The Salesforce integration is available for customers on the Enterprise plan and is a great way for your Sales team to stay up to date and never leave the platform they're used to.
This integration allows you to:
View SafeBase prospect and customer activity directly in Salesforce without having to log into SafeBase
Allow for existing customers in Accounts to be automatically approved in SafeBase without manual approval
If you are looking to install our Salesforce Managed App, please find instructions here: https://help.safebase.io/en/articles/6830596-salesforce-managed-app-setup-guide
Please message our live chat or email firstname.lastname@example.org if you would like to enable Salesforce for your organization. Note that this is currently only available as an add-on for our Enterprise plan.
The videos below discuss the content outlined in this article. You will see what the activity sync and auto approval processes look like in a Salesforce demo environment.
OAuth Connection Setup
1: Configuring the Salesforce integration requires the Admin role in SafeBase. Click on the Settings tab in the SafeBase app and scroll to the Integrations section. Click Connect next to Salesforce.
2: Connect SafeBase to Salesforce: A Salesforce user with permissions to connect to external applications is required for the initial connection. Later in this article we detail the exact permissions needed for this account if you are interested in using a service account for this integration. Click on New authentication to proceed.
3. You will have the option to connect to either a Sandbox or Production account. For testing purposes, we recommend connecting to a Sandbox account first.
Note: You can only connect to a single Sandbox OR Production account. We do not currently support multiple connections.
4: You will then see the Salesforce login screen. Enter your username and password if necessary, then hit Approve. You will be connecting through our middleware service Tray.io. Note that these permissions are the default that Tray presents, but the integration account just needs the permissions outlined below.
5. Once this is completed, you will then be taken to a modal that will allow you to decide activities to sync.
Many customers choose to create dedicated service accounts for the SafeBase integration. The account will need the following permissions:
Read and write access if you would like for Leads to be created through this integration if neither the Contact or Account exist in Salesforce. If you would like to use the custom Lead Source option, ensure that this is a field that can be written to.
Read and write access
We use read access to see if Accounts already exist. For write access, we do not create new Accounts, but do write to the Activity Timeline and can potentially associate Contacts with Accounts.
Fields for Accounts
Website for tiebreaking
LastModifiedDate for tiebreaking
Any existing NDA field that will be used for NDA override
A custom NDA field if you would like for SafeBase to write to this field once an NDA is created through SafeBase
A custom field if you would like for SafeBase to indicate how many contacts were invited to SafeBase
Fields for Tasks
Last Modified By
Comments (may also appear as Description in your SDFC instance)
Record Type (if required by your SFDC instance)
Read access for auto approve
Write access if you would like for the integration to be able to create Contacts if it does not already exist in Salesforce.
Record Type (if required by your SFDC instance)
Read access to
User.isActiveso that we can properly assign Task Owners.
Read access to
Organization.TimeZoneSidKeyif you would like for Tasks to use your Organization's time zone. Otherwise we will default to the time zone of the integration user.
Opportunity (only if custom rules are used. Please contact your CSM for more information about custom rules)
This user will also need Read access to any additional fields defined in custom rules. Please contact your CSM for more information.
3. Login to Salesforce and allow access to the specified items
4. If the connection was successful, you should see an "enabled" label as shown below
5. Toggle the following activities to be synced to Salesforce as Tasks in the Activity feed:
If Leads are linked to Accounts, then the activities will also appear in the Account page.
SafeBase creates Salesforce Task records for certain activities that happen within the application. All possible Task subjects are described below. Upon initial connection, the default state for all Tasks are off.
Note: Account names need to have an exact match for automatic matching to function properly.
SafeBase - Requested Access: A visitor requested access on your public status page.
If an individual requests access and there is no existing contact information for the individual in Salesforce, the options for handling this request are:
Automatically create a new Contact in Salesforce if there is an existing matching Account (Company Name) but no contact with the requester's email.
If your SFDC instance requires a Record Type, you can provide the ID here.
Automatically create a new Lead if neither an existing matching Contact or Account can be found.
Have the Access Request activity be marked as complete automatically.
SafeBase - Account Created: A SafeBase account was created for this Salesforce Account record.
