Prerequisites
This integration works with both the Classic and Lightning SFDC environments.
If an SFDC administrator will be setting up this integration, ensure they are added as an organization (org) member in SafeBase, with assigned role of Admin.
Only admins can connect integrations in SafeBase.It is best practice to create a dedicated integration user, API user, or service account in Salesforce for the SafeBase integration. This user must have permissions to connect to external applications.
Note: The SFDC integration user does not need to be a SafeBase org member.
Connection Setup Instructions
In SafeBase, navigate to Settings > Integrations > Salesforce, click Connect.
Click New Authentication.
Create an Authentication Name.
Choose a Sandbox or Production instance.
Note: For testing purposes, we recommend connecting to a Sandbox instance.
A Salesforce login screen pop-up will appear.
Enter the username/password of the integration/API-only user or service account.
Click Log In.
Note: If you are currently logged in to SFDC in a separate browser/tab, this integration will automatically use the credentials for the current active session.
LOG OUT OF ALL ACTIVE SFDC SESSIONS to use the dedicated username and password.
If the pop-up doesn't appear, and the connection is not made automatically, please verify that pop-ups are allowed in your browser.
Once the connection is made, an Allow Access modal will appear.
Click Allow.
Note: The middleware for SafeBase's SFDC integration is Tray.ai. The screenshot below shows Tray's default permissions.
These are SFDC components that the Tray middleware is capable of accessing. What the integration actually has access to, is dictated by the permissions of the SafeBase integration user.
The SafeBase integration user permissions are outlined below.
Click Next.
Observe / configure the optional Salesforce Configuration settings.
Click Finish.
If successful, the integration will show as Connected.
Note: The Salesforce Configuration is optional and can be revisited at any time by clicking the gear icon on the integration.
Permissions
Note: The permissions below are the defaults required by the integration. Additional permissions may be needed if using the custom rules feature.
SFDC Object - Leads (Optional)
Field | Permission |
Read (& Write) | |
Id | Read (& Write) |
AccountId | Read (& Write) |
OwnerId | Read (& Write) |
Description | Read (& Write) |
FirstName | Read (& Write) |
LastName | Read (& Write) |
LeadSource (optional) | Read (& Write) |
Company | Read (& Write) |
WhoId | Read (& Write) |
Write - Required to create leads when neither the Contact nor Account exists in SFDC.
SFDC Object - Account (Required)
Field | Permission |
Id | Read |
LastModifiedDate | Read |
OwnerId | Read (& Write) |
Name | Read (& Write) |
Website | Read (& Write) |
Existing / Custom NDA field | Read (& Write) |
SFDC Object - Tasks (Optional)
Field | Permission |
Subject | Read (& Write) |
Description (Comment) | Read (& Write) |
ActivityDate | Read (& Write) |
WhoId (Name) | Read (& Write) |
WhatId (Related To) | Read (& Write) |
OwnerId (Assigned To) | Read (& Write) |
Status | Read (& Write) |
RecordTypeId (Record Type) | Read (& Write) |
Type | Read (& Write) |
SFDC Object - Contacts (Required)
Field | Permission |
Read (& Write) | |
isDeleted | Read (& Write) |
LastModifiedDate | Read (& Write) |
Name | Read (& Write) |
Id | Read (& Write) |
AccountId | Read (& Write) |
RecordTypeId | Read (& Write) |
Write - Required to create a Contact if one does not already exist in SFDC
SFDC Object - Users (Required)
Field | Permission |
Id | Read |
isActive | Read |
Organization (Optional)
Field | Permission |
TimeZoneSidKey | Read |
Timezone field is optional but recommended to show the correct Task date
SFDC Object - Opportunity (Required for custom rules and EA)
Field | Permission |
Id | Read |
Name | Read |
AccountId | Read |
StageName | Read |
IsClosed | Read |
IsDeleted | Read |
Amount | Read |
Created Date | Read |
Closed Date | Read |
Opportunity permissions are only required if used in custom rules, or if our Enterprise Analytics feature is enabled.
Check Permissions Tool
The check permissions tool is located on the right corner of the SFDC integration UI.
Click the kebab menu next to the gear icon.
Click Check Permissions.
The permissions checker will show all currently used fields for the integration and a status.
The status indicates if the SFDC user used to connect the integration has the correct access to required SDFC fields.
Note: Permissions and Status will only be displayed in the following cases:
if auto approve settings are enabled
if custom rules are in place, as the tool utilizes an active session to check permissions
if Enterprise Analytics is enabled
Switch Between Sandbox and Production Environments
SafeBase's SFDC integration only supports connection one SFDC instance at a time, but it is possible to add and switch between multiple connections.
Adding a second SFDC connection
Navigate to Settings > Integrations > Salesforce.
Click the gear icon.
In the Integration window, click the arrow on dropdown menu.
Click Add a new account.
Follow the same instructions from above to create a new SFDC connection.
Click Next then Finish.
Note: To switch between instances in the future, simply switch the connection in the dropdown menu and click Next > Finish.
It is the sequence of Next > Finish that completes the connection on the backend.
Disconnecting the SFDC Integration, Updating & Removing Accounts
Disconnecting the SFDC Integration
Navigate to Settings > Integrations > Salesforce
Click the kebab menu next to the gear icon
Click Disconnect Integration
Note: Disconnecting the integration does not remove the accounts within the connection.
Renaming & Updating an SFDC Account
If the credentials need to be renamed or updated for a specific SFDC account:
Navigate to Settings > Integrations > Salesforce.
Click the gear icon.
Click the hamburger icon next to the currently selected account.
Click Rename or Update.
Once finished click Next > Finish.
Note: When updating the SFDC account, it follows the same connection rules as setting up a new connection.
If currently logged in to SFDC in a separate browser/tab it will automatically use the credentials for the current active session.
Removing an SFDC Account
Removing an account from the SFDC integration has a specific technical limitation via the middleware, in that an account cannot be removed if it is the only account that exists.
If the account needs to be replaced, create the new account first following the instructions above. Once completed:
Navigate to back Settings > Integrations > Salesforce.
Click the gear icon.
In the Integration window, click the arrow on dropdown menu.
Click the Trash Can next to the account.
Click Next > Finish.
Troubleshooting
The SFDC integration is designed to be self-serve for standard configurations. Please contact SafeBase by using the live chat or email support@safebase.io for any assistance with the integration or if a modification to any custom rules is required.
The SFDC integration uses a third-party automation tool called Tray, which will be added to SFDC as an OAuth Connected App.
If experiencing issues with the initial authentication, an SFDC admin may need to allow for Tray.ai as some SFDC environments block connected apps by default.
To check if Tray.ai is allowed/blocked, in Salesforce:
Navigate to Setup
Type Connected Apps into the Quick Find box.
Click on Connected Apps OAuth Usage.
Locate the entry for
Tray.aiIf the Actions button says Unblock, then it is blocked
Click the Unblock button to allow the app
Repeat the steps above to create a connection.
Tray API calls are made from
tray.aiURLs.If utilizing IP allow-listing within SFDC, Tray's Public IP ranges must be allowed