Overview
Our Salesforce integration is available for customers on our Advanced and Enterprise plans. Only a single connection to a Sandbox OR Production account is currently supported.
The integration enables:
Auto Approvals: Automated approval of SafeBase access requests based on SFDC criteria.
Activity Sync: View SafeBase activity directly in SFDC without logging into SafeBase.
NDA Bypass: the ability to bypass an NDA from needing a signature in SafeBase based on an SFDC Account Field.
Data Flow Diagram
A data flow diagram for these features is available here.
Prerequisites
This integration works with both the Classic and Lightning SFDC environments.
SafeBase organization members must have the Admin Role to configure the SFDC integration.
The initial connection requires an SFDC user with permission to connect to external applications.
Connection Setup Instructions
In SafeBase, navigate to Settings, Integrations, and click Connect next to Salesforce.
Click on New Authentication.
3. Choose a Sandbox or Production account. For testing purposes, we recommend connecting to a Sandbox account first.
4. An SFDC login screen pop-up will appear. Enter your username and password and click Approve.
If currently logged into SFDC, the integration will automatically use the credentials for the current active session.
If the pop-up doesn't appear, and the connection is not made automatically, please verify that pop-ups are allowed in your browser.
5. Once the connection is made, an Allow Access modal will appear; click Allow.
These are the default permissions for the Tray.ai middleware. The SafeBase integration account needs the permissions outlined below.
6. If the connection was successful, the integration will show as enabled.
Permissions
It is best practice to create a dedicated integration user/service account for the SafeBase integration.
The permissions below are the defaults required by the integration. Additional permissions may be required if you utilize our custom rules feature.
Leads (Optional)
Field | Permission |
Read (& Write) | |
Id | Read (& Write) |
AccountId | Read (& Write) |
OwnerId | Read (& Write) |
Description | Read (& Write) |
FirstName | Read (& Write) |
LastName | Read (& Write) |
LeadSource (optional) | Read (& Write) |
Company | Read (& Write) |
WhoId | Read (& Write) |
Write - Required to create leads when neither the Contact nor Account exists in SFDC.
Accounts
Field | Permission |
Id | Read |
LastModifiedDate | Read |
OwnerId | Read (& Write) |
Name | Read (& Write) |
Website | Read (& Write) |
Existing / Custom NDA field | Read (& Write) |
Tasks
Field | Permission |
Subject | Read (& Write) |
Description (Comment) | Read (& Write) |
ActivityDate | Read (& Write) |
WhoId | Read (& Write) |
WhatId (Related To) | Read (& Write) |
OwnerId (Assigned To) | Read (& Write) |
Status | Read (& Write) |
RecordTypeId (Record Type) | Read (& Write) |
Type | Read (& Write) |
Contacts
Field | Permission |
Read (& Write) | |
isDeleted | Read (& Write) |
LastModifiedDate | Read (& Write) |
Name | Read (& Write) |
Id | Read (& Write) |
AccountId | Read (& Write) |
RecordTypeId | Read (& Write) |
Write - Required to create a Contact if one does not already exist in SFDC
Users
Field | Permission |
Id | Read |
isActive | Read |
Organization (Optional)
Field | Permission |
TimeZoneSidKey | Read |
Timezone field is optional but recommended to show the correct Task date
Opportunity
Field | Permission |
Id | Read |
Name | Read |
AccountId | Read |
StageName | Read |
IsClosed | Read |
Is Deleted | Read |
Opportunity permissions are only required if used in custom rules, or if our Enterprise Analytics feature is enabled.
Activity Sync
SafeBase can create SFDC Task records for certain activities that happen within the application. All possible Task subjects are described below. Upon initial connection, the default state for all Tasks is off.
If Leads are linked to Accounts, then the activities will also appear in the Account page.
Upon successful connection, you will have the option to toggle the following activities to be synced to Salesforce as Tasks in the Activity feed.
SafeBase - Requested Access: A visitor requested access on your public status page.
If an individual requests access and there is no existing contact information for the individual in Salesforce, the options for handling this request are:
Automatically create a new Contact in Salesforce if there is an existing matching Account (Company Name) but no contact with the requester's email.
If your SFDC instance requires a Record Type, you can provide the ID here.
Automatically create a new Lead if neither an existing matching Contact or Account can be found.
Have the Access Request activity be marked as complete automatically.
SafeBase - Account Created: A SafeBase account was created for this Salesforce Account record.
SafeBase - Account Member Added: A new person was given access to this account.
SafeBase - NDA Signed: The NDA process for an account has been completed (either clickwrap or DocuSign). You can optionally choose to write to a Salesforce field of your choice if an NDA has been executed through SafeBase. Note that this will need to be the API name of the field. This will likely look something like
NDA_Signed__c.SafeBase - Status Page View: A visitor viewed a shared status page.
SafeBase - Comment on Status Page: A visitor commented on an item in a shared status page.
SafeBase - File Downloaded: A visitor downloaded a file from a shared status page.
SafeBase - Questionnaire Uploaded: A visitor uploaded a questionnaire on a shared status page.
SafeBase - Questionnaire - In Progress: AIQA is run on a questionnaire and the questionnaire status is
Open.SafeBase - Questionnaire - Complete: An AIQA questionnaire is marked as
Completein SafeBase.
