Skip to main content
All CollectionsConnectors
Salesforce Connector
Salesforce Connector
Cindy Chang avatar
Written by Cindy Chang
Updated over a month ago

  • Glean requires authentication to the Salesforce instance in order to fetch relevant Objects (Cases, Knowledge Articles)

  • Authentication is done via an OAuth flow to authenticate Glean with your Salesforce instance.

  • Glean will understand which Objects a user has access to and will strictly enforce permissions for users, down to the record level at the time of the query which will ensure that user’s are not able to see results which they do not have access to.

  • It’s important to note that all data is stored in the customer’s cloud account and no data leaves the customer environment.

Integration Features

Glean will initially capture the following Objects:

  • Knowledge Base articles

  • Cases

  • Case Comment

  • Documents

  • Opportunities

  • Leads

  • Contacts

  • Accounts

  • Discussion Forums

  • Tasks

For Tasks glean currently captures only partial permissions. Only the owner of the task(assigned to) and users above the owner in the salesforce role hierarchy will have access to the task on glean search. Additionally users with view all data access will have permission to view all Tasks on glean search.

In addition, Glean allows customers to set up crawling Custom Objects. Let a Glean representative know if you wish to crawl Custom Objects, and follow [External] Salesforce Custom Objects Setup after this setup guide is complete.

Glean does not currently support capturing any native Salesforce object apart from the objects listed.

In order to provide the best experience, over time we will continue to increase the number of Objects that we ingest and provide search functionality for.

Salesforce API Usage

In order to gain access to the relevant objects in the Salesforce instance, Glean uses the

Salesforce API to retrieve data records.

  • Glean uses the Salesforce REST API via SOQL queries (v45.0 by default) to fetch all created and updated objects.

Custome. Service Account User requirements

  • Glean recommends creating a permanent Service Account user for the integration. Please use a Service Account to create the token to ensure that Glean does not lose access if the employee who performed the authentication changes roles or leaves the company.

  • Glean currently has 2 options for configuring Salesforce

    • Full Administrator

      • The user must be an admin in the Salesforce instance being authenticated, i.e. have the “System Administrator” profile.

      • We need an admin profile as many objects crucial to understanding the permissioning model are only accessible by admin profile.

      • The user will require read only access to all of the Objects that the customer would like to have indexed.

    • Non-Administrator

      • The user record should have “knowledge user” checked IF your company uses knowledge.

      • Profile: API User with minimal perms

      • Administrative Permissions

        • To allow API access

          • API Enabled = true

        • Required for capturing doc permissions:

          • View Roles and Role Hierarchy = true

          • View Setup and Configuration = true

          • View Data Categories in Setup = true

          • View All Profiles = true

          • View all Users = true

          • View Dashboards in Public Folders = true

          • View Reports in Public Folders = true

        • Needed for ranking

          • View All Activities = true

        • To limit token capabilities (optional)

          • Api Only User = true

        • To crawl FeedItem -- for discussion forums and chatter on other objects

          • Chatter Internal User = true

          • View all data = true

        • To crawl tasks

          • Access Activities = true

          • View all data = true

      • Custom App Settings:

        • To crawl discussion forums

          • Community (Standard__Community): Visible

        • To crawl discussion forums and chatter

          • Salesforce chatter (standard__Chatter): Visible

      • Object Settings:

        • For each object: view all + read access to all fields for every object.

        • Account

        • Campaign

        • Case

        • Contact

        • Lead

        • Opportunity

        • Knowledgebase Articles

Setup

Prerequisites

The integration requires a Salesforce administrator (user with System Administrator profile) to set up properly or a Custom Service Account User. Glean recommends creating a permanent service account user with a supported Profile for the integration.

Glean offers two options for configuring a valid Profile (or Permission Set) for the Salesforce integration.

  • If you plan on using the default System Administrator Profile for the service account, you can skip the following setup steps.

  • If you plan on using a custom, non-administrator Profile, ensure the Profile has the following permissions set up (if using a permission set, check the equivalent permissions for the permission set).

  1. Login to Salesforce. Navigate to Setup on the top right. On the left hand side, under Administration (Administer for Salesforce Classic), go to Users (Manage Users for Salesforce Classic) and then Profiles.

  2. Select an existing Profile that will be used for the integration and hit Edit, or create a New Profile.

  3. Under Custom App Settings, if you plan on indexing the following objects, ensure that the settings in Table 1 are checked.

  4. Under Administrative Permissions, ensure that the permissions in Table 2 are checked (any unset permission may lead to integration issues)

  5. Under General User Permissions, ensure that

    • Access Activities is checked. This is required to crawl tasks within Salesforce instance.

    • Allow View Knowledge is checked. This is used to crawl all supported knowledge bases within the Salesforce instance.

  6. Under Standard Object Permissions, ensure that we have both Read and View All permissions to the following objects:

    • Accounts

    • Campaigns

    • Cases

    • Contacts

    • Leads

    • Opportunities

  7. Save the Profile. Finally, back on the left hand side, select Users, and create a new user with the associated Profile from the previous steps. Ensure that Knowledge User and Service Cloud User are both checked before hitting Save.

  8. You are now ready to authorize access on the main page with the newly created user.

Table 1. Custom App Settings

Content

Permission Setting

Discussion Forums

Community (Standard__Community): Visible

Discussion Forums and Chatter

Salesforce Chatter (Standard__Chatter): Visible

Table 2. Administrative Permissions

Permission Setting

Reasoning

API Enabled

Allows access to Salesforce API to ingest data

View Roles and Role Hierarchy

Captures document permissions for any object (users, permission sets, etc.) with an associated Role

View Setup and Configuration

Captures organization-level document permissioning

View Data Categories in Setup

Captures organization and access control in Salesforce Knowledge and Discussion Forums (Chatter)

View All Profiles

Captures document permissions for any object (users, permission sets, etc.) with associated Profiles

View All Users

Captures users to understand document permissions for each individual

View Reports in Public Folders

Captures public access reports

View Dashboards in Public Folders

Captures public access dashboards

Chatter Internal User

Captures discussion forums, chatter, and other feed-related items

View All Data

Allows the ability to directly query for all tasks and feed-related items

Post Setup

Depending on which objects admins choose to set up and support, let a Glean representative know if any default objects are omitted from the setup and not intended for crawl (e.g. Discussion/FeedItem or Knowledge).

For any questions or issues with this setup, please reach out to support@glean.com.

Did this answer your question?