Skip to main content

Prepare Salesforce Sales Cloud connector

The Salesforce Sales Cloud connector retrieves information about subscriptions and users, including third-party accounts to which you have given access to your Salesforce instance. In Salesforce, you are required to create an external client app, retrieve Consumer Key and Consumer Secret, request a refresh token, and add these values in Settings when adding the connector.

Prerequisites

A Salesforce account of the proper edition is required to connect to the Salesforce API. For more information, see Salesforce's Help And Training Community documentation .

If you have Multi Factor Authentication (MFA) for the organization it must be enabled before creation of the app that will be used for the authentication in the API integration.

User permissions needed to read, create, update, or delete external client apps in Salesforce:

  • Customize Application and

  • Modify All Data or External Client App Manager

Procedure

  1. Sign in to Salesforce: https://www.salesforce.com/

  2. Create an external client app and set the scopes.

    1. Create a new External Client App.

    2. Enter the required information in External Client App Name, API Name, and Contact Email.

    3. For Distribution State, select Local from the drop-down list.

    4. Select Enable OAuth Settings.

    5. Enter the required information in Callback URL .

    6. In Selected OAuth Scopes, add the following scopes:

      • Perform requests at any time (refresh_token, offline_access)

      • Full access (full)

      • Manage user data via APIs (api)

    7. Uncheck Require Proof Key for Code Exchange (PKCE) Extension for Supported Authorization Flows.

    8. Leave all other checkboxes how they are selected by default.

    9. Select Create.

    10. Find the new External Client App you created on the External Client Manager setup page and select Edit Policies.

    11. Expand OAuth Policies section.

    12. Choose IP Relaxation setting based on your security requirements:

      • For standard security: Select Relax IP restrictions from the IP Relaxation drop-down list.

      • For enhanced security:

        1. Select Enforce IP restrictions from the IP Relaxation drop-down list.

        2. Click Save.

        3. Navigate back to the External Client App and select Edit Settings.

        4. Expand OAuth Settings.

        5. In the Trusted IP Ranges for OAuth Web Server Flow section, add the IP addresses listed in Outbound.

    13. Select Save.

  3. Generate the Consumer Key and Consumer Secret for the created app.

    1. On the settings page for the new app, expand OAuth Settings.

    2. Click on the Consumer Key and Secret link.

    3. An authentication code will be sent to the app's contact email address. Paste the code to verify your identity.

    4. Copy the values for Consumer Key and Consumer Secret. They are used in the following steps, and when adding the connector.

      note

      The changes can take up to 10 minutes to take effect before you can go on to Step 4.

  4. Request a refresh token with the OAuth2 authentication process.

    1. In the browser where you are signed in to Salesforce, paste the URL below and replace {CLIENT_ID} with the copied Consumer Key value.

      https://login.salesforce.com/services/oauth2/authorize?response_type=code&client_id={CLIENT_ID}&redirect_uri=https://login.salesforce.com/services/oauth2/success

    2. Press Enter.

      An OAuth2 authentication process starts.

    3. Select Continue, and then Allow.

    4. If the authentication is successful, the page shows the message Remote Access Application Authorization.

    5. Locate the code part and save it. It is used in the following step.

      It is the part after code= in the browser URI https://login.salesforce.com/services/oauth2/success?code=.... Change the last part from %3D to =. Note: This code expires after 10 minutes by default.

    6. Run the following command in a command line.

      Use the cURL tool and replace {CODE} with the code copied in the previous step, and replace {CLIENT_ID} and {CLIENT_SECRET} with the copied Consumer Key and Consumer Secret values respectively.

      curl -XPOST "https://login.salesforce.com/services/oauth2/token?code={CODE}&grant_type=authorization_code&client_id={CLIENT_ID}&client_secret={CLIENT_SECRET}&redirect_uri=https%3A%2F%2Flogin.salesforce.com%2Fservices%2Foauth2%2Fsuccess"
      note

      Every value that is inserted into the URL must be properly encoded. If you, for example, use the Postman instead of the cURL tool, you need to decode the copied code first.

    7. In the generated JSON response, copy the value displayed for refresh_token and save it. It is used when adding the connector.

      It is the value displayed between the quotation marks.

  5. When adding the connector in Snow Atlas, in Settings, enter the values from Salesforce according to the table.

    SettingValue from Salesforce
    Client IDThe Consumer Key of the external client app that you created in Salesforce.
    Client secretThe Consumer Secret of the external client app that you created in Salesforce.
    Refresh tokenThe refresh token that you generated during the authentication process.
    Login URLThe URL of the authorization server.
    • https://login.salesforce.com for production environments. This is the default value.
    • https://test.salesforce.com for sandbox environments
    Company namesThe legal entities in your organization for which you want to collect data.
    • An asterisk, *, collects data for all domains connected to your organization, including user accounts without email address. This is the default value.
    • One or several domains connected to your organization collects data only for those, and will exclude user accounts without email address. One name per row.
    If you add both an asterisk and names, the asterisk takes precedence and data is collected for all legal entities.
    Note: When the asterisk is kept in this field, the connector retrieves all subscriptions and users, including third-party accounts that you have given access to your Salesforce instance. If you add company names, the connector imports users only for the specified legal entities. However, the connector imports the total number of assigned subscriptions for your organization from Salesforce, regardless of entered company names. Therefore, if you add company names, there may be a mismatch in the SaaS pages between the number of users and the number of assigned subscriptions for your Salesforce instance.

After completing this task, follow the general procedure to Add connectors.

The connector makes API calls to the vendor and retrieves data. For more information, see API calls and Data retrieved by the connector.

Flexera does not own the third party trademarks, software, products, or tools (collectively, the "Third Party Products") referenced herein. Third Party Product updates, including user interface updates, may not be reflected in this content.