Salesforce

This document describes the Dataworkz connector configuration required to access Salesforce. This document walks through the steps needed to setup Salesforce account and to configure a connector for the same in Dataworkz.

Prerequisite

Before configuring Dataworkz for Salesforce, a "Connected App" needs to be configured in Salesforce. Following steps should be followed for the purpose.

• Login to Salesforce account through Salesforce login page (Login | Salesforce ). If there is no account, register for the new account Developer Edition Signup | Salesforce Developers

• On Home page after login, use classical mode and select setup option.

• Once entered into setup page, select Build → Create-> Apps from left Menu.

• Click on “New” to create Connected Apps.

• Fill in all required details and select “Enable OAuth Settings”.

  • Enter the “Callback URL”. This value can be obtained by following the steps listed under Private Connected App. For JWT certificate based Authentication, use https://auth.dataworkz.com/oauth/salesforce/get_oauth_token (This is optional for certificate based authentication)

  • Select the following “OAuth scopes”.

    • Manage user data via APIs (api)

    • Manage user data via web browsers (web)

    • Perform requests at any time (refresh_token, offline_access)

• For certificate based authentication select “Use Digital Signature” and then choose file to upload public key. Refer this link to generate public private key pair using OpenSSL.Create a Private Key and Self-Signed Digital Certificate | Salesforce DX Developer Guide | Salesforce Developers.

• Convert server.key (private key) into pem file using following openssl command. openssl pkcs8 -inform PEM -in server.key -out server.pem -nocrypt

• Click “Save”. You will see the message about app activation after 10 mins.

• Click “Continue”

• Click “Manage”

• Click “Edit Policies”

• Select one of the following options for permitted users.

  1. Admin Approved Users are PreAuthorized (Required for JWT certificate based Authentication)

     Only users explicitly approved (via profiles or permission sets) can access the app. Use Case: Ideal for sensitive apps or where access must be tightly controlled. Behavior: Admins assign access using profiles or permission sets. Users don’t see the OAuth approval screen — it's pre-authorized. Unauthorized users can't use the app even if they try.

  2. All users may self-authorize (Shouldn't be used for JWT certificate based Authentication)

     Any user in the org can authorize themselves to use the connected app without needing an admin to approve access first. Use Case: Useful for public or widely used internal apps where you want to allow broad access without admin intervention. Behavior: When a user logs in to the app for the first time, they see an OAuth consent screen. After they approve access, they can use the app. Access is controlled by OAuth scopes, but not restricted by profiles/permission

• Change IP Relaxation. If user can login/connect from any location, use Relax IP Restrictions.

• Set appropriate value for "Refresh Token Policy" (e.g. Expire refresh token if not used for 90 days).

• Click on “Save” to create the connected app. When connected app is created, it will be displayed under “Connected Apps”.

• (Required for JWT certificate based authentication) Go to “Manage Users” -> Users Screen and select user’s profile of the user who should be authenticated using connected app.

• On profile screen, click on Edit button.

• On Edit page, Select the connected app that needs to be used for key based authentication. Also check “Standard Object Permissions” on profile screen for the entities to be read via connected app. Click on Save.

• Click on the defined connected app under the “Connected App” section. Following screen will display the consumer key and the consumer secret. Click on reveal to view secret.

Creating Salesforce Connector in Dataworkz

1. Login to Dataworkz Application

2. Goto Configuration -> SaaS Applications -> Salesforce

3. Click the + icon to add a new configuration

4. 
5. Enter name for the connector

6. Select the OAuth option

Private Connected App

• If custom app isn't already created selecting "No" would give the "Redirect URL" that can be used for created connected app in Saleforce

• Enter the Client ID and Secret that was configured during creation of the connected app

• Select the Salesforce environment (Production/Sandbox)

• Select the Workspace & Collection that would contain the resulting dataset

OAuth

• Select the Salesforce environment (Production/Sandbox)

• Select the Workspace & Collection that would contain the resulting database

• Upon saving you will be prompted to login. Upon successful login the configuration would be saved

OAuth JWT Bearer

• Select the Salesforce environment (Production/Sandbox)

• Select the Workspace & Collection that would contain the resulting database

• Upon saving you will be prompted to login. Upon successful login the configuration would be saved

Configuring Salesforce Connector Details

Goto Configuration -> SaaS Applications -> Salesforce

• Click the Salesforce connector that was created in the previous section

• It will open Configuration tab. Click the + icon to add a new configuration

• Enter name of the dataset that would comprise the Salesforce object data

• Select the type of object to be discovered

• Select the Salesforce object to be queried

• Select the fields that need to be retrieved for the selected object

• Choose between pulling all the historic data or for a date range

• Select the criteria for the incremental pull

• Toggle between one time and recurring pull

• Click add to create the configuration

For ability to write back to the Salesforce instance, click the "Write back permissions" tab

• Select the Entities to which the write back is needed

• Click Save