Salesforce
Salesforce (opens in a new tab) is a cloud-based customer relationship management (CRM) platform that helps businesses manage sales, marketing, and customer service interactions in a unified system..
Prerequisites
To configure a Connected App, please follow this Salesforce guide (opens in a new tab) and complete the following steps, at minimum:
- Configure Basic Connected App Settings
- Uncheck
Require Proof Key for Code Exchange (PKCE) Extension for Supported Authorization Flows - Enable OAuth Settings for API Integration and assign the following scopes
Manage user data via APIs (api)Perform requests at any time (refresh_token, offline_access)
- Enter the callback URL using your Fides Redirect URL (typically
https://fides-host.com/api/v1/oauth/callback)
Once you have this configured, you'll need to collect the following information:
| Name | Description |
|---|---|
| Domain* | Your Salesforce URL. To find this, please follow the Salesforce guide for viewing instance information (opens in a new tab). |
| Consumer Key* | Your OAuth client ID. Follow Salesforce's docs to retrieve your OAuth credentials (opens in a new tab) |
| Consumer Secret* | Your OAuth client secret. Follow Salesforce's docs to retrieve your OAuth credentials (opens in a new tab) |
| Redirect URL* | The Fides URL to which users will be redirected upon successful authentication (ex. https://fides-host.com/api/v1/oauth/callback) |
| Token Refresh URL* | The Salesforce URL for refresh tokens. This should not be changed unless using a Sandbox account, when it should be set to test.salesforce.com |
Manage user data via APIs (api) and Perform requests at any time (refresh_token, offline_access)Integrating with Salesforce
To integrate an existing system with Salesforce:
- Navigate to Data map → View Systems and choose the system that you want to connect.
- Click on the Integrations tab.
- Pick the vendor or system type that you want to integrate with from the Connection type drop-down menu.
- Complete the required fields for the integration and click Save.
To authorize the integration so that it can connect to Salesforce:
- Click on Authorize integration to be redirected to the Salesforce authorization screen
- Enter your Salesforce credentials and click Log in. You will automatically be redirected back to the Fides UI using the
Redirect URLthat was provided in the form in the previous step.
You may now confirm your connection is working using the Test connection button, if desired.
To learn more, please see our guide for Managing Integrations.
Technical detail
Fides utilizes API endpoints to access the API service for a SaaS application. An API service is the programmatic interface through which Fides can query and update data within an application to access, rectify, or delete personal information. Each SaaS tool will have a unique set of endpoints to enable privacy functions.
Salesforce endpoints
In the table below, you can find which endpoints are used for each type of privacy function. Clicking on the endpoint will take you to the documentation for that endpoint.
| Privacy function | Endpoint | Description |
|---|---|---|
| Access Requests | Contact List (opens in a new tab) | Used to search for contacts. |
| Access Requests | Contacts (opens in a new tab) | Used to fetch contacts. |
| Update or Delete Requests | Contacts (opens in a new tab) | Used to mask or erase contact information. |
| Access Requests | Case List (opens in a new tab) | Used to search for cases. |
| Access Requests | Cases (opens in a new tab) | Used to fetch cases. |
| Update or Delete Requests | Cases (opens in a new tab) | Used to mask or erase case information. |
| Access Requests | Lead List (opens in a new tab) | Used to search for leads. |
| Access Requests | Leads (opens in a new tab) | Used to fetch leads. |
| Update or Delete Requests | Leads (opens in a new tab) | Used to mask or erase lead information. |
| Access Requests | Account List (opens in a new tab) | Used to search for accounts. |
| Access Requests | Accounts (opens in a new tab) | Used to fetch accounts. |
| Update or Delete Requests | Accounts (opens in a new tab) | Used to mask or erase account information. |
| Access Requests | Campaign Member List (opens in a new tab) | Used to search for campaign members. |
| Access Requests | Campaign Members (opens in a new tab) | Used to fetch campaign members. |
| Update or Delete Requests | Campaign Members (opens in a new tab) | Used to mask or erase campaign member information. |
Required Policy Updates
Due to widespread field restrictions in Salesforce, the following erasure policy changes should be made when using this integrations. Reference the guide on strategies when making these changes.
- Update the
default_erasure_policyto use therandom_string_rewritestrategy with a length of 20 - Create a new policy for location data using the
null_rewritestrategy - Remove
user.locationfrom the default policy targets and add to the newnull_rewritetarget list - Create a new policy using the
random_string_rewritestrategy for a formatted email, with the suffix format of a valid email (i.e.@masked.com) - Create a new policy using the
string_rewritestrategy for a phone number, with the format of a valid phone number (i.e.5555551111) - Remove
user.contactfrom the default erasure policy and re-apply the following data categories:user.contact.addressuser.contact.organizationuser.contact.urluser.name
- Add
user.contact.emailas a target to the emailrandom_string_rewritepolicy - Add
user.contact.phone_numberanduser.contact.fax_numberas targets to the phone numberstring_rewritepolicy