Salesforce connector

With the Salesforce® connector, you can use commands to interact with Salesforce as part of a chain. For example, with this connector, you can:

• Upload, extract, and delete data in Salesforce via SOQL and bulk operations
• Create and manage Salesforce objects
• Update and create records in Salesforce

The connector interacts with all versions of Salesforce Sales Cloud:

• Salesforce Essentials®
• Lightning® Professional
• Lightning Enterprise
• Lightning Unlimited

Prerequisites

To perform its commands, the connector uses the Salesforce REST API. To secure the connection to Salesforce, the connector can authenticate via:

• Standard basic username and password authentication
• OAuth 2.0 authentication, using a Salesforce connected app

To set up a Salesforce connector, you'll need:

• The Salesforce instance or custom domain to connect to
• For Standard authentication:
  • An integration user with API Enabled permissions in addition to permissions related to any tasks the connector will perform
  • The integration user's username, password, and security token from Salesforce
• For OAuth 2.0 authentication:
  • A connected app set up in Salesforce to use with the connector
  • The connected app's consumer key and secret

Note: To make the connector available for use in your organization's chains, an org security administrator first enables it from Configuration.

Set integration user permissions for standard authentication

To enable Basic authentication, the Salesforce connector uses an integration user with API Enabled permissions, in addition to permissions related to any tasks the connector will perform.

Note: To set the integration user's permissions in Salesforce, select Administer, Manage Users, Profiles, and select their profile.

• Under Administrative Permissions, select API Enabled.
• To enable the connector to perform a command, the user needs at least Read permissions to its related data. 
• To perform bulk updates to Salesforce objects, the user needs Edit permissions to the object.

Create a Salesforce connected app for OAuth 2.0

To enable OAuth 2.0 authentication, the Salesforce connector uses its own Salesforce connected app. To create the app from App Manager in Salesforce, click New Connected App, and set up the app. As you enter the app's details, under API, check Enable OAuth Settings, and configure its settings:

• For Callback URL, enter one of the following that matches your AppSpot:
  • OneCloud - https://app.onecloud.io/oauth/callback
  • PROD - https://h.app.wdesk.com/s/wdata/oc/app/oauth/callback
  • EMEA - https://h.eu.wdesk.com/s/wdata/oc/app/oauth/callback
  • APAC - https://h.apac.wdesk.com/s/wdata/oc/app/oauth/callback
• Under Selected OAuth Scopes, include Perform requests on your behalf at any time (refresh_token, offline_access) and at least one other scope.

After you create the connected app, note its consumer key and secret under API (Enable OAuth Settings). The Salesforce connector uses these values to authenticate with the connected app.

Set up the Salesforce connector for standard authentication

1. From Chain Builder, click Connections  compare_arrows, and then Create at the top right.
2. Under BizApp Connection, select Salesforce Basic Auth and the default CloudRunner.
   
3. Under Basic Info, enter a unique name and description to help identify the connector.
4. For Authentication Type, select Standard.
5. Under Authentication, enter the integration user's username, password, and security token.

   Note: To request a new security token in Salesforce, sign in as the integration user, and select Settings, My Personal Information, and click Reset security token.

   

   Note: All sensitive credentials are automatically encrypted and stored at Advanced Encryption Standard (AES)-256 encryption.

6. Under Properties, enter the Salesforce instance or custom domain to connect to:
   

   Property	Details
   Instance	Enter the Salesforce instance to connect to. If your organization uses a custom Salesforce domain, leave blank. Note: In your Salesforce URL, the characters before salesforce.com—such as na73—represent the instance.
   Custom domain	Enter the custom Salesforce domain to connect to, if used. Note: To view your custom domain in Salesforce, select Company Settings, My Domain. A custom domain usually ends with .my.salesforce.com.

7. Select the environments to use with the connection, and click Save.
8. To test the connection, create and run a chain with the connector's List Reports command, and verify it returns a valid output.

Set up the Salesforce connector for OAuth 2.0 authentication

1. From Chain Builder, click Connections  compare_arrows, and then Create at the top right.
2. Under BizApp Connection, select Salesforce and the default CloudRunner.
   
3. Under Basic Info, enter a unique name and description to help identify the connector.
4. For Authentication Type, select OAuth2.
5. Under Authentication, enter the client ID and secret of the Salesforce connected app to use with the connector, and then click Connect and Apply.

   Note: When the connection to Salesforce succeeds, the connector's Refresh Token and Access Token automatically populate. If the connection fails, click Stop and wait to connect again.

   

   Note: All sensitive credentials are automatically encrypted and stored at AES-256 encryption.

6. Under Properties, enter the Salesforce instance or custom domain to connect to:
   

   Property	Details
   Instance	Enter the Salesforce instance to connect to. If your organization uses a custom Salesforce domain, leave blank. Note: In your Salesforce URL, the characters before salesforce.com—such as na73—represent the instance.
   Custom domain	Enter the custom Salesforce domain to connect to, if used. Note: To view your custom domain in Salesforce, select Company Settings, My Domain. A custom domain usually ends with .my.salesforce.com.

7. Select the environments to use with the connection, and click Save.
8. To test the connection, create and run a chain with the connector's List Reports command, and verify it returns a valid output.

Troubleshooting

If the connection to Salesforce fails, you can check several configuration settings, depending on the authentication type.

Standard authentication

If the connection fails using Standard basic authentication:

• Verify the integration user's sign in credentials and security token. To request a new security token in Salesforce, sign in as the integration user, and select Settings, My Personal Information, and click Reset security token.
• Verify the correct Salesforce instance or custom domain are entered for the connector.
• Ensure the integration user has API Enabled permissions, in addition to permissions related to any tasks the connector performs.

OAuth2 authentication

If the connection to the Salesforce connected app fails when you first click Connect, click Stop, and wait to connect again. If the connection continues to fail using OAuth2 authentication:

• Verify the correct Salesforce instance or custom domain are entered for the connector.
• Check the client ID and secret of the Salesforce connected app the connector uses.
• In the Salesforce connected app:
  • Verify the callback URL is:
    • OneCloud - https://app.onecloud.io/oauth/callback
    • PROD - https://h.app.wdesk.com/s/wdata/oc/app/oauth/callback
    • EMEA - https://h.eu.wdesk.com/s/wdata/oc/app/oauth/callback
    • APAC - https://h.apac.wdesk.com/s/wdata/oc/app/oauth/callback
  • Ensure its selected OAuth scopes include Perform requests on your behalf at any time (refresh_token, offline_access) and at least one other scope.

If the connector loses its connection to the Salesforce app:

1. From Chains, click Connections  compare_arrows, select the connector, and click Edit.
2. Under OAuth, click Reset.
3. To enable the connector to connect to Salesforce, click Allow.