SafeBase - Account Member Added: A new person was given access to this account.
SafeBase - NDA Signed: The NDA process for an account has been completed (either clickwrap or DocuSign). You can optionally choose to write to a Salesforce field of your choice if an NDA has been executed through SafeBase. Note that this will need to be the API name of the field. This will likely look something like
SafeBase - Status Page View: A visitor viewed a shared status page.
SafeBase - Comment on Status Page: A visitor commented on an item in a shared status page.
SafeBase - File Downloaded: A visitor downloaded a file from a shared status page.
SafeBase - Questionnaire Uploaded: A visitor uploaded a questionnaire on a shared status page.
Note: If your SFDC instance requires a Record Type value, you can enter the ID at the top of the configuration modal. All Tasks created will use this Record Type.
Disabling the Salesforce Integration
If you would like to disable the integration, click on the Disconnect button in the Integrations section of the Settings page.
After configuring Salesforce, you will also the option to skip the NDA requirement in SafeBase using a custom field. This can be used if NDA status is already tracked in Salesforce. Using this option, you can specify a custom field and value that allows for certain users to skip the NDA process. Users who do not have this value for the custom field can still be approved, but they will be required to complete an NDA if Clickwrap or DocuSign are set as the default option.
Here is a quick video demonstrating the NDA Bypass in action.
This applies to both auto approved requests, and non auto approved requests that we are able to link to a Salesforce account.
Note: You will need to specify the Salesforce API Field Name and not the Field Name you see in Salesforce. Your Salesforce Admin/Architect will be able to retrieve this for you. These values typically end in
If you need additional conditions for NDA Bypass, we can create custom rules for your organization to mix and match AND/OR conditions, along with any standard or custom fields in the Account object. Please contact us for more information.
For example, we can choose to have requests bypass the NDA if a the field NDA Status is not blank. Accounts that have a blank value for NDA Status would still be required to sign your organization's NDA.
After enabling the Salesforce integration, in the Settings page, you will find new options under Automatically approve access requests.
The Salesforce integration currently has two options for automatic approval:
Contact exists in Salesforce - If this option is turned on, requests will be automatically approved if SafeBase is able to find a Contact that has the same email as the user submitting the request.
Please see this video for a quick explanation as to how this option works.
Contact domain exists in Salesforce - If this option is turned on, requests will be automatically approved if SafeBase is able to find a Contact that has the same email address domain as the user submitting the request.
Please see this video for a quick explanation as to how this option works, and how it differs from the above.
Note: These options operate using OR logic, meaning if both of them are enabled, only one of the conditions needs to match for the approval to be automatic.
If you need additional conditions for auto approval, we can create custom rules for your organization to mix and match AND/OR conditions, along with any standard or custom fields in the Account object. Please contact us for more information.
For example, we can create a custom rule to auto approve if a Customer Status field is set to Customer. Accounts with Customer Status set to Prospects would not be auto approved and would require manual approval.
Data Flow Diagram
A data flow diagram for these features is available here.
Our Salesforce integration is designed to be self-serve for standard Salesforce configurations. Please contact us by messaging our live chat or emailing email@example.com to let us know if you run into issues with the integration or if there are certain workflows that you would like to be added.
We use a third party service called Tray to assist with certain parts of our integration. If you run into issues, please verify that your Salesforce admin has not inadvertently blocked Tray in your Salesforce environment. Tray API calls are made from tray.io URLs.
If auto approving seems to be failing, try running some tests using email domains other than Gmail or your own company's domain. Sandbox environments with many Account records with the same domain likely will result in conflicts in which our system is unable to determine which Account to associate the request with. If needed, you may coordinate testing with us, as we have several email distinct testing domains that can be used:
If you have issues with the initial authentication, you may need your Salesforce admin to allow for Tray to be used in your environment. Follow these steps to unblock the app:
Navigate to Setup and type Connected Apps into the Quick Find box.
Click on Connected Apps OAuth Usage.
Locate the entries for the "Tray.io" Connected App.
If the "Action" button for either app says "Unblock", then this Connected App has been blocked. Click on this button.
Try to add the authentication in SafeBase again.