Skip to content
User Guides
Integrations
SaaS applications
Salesforce

Salesforce

This Integration requires Fides Cloud or Fides Enterprise. For more information, talk to our solutions team. (opens in a new tab)

Salesforce (opens in a new tab) is a cloud-based customer relationship management (CRM) platform that helps businesses manage sales, marketing, and customer service interactions in a unified system..

Prerequisites

To integrate with Salesforce, we require our customers to use a Connected App. This ensures exclusive data control, enhances security by reducing unauthorized access risks, and allows customization of scopes and permissions to suit your business needs and policies.

To configure a Connected App, please follow this Salesforce guide (opens in a new tab) and complete the following steps, at minimum:

  1. Configure Basic Connected App Settings
  2. Uncheck Require Proof Key for Code Exchange (PKCE) Extension for Supported Authorization Flows
  3. Enable OAuth Settings for API Integration including assigning, at least, the scope for Manage user data via APIs to your connected app for API access.
  4. Enter the callback URL using your Fides Redirect URL (typically https://fides-host.com/api/v1/oauth/callback)

Once you have this configured, you'll need to collect the following information:

NameDescription
Domain*Your Salesforce URL. To find this, please follow the Salesforce guide for viewing instance information (opens in a new tab).
Consumer Key*Your OAuth client ID. Follow Salesforce's docs to retrieve your OAuth credentials (opens in a new tab)
Consumer Secret*Your OAuth client secret. Follow Salesforce's docs to retrieve your OAuth credentials (opens in a new tab)
Redirect URL*The Fides URL to which users will be redirected upon successful authentication (ex. https://fides-host.com/api/v1/oauth/callback)
Token Refresh URL*The Salesforce URL for refresh tokens. This should not be changed unless using a Sandbox account, when it should be set to test.salesforce.com

Integrating with Salesforce

To integrate an existing system with Salesforce:

  1. Navigate to Data mapView Systems and choose the system that you want to connect.
  2. Click on the Integrations tab.
  3. Pick the vendor or system type that you want to integrate with from the Connection type drop-down menu.
  4. Complete the required fields for the integration and click Save.

To authorize the integration so that it can connect to Salesforce:

  1. Click on Authorize integration to be redirected to the Salesforce authorization screen
  2. Enter your Salesforce credentials and click Log in. You will automatically be redirected back to the Fides UI using the Redirect URL that was provided in the form in the previous step.

You may now confirm your connection is working using the Test connection button, if desired.

To learn more, please see our guide for Managing Integrations.

Technical detail

Fides utilizes API endpoints to access the API service for a SaaS application. An API service is the programmatic interface through which Fides can query and update data within an application to access, rectify, or delete personal information. Each SaaS tool will have a unique set of endpoints to enable privacy functions.

Salesforce endpoints

In the table below, you can find which endpoints are used for each type of privacy function. Clicking on the endpoint will take you to the documentation for that endpoint.

Privacy functionEndpointDescription
Access RequestsContact List (opens in a new tab)Used to search for contacts.
Access RequestsContacts (opens in a new tab)Used to fetch contacts.
Update or Delete RequestsContacts (opens in a new tab)Used to mask or erase contact information.
Access RequestsCase List (opens in a new tab)Used to search for cases.
Access RequestsCases (opens in a new tab)Used to fetch cases.
Update or Delete RequestsCases (opens in a new tab)Used to mask or erase case information.
Access RequestsLead List (opens in a new tab)Used to search for leads.
Access RequestsLeads (opens in a new tab)Used to fetch leads.
Update or Delete RequestsLeads (opens in a new tab)Used to mask or erase lead information.
Access RequestsAccount List (opens in a new tab)Used to search for accounts.
Access RequestsAccounts (opens in a new tab)Used to fetch accounts.
Update or Delete RequestsAccounts (opens in a new tab)Used to mask or erase account information.
Access RequestsCampaign Member List (opens in a new tab)Used to search for campaign members.
Access RequestsCampaign Members (opens in a new tab)Used to fetch campaign members.
Update or Delete RequestsCampaign Members (opens in a new tab)Used to mask or erase campaign member information.

Required Policy Updates

Due to widespread field restrictions in Salesforce, the following erasure policy changes should be made when using this integrations. Reference the guide on strategies when making these changes.

  • Update the default_erasure_policy to use the random_string_rewrite strategy with a length of 20
  • Create a new policy for location data using the null_rewrite strategy
  • Remove user.location from the default policy targets and add to the new null_rewrite target list
  • Create a new policy using the random_string_rewrite strategy for a formatted email, with the suffix format of a valid email (i.e. @masked.com)
  • Create a new policy using the string_rewrite strategy for a phone number, with the format of a valid phone number (i.e. 5555551111)
  • Remove user.contact from the default erasure policy and re-apply the following data categories:
    • user.contact.address
    • user.contact.organization
    • user.contact.url
    • user.name
  • Add user.contact.email as a target to the email random_string_rewrite policy
  • Add user.contact.phone_number and user.contact.fax_number as targets to the phone number string_rewrite policy
RollbarSegment