Quick Links
Our SFDC integration is available for customers on our Enterprise Plan
This integration allows you to:
Automatically approve SafeBase access requests based on SFDC criteria.
View SafeBase activity directly in SFDC without having to log into SafeBase.
Information on our Salesforce Managed App, is available here
The videos below discuss the content outlined in this article.
Connection Setup
This integration works with both the Classic and Lightning SFDC environments.
SafeBase organization members must have the Admin Role to configure the SFDC integration.
The initial connection requires an SFDC user with permission to connect to external applications.
In SafeBase, navigate to Settings, Integrations, and click Connect next to Salesforce.
Click on New Authentication
3. Choose a Sandbox or Production account. For testing purposes, we recommend connecting to a Sandbox account first.
Only a single connection to a Sandbox OR Production account is currently supported.
4. An SFDC login screen pop-up will appear. Enter your username and password and click Approve
If currently logged into SFDC, the integration will automatically use the credentials for the current active session.
If the pop-up doesn't appear, and the connection is not made automatically, please verify that pop-ups are allowed in your browser
5. Once the connection is made, an Allow Access modal will appear, click Allow.
These default permissions for the Tray.io middle-ware, the integration account needs the permissions outlined below.
6. If the connection was successful, the integration will show as enabled.
Permissions
It is best practice to create a dedicated integration user/service account for the SafeBase integration.
The permissions below are the defaults; additional permissions may be required if you are utilizing our custom rules feature.
The SFDC integration account requires the following permissions:
Leads
Read (& Write)
Email
Id
AccountId
OwnerId
Description
FirstName
LastName
LeadSource (optional)
Company
WhoId
Leads are optional and can be disabled in the SFDC integration settings.
Write access is required if you want Leads to be created through this integration when neither the Contact nor Account exists in SFDC.
Accounts
Read
Id
LastModifiedDate
Read & Write
OwnerId
Name
Website
Existing / Custom NDA field
Tasks
Read & Write
Subject
Description (Comment)
ActivityDate
WhoId
WhatId (Related To)
OwnerId (Assigned To)
Status
RecordTypeId (Record Type)
Type
Contacts
Read (& Write)
Email
isDeleted
LastModifiedDate
Name
Id
AccountId
RecordTypeId
Write access is required if you would like to create a Contact if one does not already exist in SFDC
Users
Read
Id
isActive
Organization (Optional)
Read
TimeZoneSidKey
The timezone field is optional but is recommended to ensure the correct Task date is shown.
Opportunity
Read
Id
Name
AccountId
StageName
IsClosed
IsDeleted
Opportunity permissions are only required if used in custom rules or if our advanced analytics feature is enabled.
Activities
SafeBase can create SFDC Task records for certain activities that happen within the application. All possible Task subjects are described below. Upon initial connection, the default state for all Tasks are off.
If Leads are linked to Accounts, then the activities will also appear in the Account page.
Toggle the following activities to be synced to Salesforce as Tasks in the Activity feed:
Note: Account names need to have an exact match for automatic matching to function properly.
SafeBase - Requested Access: A visitor requested access on your public status page.
If an individual requests access and there is no existing contact information for the individual in Salesforce, the options for handling this request are:
Automatically create a new Contact in Salesforce if there is an existing matching Account (Company Name) but no contact with the requester's email.
If your SFDC instance requires a Record Type, you can provide the ID here.
Automatically create a new Lead if neither an existing matching Contact or Account can be found.
Have the Access Request activity be marked as complete automatically.
SafeBase - Account Created: A SafeBase account was created for this Salesforce Account record.
SafeBase - Account Member Added: A new person was given access to this account.
SafeBase - NDA Signed: The NDA process for an account has been completed (either clickwrap or DocuSign). You can optionally choose to write to a Salesforce field of your choice if an NDA has been executed through SafeBase. Note that this will need to be the API name of the field. This will likely look something like
NDA_Signed__c
.SafeBase - Status Page View: A visitor viewed a shared status page.