You can adjust these toggles at any time. Once the integration is connected, a gear icon will appear on the far right of the Salesforce row in the Settings -> Integrations area. Click this icon to bring up the integration modal, and click the Next button in the lower right to see these configuration options.
Note: If your SFDC instance requires a Record Type value, you can enter the ID at the top of the configuration modal. All Tasks created will use this Record Type.
Auto Approval
After enabling the Salesforce integration, go to Settings -> Accounts. Under Automatically approve access requests, select "If request meets conditions" to see the new options enabled by the Salesforce integration.
The Salesforce integration has two options for automatic approval:
Contact exists in Salesforce - If this option is turned on, requests will be automatically approved if SafeBase is able to find a Contact that has the same email as the user submitting the request.
Contact domain exists in Salesforce - If this option is turned on, requests will be automatically approved if SafeBase is able to find a Contact that has the same email address domain as the user submitting the request.
Note: These options operate using OR logic, meaning if both of them are enabled, only one of the conditions needs to match for the approval to be automatic.
If you need additional conditions for auto-approval, we can create custom rules for your organization to mix and match AND/OR conditions, along with any standard or custom fields in the Account object.
For example, we can create a custom rule to auto approve if a Customer Status field is set to Customer. Accounts with Customer Status set to Prospects would not be auto approved and would require manual approval.
Please see this article for additional details on what is possible with our Rules Engine.
Note: Custom Rules are available for Enterprise plans. Please contact your CSM for more information.
NDA Bypass
After configuring Salesforce, you will also have the option to skip the NDA requirement in SafeBase using a custom field. This can be used if NDA status is already tracked in Salesforce. Using this option, you can specify a custom field and value that allows for certain users to skip the NDA process.
Users who do not have this value for the custom field can still be approved, but they will be required to complete an NDA if Clickwrap, Docusign, or Ironclad is set as the default option.
Here is a quick video demonstrating the NDA Bypass in action.
This applies to both auto approved requests, and non-auto-approved requests that we are able to link to a Salesforce account.
Note: You will need to specify the Salesforce API Field Name and not the Field Name you see in Salesforce. Your Salesforce Admin/Architect will be able to retrieve this for you. These values typically end in __c.
If you need additional conditions for NDA Bypass, we can create custom rules for your organization to mix and match AND/OR conditions, along with any standard or custom fields in the Account object. Please contact us for more information.
For example, we can choose to have requests bypass the NDA if a the field NDA Status is not blank. Accounts that have a blank value for NDA Status would still be required to sign your organization's NDA.
Please see this article for additional details on what is possible with our Rules Engine.
Reauthenticating to Salesforce
Occasionally, you may need to reauthenticate to Salesforce to refresh credentials or restore connectivity.
This can be done by following the below steps:
Go to Settings -> Integrations.
Click the gray gear ⚙️ icon by your Salesforce Integration.
In the modal that pops up, click the three dots (…) by the dropdown menu and click Update.
Log into Salesforce using the integration account used prior, or with a different Salesforce user with appropriate permissions.
How to find which Salesforce account is currently being used?
How to find which Salesforce account is currently being used?
To see which user is being used for the Salesforce Integration currently:
Login to Salesforce
Navigate to Setup and type Connected Apps into the Quick Find box.
Click on Connected Apps OAuth Usage.
Locate the entries for the "Tray.ai" Connected App.
Click the number in the "User count" column
It should have the connected user
Switch Between Sandbox and Production Environments
Our integration only supports one Salesforce instance at a time, but you can set up multiple connections and switch between them as you'd like.
To add a second Salesforce connection:
Go to Settings -> Integrations.
Click the green gear ⚙️ icon by your Salesforce Integration.
In the Integration window, click the arrow by the dropdown menu and select Add a new account.
Follow the modal instructions to connect your Salesforce environment and click Finish.
Return to Settings, and click the green gear ⚙️ icon by your Salesforce Integration once more.
Click Next at the bottom and Finish (again) to finalize the new connection.
To switch between the environments in the future, simply switch the connection in the dropdown menu and click Next -> Finish.
Disabling the Salesforce Integration
If you would like to disable the integration:
Go to Settings -> Integrations.
Click the three-dot icon at the far right of the Salesforce connection row.
Click "Disconnect integration."
Troubleshooting
Our Salesforce integration is designed to be self-serve for standard Salesforce configurations. Please contact us by messaging our live chat or emailing support@safebase.io to let us know if you run into issues with the integration or if there are certain workflows that you would like to be added.
We use a third party service called Tray to assist with certain parts of our integration. If you run into issues, please verify that your Salesforce admin has not inadvertently blocked Tray in your Salesforce environment. Tray API calls are made from
tray.aiURLs.If auto approving seems to be failing, try running some tests using email domains other than Gmail or your own company's domain. Sandbox environments with many Account records with the same domain likely will result in conflicts in which our system is unable to determine which Account to associate the request with. If needed, you may coordinate testing with us, as we have several email distinct testing domains that can be used:
For example, you can create test Contacts using the following emails:
If you have issues with the initial authentication, you may need your Salesforce admin to allow for Tray to be used in your environment. Follow these steps to unblock the app:
Navigate to Setup and type Connected Apps into the Quick Find box.
Click on Connected Apps OAuth Usage.
Locate the entries for the "Tray.ai" Connected App.
If the "Action" button for either app says "Unblock", then this Connected App has been blocked. Click on this button.
Try to add the authentication in SafeBase again.