Salesforce Data Source Setup

🚧

We're in the process of improving this guide and expect a little bit of back and forth as we make sure it's right for all Salesforce versions. Any feedback you might have would be sincerely appreciated.

Initial setup & authentication

Quick steps:

1. Confirm Company name
2. Candu issues certificate
3. Integration Profile Setup
4. Integration User Setup
5. Client App Setup
6. Candu sets up your sync
7. Confirm mapped fields and Enable

1. Confirm Company name

Candu will issue a signing certificate for use in the integration flow, for this we'll need to confirm the company name:

Organization Name - usually in Company Settings -> Company Information

2. Candu will issue a certificate

Based off the provided company name, Candu will generate a certificate and private key for use accessing the API. You'll upload the certificate in step 5.

Note: The certificate will be issued with the email engineering+{companyName}@candu.ai

3. Integration Profile setup

Create a new profile to be used for the integration

Ensure the created profile has the following permissions:

1. Administrative Permissions

   1. API Enabled
   
   

2. Standard Object Permissions

   1. Accounts: Read, View All Records, View All Fields
   2. Contacts: Read, View All Records, View All Fields

4. Integration User Setup

Create a Candu User, with email: engineering+{companyName}@candu.ai and associate the above Profile to this User.

Note: this email must match the certificate generated in step 2.

5. Client App Setup

Next we'll set up an External Client App - usually in Apps -> External Client Apps -> External Client App Manager

It should be configured as follows:

1. Basic Information

   1. Contact Email: [email protected]

   

   
   

2. API (Enable OAuth Settings)

   1. Enable OAuth

3. App Settings

   1. Callback URL: https://app.candu.ai/salesforce/auth/callback

   2. OAuth Scopes

      1. Access Headless Passwordless Login (pwdless_login_api)
      2. Manage user data via APIs (api)
      3. Perform requests at any time (refresh_token, offline_access)

1. Flow Enablement
   1. Enable JWT Bearer Flow
      1. Upload the Candu certificate
2. Security
   1. Check: Require secret for Web Server Flow
   2. Check: Require secret for Refresh Token Flow
   3. Uncheck: Require Proof Key for Code Exchange (PKCE) extension for Supported Authorization Flows
      1. We do not support PKCE at the moment

Back in External Client App Manager, click on the newly created App.

In Policies, click Edit (located on the right of the tab)

1. Oauth Policies - Set Permitted Users: Admin approved users are pre-authorized
2. App Policies Once Oauth Policies is set to pre-authorised, add the Profile we created earlier to Selected Profiles

Next, within the newly created app, click Settings > Oauth Settings , then click Consumer Key and Secret

Take a note of the Consumer Key on the following screen. We do not require the Consumer Secret

6. Candu team sets up your sync

This step is not currently self-serve. The Candu team will set up your Workspace with the correct Salesforce endpoints.

For this, please provide us with the following information:

1. Your Salesforce authentication host URL, for example:
   1. https://login.salesforce.com - usually it's this for cloud managed instances
2. Your Salesforce token and query URLs, for example:
   1. https://orgfarm-06fe5fea5a-dev-ed.develop.lightning.force.com/services/data/v63.0/token
   2. https://orgfarm-06fe5fea5a-dev-ed.develop.lightning.force.com/services/data/v63.0/query
3. The Consumer Key from step 5

7. Confirm Mapped Fields and Enable

Once initial set up is performed, you'll be able to manage your integration via the Candu dashboard.

1. Configure mapping IDs for contacts and accounts.
2. Set up traits you'd like to import
3. Confirm details enable