The Salesforce connector is designed to fetch data using the Salesforce API. For every "Org" separate credentials are needed.
Short description of the technical connection:
This connection requires a user with API-related access rights. To log into Salesforce via the API it is necessary to connect a user within each "Org".
There are two ways to connect to the Salesforce API in order to fetch data.
•Authentication with OAuth 2.0 JWT bearer authorization flow: This is the recommended way as it does not require the transfer of a user password which can expire every X-days. The configuration of Salesforce in order to use the OAuth 2.0 JWT bearer authorization flow is described in the Best Practice Configuration chapter. The following parameters are needed for the method.
oUsername
oClient_ID
oPrivate key
oServer URL
•Authentication with user credentials and security token: The following parameters are needed for the method.
oUsername
oPassword
oSecurity Token
oServer URL
Authentication with User Credentials and Security Token
A Salesforce or Salesforce Platform license can be used for the user. One of the two licenses is needed for connector.
Before creating a new user, a profile must be created first. While creating a new user, this profile must already exist because it must be assigned.
1.Navigate to the Profiles section to create the profile.
oChoose Standard Platform User or Standard User as an existing profile for the different types of user licenses.
oChoose a representative name like SaaS Optimization.
2.In the next window it is possible to edit the profile and deselect all permissions except the fixed ones. Afterward, save the profile.
3.After generating the profile it is possible to create a user. In the Users section, do the following:
oType in the required details.
oDefine a role.
oSelect the user license for selecting the profile that has been created before.
Once the user has been generated, a security token will be sent to the email address that has been entered. The entered username and security token will be used by the connector later.
4.After creating the profile and user, a minimum access permission set has to be defined too. In order to do this:
oNavigate to Permission Sets and give it a pointing label and the API name will be set automatically.
oSelect the same license type that has been chosen in the first steps.
5.In Permission Sets, navigate to the System tab and select System Permissions.
6.Select the following permission:
oAPI enabled
oView Roles and Role hierarchy
oView Setup and Configuration
If User authentication with Security Token is used, the following permissions should also be set:
oPassword never expires
For reharvesting possibilities, the following permissions must be granted:
•Modify all data
•Manage package licenses
•Manage users
7.After assigning the permissions the connected app must be linked to the permission set too. To do this:
oIn Permission Sets, navigate to the Apps tab and select Assigned Connected Apps.
oHowever, the connected app must be created before. This information can be found in the Best Practice Configuration chapter.
8.The Personal Information area where it is possible to change the password of a logged in user also allows resetting the security token if it is unknown.
|
Note: The Server URL values to log into "Org" using the web-service API should be as follows: •For production instances: https://login.salesforce.com •For sandbox instances: https://test.salesforce.com |
