Salesforce field. However, the value received in Salesforce is a large XML structure containing the role information. This XML is not user-friendly and often exceeds 60,000 characters.
Additionally, if a user has multiple roles (e.g., three or more), the provisioning process fails because the field in Salesforce (a Long Text Area with a 131,072-character limit) cannot accommodate the data. This results in the error: STRING_TOO_LONG.
Is there a way to transform the roles into a more concise format, such as comma-separated values, when sending them to Salesforce?
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 22%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESD%3C/text%3E%3C/svg%3E)
Sakshi Devkante 400 Reputation points Microsoft Vendor2025-01-23T09:12:40.2166667+00:00 Hello @Bianca Micu
Thank you for posting your query on Microsoft Q&A.
We have a section on our documentation that explains the scenario you have experienced. Let me share the link as well as a summary of the next steps.
Official doc: Provisioning a role to a SCIM app
In this case, the appRoleAssignments attribute shouldn't be mapped directly which is why you see the XML values when you configure it this way.
Next steps:
To map the attribute for users that have multiple assignment, you'll also need to go to the user mappings > Show advanced options > Edit attribute list for customappsso
Once you are there, locate the "roles" attribute and change the attribute type to string:
When this change is made, you will be able to save the expression using the AppRoleAssignmentsComplex function.
Please keep in mind this limitation from our doc: AppRoleAssignmentsComplex isn't compatible with setting scope to "Sync All users and groups."
For XML to only comma- separated string value Also Please check the following link:
https://stackoverflow.com/questions/7425071/split-function-in-xslt-1-0https://learn.microsoft.com/en-us/entra/identity/app-provisioning/customize-application-attributes#provisioning-a-role-to-a-scim-app
Similar threads: https://learn.microsoft.com/en-us/answers/questions/1190295/how-to-get-comma-separated-values-as-the-output-xsBest regards,
Sakshi Devkante
-
Sakshi Devkante 400 Reputation points Microsoft Vendor
2025-01-25T00:42:26.6833333+00:00 Hello @Bianca Micu
I am following up to see if the suggestion provided above was helpful to you. If you have any further questions or need additional assistance, please don’t hesitate to reach out.
Best regards,
Sakshi Devkante
Sign in to comment
Sign in to answer