Salesforce Application Configuration
A short video visualizing all of the steps to configure Salesforce Application:
https://vimeo.com/647098797/7761a69788
For AEX to successfully communicate with a Salesforce application, a few configuration steps need to take place within the Salesforce portal.
The following steps can be followed, in order to accomplish this:
Alternatively, instructions can be found on Salesforce: https://developer.salesforce.com/docs/atlas.en-us.sfdx_dev.meta/sfdx_dev/sfdx_dev_auth_connected_app.htm
Configuration Steps
1. Select the cog from the top-right menu, and choose Setup to enter the Setup view.
2. Expand Apps, from the left-hand menu, and select App Manager, from the left-hand menu.
3. Click New Connected App, from the top-right corner.
4. Update the basic information as needed: Connected App Name, API Name, Contact Email.
5. Select Enable OAuth Settings.
6. Enter a Callback URL
-
Staging:
https://staging.agreementexpress.net
-
USPROD:
https://us.agreementexpress.net
-
UAT:
https://uat.agreementexpress.net
-
CAPROD:
https://agreementexpress.net
7. Select Use digital signatures.
8. Click Choose File and upload the *.crt
file that contains your digital certificate.
-
The
aex_SFDC.crt
file will be provided for both Staging/UAT. -
The
aex_SFDC_production.crt
file will be provided for Production.
Please contact your Project Manager or Customer Success Manager if you have not been provided with the certification files.
9. Add the following OAuth Scopes (minimum necessary OAuth Scopes):
-
Full access (full)
-
Perform requests at any time (refresh_token, offline_access)
10. Click Save.
IMPORTANT: Note the consumer key because you need it for Company configuration
11. Click Manage.
12. Click Edit Policies.
13. In the OAuth Policies section, select Admin approved users are pre-authorized for permitted users, and click OK.
14. Click Save.
15. Click Manage Profiles. Select the Profiles that you want to allow access to the Managed Application
-
In order for the connected Application to perform Create and Update operations on Objects, the Connected App will need to be associated with a Profile/Permission Set that provides this level of access.
Note: Only users that are associated with one or more of the Managed Application’s selected Profiles will have access to make calls to the Managed Application. (I.e. the user supplied in the SUB
section of Agreement Express' Integration Credentials will need to have one of the Managed Application’s allowed Profiles)
16. Click Save.
Salesforce Credentials
AEX requires the SUB, AUD, and ISS as credentials for Salesforce.
-
Please share them with your Project Manager and Business Analyst
-
SUB: This is the Username of the User who created the Managed Application in Salesforce.
(E.g.tjefferson@yourcompany.com
)-
This can be identified from the View Managed App screen in Salesforce; Selecting the Created By user; Selecting the Username value from the User Details view.
-
-
-
AUD: This is the domain of the target Salesforce instance/application.
(E.g.https://test.salesforce.com
) -
ISS: This is the Consumer Key of the Salesforce Managed Application
(E.g.3MVG2JamS_x9L2ZKa4cIzuB0KI2e6GsewSM9UXs02r0HLeKExNqL3STejZ2eLrDu8PvGwU6n4H_9Vp3qg9Ldm
)-
This can be found when viewing your Managed Application within Salesforce.
-
Salesforce Permissions
In order for AEX to connect to Salesforce, the following permissions must be enabled. These are the minimum required permissions.
Profile
A profile must be created for the API user.
API Permission
In the Administrative Permissions section, the box for API Enabled must be checked.
Object Permission
If the new profile created is just given the API permission, you will have to get the client to use a profile with greater system access to configure the permissions as the API user will not be able to see many (if not all) of the pages required to add the different permissions.
In the Standard Object Permissions section, the box for Read, Create, Edit, Delete, View All, and Modify All must be checked for all objects that are to be part of the integration manager configuration. This is giving the profile that was created the permissions for that given object.
Any object that is not going to be configured in the integration manager does not need to be added to the profile permission.
In the example below the profile has been configured with the Accounts and Contacts objects permissions. If only the Accounts object permissions were selected, and information is passed to the Contact object, there will be an error.
Troubleshooting
If we get 404 error, check the following:
For the username provided to us (E.g. tjefferson@yourcompany.com
) go to their Salesforce setup and check what is selected for Profile.
Then go to the Connected App -> Manage -> Go to the Profiles section and confirm that the same profile is selected for the connected app.