SafeBase - Comment on Status Page: A visitor commented on an item in a shared status page.
SafeBase - File Downloaded: A visitor downloaded a file from a shared status page.
SafeBase - Questionnaire Uploaded: A visitor uploaded a questionnaire on a shared status page.
Note: If your SFDC instance requires a Record Type value, you can enter the ID at the top of the configuration modal. All Tasks created will use this Record Type.
Disabling the Salesforce Integration
If you would like to disable the integration, click on the Disconnect button in the Integrations section of the Settings page.
NDA Bypass
After configuring Salesforce, you will also the option to skip the NDA requirement in SafeBase using a custom field. This can be used if NDA status is already tracked in Salesforce. Using this option, you can specify a custom field and value that allows for certain users to skip the NDA process. Users who do not have this value for the custom field can still be approved, but they will be required to complete an NDA if Clickwrap or DocuSign are set as the default option.
Here is a quick video demonstrating the NDA Bypass in action.
This applies to both auto approved requests, and non auto approved requests that we are able to link to a Salesforce account.
Note: You will need to specify the Salesforce API Field Name and not the Field Name you see in Salesforce. Your Salesforce Admin/Architect will be able to retrieve this for you. These values typically end in __c
.
If you need additional conditions for NDA Bypass, we can create custom rules for your organization to mix and match AND/OR conditions, along with any standard or custom fields in the Account object. Please contact us for more information.
For example, we can choose to have requests bypass the NDA if a the field NDA Status is not blank. Accounts that have a blank value for NDA Status would still be required to sign your organization's NDA.
Please see this article for additional details on what is possible with our Rules Engine.
Auto Approval
After enabling the Salesforce integration, in the Settings page, you will find new options under Automatically approve access requests.
The Salesforce integration currently has two options for automatic approval:
Contact exists in Salesforce - If this option is turned on, requests will be automatically approved if SafeBase is able to find a Contact that has the same email as the user submitting the request.
Please see this video for a quick explanation as to how this option works.
Contact domain exists in Salesforce - If this option is turned on, requests will be automatically approved if SafeBase is able to find a Contact that has the same email address domain as the user submitting the request.
Please see this video for a quick explanation as to how this option works, and how it differs from the above.
Note: These options operate using OR logic, meaning if both of them are enabled, only one of the conditions needs to match for the approval to be automatic.
If you need additional conditions for auto approval, we can create custom rules for your organization to mix and match AND/OR conditions, along with any standard or custom fields in the Account object. Please contact us for more information.
For example, we can create a custom rule to auto approve if a Customer Status field is set to Customer. Accounts with Customer Status set to Prospects would not be auto approved and would require manual approval.
Please see this article for additional details on what is possible with our Rules Engine.
Data Flow Diagram
A data flow diagram for these features is available here.
Troubleshooting
Our Salesforce integration is designed to be self-serve for standard Salesforce configurations. Please contact us by messaging our live chat or emailing support@safebase.io to let us know if you run into issues with the integration or if there are certain workflows that you would like to be added.
We use a third party service called Tray to assist with certain parts of our integration. If you run into issues, please verify that your Salesforce admin has not inadvertently blocked Tray in your Salesforce environment. Tray API calls are made from tray.io URLs.
If auto approving seems to be failing, try running some tests using email domains other than Gmail or your own company's domain. Sandbox environments with many Account records with the same domain likely will result in conflicts in which our system is unable to determine which Account to associate the request with. If needed, you may coordinate testing with us, as we have several email distinct testing domains that can be used:
For example, you can create test Contacts using the following emails:
If you have issues with the initial authentication, you may need your Salesforce admin to allow for Tray to be used in your environment. Follow these steps to unblock the app:
Navigate to Setup and type Connected Apps into the Quick Find box.
Click on Connected Apps OAuth Usage.
Locate the entries for the "Tray.io" Connected App.
If the "Action" button for either app says "Unblock", then this Connected App has been blocked. Click on this button.
Try to add the authentication in SafeBase again.