Skip to main content

Salesforce Contacts/Accounts

Connector name

agtsalesforce-ctc

Connector type

Executable

Type (UI field value)

Salesforce Contacts/Accounts

Connector status / support

Bravura Security-Verified

This connector has been tested and is fully supported by Bravura Security.

Bravura Security Fabric lists accounts (as groups), contacts (as users), and manages contacts on Salesforce by using the Salesforce Contacts/Accounts (agtsalesforce-ctc) connector.

Note

See Platform specific SCIM connectors for an alternative connector for Salesforce.

The following Bravura Security Fabric operations are supported by this connector (depending on your product license and version):

  • create account (create contact)

  • add user to group (add contact to Salesforce account)

  • delete user from group (delete contact from Salesforce account)

  • get server information

  • list account attributes (update contact attributes)

  • List:

    • accounts (Salesforce contacts)

    • attributes

    • groups (Salesforce accounts)

    • members

For a full list and explanation of each connector operation, see connector operations.

Preparation

Before you can target Salesforce Contacts/Accounts, you must:

  1. Obtain a Salesforce administrative account with API access permissions.

    This account is used to log into Salesforce to configure the Connected App and manage settings.

  2. Obtain your Salesforce.com Organization ID from your Salesforce instance.

  3. Configure OAuth 2.0 authentication and obtain API credentials:

    Create a Salesforce Connected App with OAuth enabled and obtain:

    • Consumer Key (OAuth Client ID)

    • Consumer Secret (OAuth Client Secret)

    • Required OAuth settings:

      • OAuth 2.0 Client Credentials flow or Web Server flow

      • API access scope: "Manage user data via APIs (api)"

      • Refresh token scope (if using Web Server flow)

    Refer to Salesforce documentation for creating and configuring Connected Apps.

  4. Ensure API access is enabled for the service account profile in Salesforce.

  5. For organizations with API Access Control enabled: Ensure your Connected App is added to the trusted API client list in Salesforce security settings.

  6. Create at least one template account.

  7. Ensure that the Bravura Security Fabric service user is allowed to access Salesforce site via HTTPS.

Creating a template account

Bravura Security Fabric uses template accounts as models or "blueprints" for creating new accounts in Salesforce. The following example illustrates how you can create a template account in Salesforce:

  1. As an administrator, log into the Salesforce application and select Setup > Administer > Manage Users > Users.

  2. Click New user.

  3. Fill in the required fields.

  4. Click Save.

    Note

    AccountId, FirstName and LastName are required attributes when creating a Salesforce contact using the agtsalesforce-ctc connector. Ensure AccountId is valid as invalid accountID will cause contact provisioning to fail.

Ensuring Bravura Security Fabric service user access

The Bravura Security Fabric service user (psadmin) account must be able to access the Salesforce site to list accounts. To ensure that the psadmin account is allowed to access the Salesforce site via HTTPS:

  1. As psadmin, log onto your Bravura Security Fabric server.

  2. Using a browser, access your Salesforce site via HTTPS.

  3. Add the site as a trusted site.

Targeting the Salesforce Contacts/Accounts system

For each Salesforce Contacts/Accounts system, add a target system in Bravura Security Fabric (Manage the System > Resources > Target systems):

  • Type is Salesforce Contacts/Accounts .

  • Address uses options described in the table below.

  • Credentials: Configure two sets of administrator credentials:

    1. Salesforce account credentials:

      • Administrator ID: Your Salesforce administrative username

      • Administrator password: Your Salesforce administrative password

    2. OAuth API credentials (with "System password" flag enabled):

      • Administrator ID: OAuth Consumer Key

      • Administrator password: OAuth Consumer Secret

    Both credential sets are required for proper authentication and API access.

The full list of target parameters is explained in Target System Options .

Table 1. Salesforce Contacts/Accounts address configuration

Option

Description

Options marked with a redstar.png are required.

Server redstar.png

The Salesforce web service URL for your company. This is set to login.salesforce.com by default.

(key: server)

Port

Default is 443.

(key: port)

Connection over SSL

(optional) Select to enforce SSL connections. Default is "true".

(key: ssl)

Validate the server's certificate when connecting

Determines whether to validate the server's security certificate for SSL connections. Default is "true".

(key: checkCert)

HTTP Network Proxy

Optional

(key: proxy)

Version

Optional

(key: ver)

Skip Deleted Users

Optional Determines whether to skip deleted users during list operation. Default is "true".

(key: skipDeleted)



In this section: