The Salesforce Organizational Identity Source Plugin is designed to integrate with Salesforce via the Force.com REST API. The Salesforce OIS Plugin is available in Registry v3.1.0 and later.
Modes
Org Identity Source Mode | Support |
|---|---|
| Manual Search and Linking | Supported |
| Enrollment, Authenticated | Not supported |
| Enrollment, Claim | Not supported |
| Enrollment, Search | Supported |
| Enrollment, Select | Supported |
Org Identity Sync Mode | Support |
|---|---|
| Full | Not supported |
| Query | Supported |
| Update | Supported |
| Manual | Supported |
Installation
This is a non-core plugin, see Installing and Enabling Registry Plugins for more information.
Configuration
The Plugin may be used to connect to either production or sandbox environments.
- Add a new Organizational Identity Source, via Configuration > Organizational Identity Sources > Add Organizational Identity Source.
- Set the Plugin type to SalesforceSource.
- For information about other configuration options, see Organizational Identity Sources.
- Click Add.
- After the configuration has been saved, a Salesforce Redirect URI will be available. Keep this handy for the next step.
Salesforce requires the use of HTTPS for the callback. Your Registry installation must be running under HTTPS.
- In another browser tab or window, login to Salesforce. Add a new Connected App via Setup > Quick Links > Manage Apps. Click the New button in the Connected Apps section.
- Set the Connected App Name and Contact Email.
- Under API, tick Enable OAuth Settings.
- Set the Callback URL to the URI provided in step 1, above.
- Added at least these two OAuth Scopes:
- Access and manage your data (api)
- Perform requests on your behalf at anytime (refresh_token, offline_access)
- Click Save. (You may need to scroll up to see the confirmation message.)
- On the next page, a Consumer Key and Consumer Secret will be made available. Keep these handy for the next step.
- Return to the Organizational Identity Source configuration and complete the configuration.
- Salesforce Base URL: The base URL of your Salesforce instance, eg https://cs123.salesforce.com
- Client ID: The Consumer Key obtained in step 2.
- Client Secret: The Consumer Secret obtained in step 2.
- Select which objects you would like to be searched.
- If you do not select either Search Contacts or Search Users, then all objects will be searched. Such a configuration is not recommended.
- Click Save.
- Return to the Salesforce Connected App configuration page, click the Manage button at the top, then click the Edit Policies button. Update the policies as follows:
- Permitted Users: All users may self-authorize
- IP Relaxation: Relax IP restrictions
You may instead be able to set Trusted IP Range for OAuth Web server flow from the Connected App's main configuration page.
- Refresh Token Policy: Refresh token is valid until revoked
- Click Save.
- Finally, return to the Organizational Identity Source configuration to obtain an OAuth token.
- The configuration should indicate that the Auth Token is "Not Set", and there should now be a button "Obtain New Token".
- Upon clicking that button, you will be taken to the Salesforce login page. Log in as a sufficiently authorized user.
- After successful login, you should be returned to the OIS configuration page, and the Auth Token should now be "Set".
- Should it ever be necessary to obtain a new token (eg: if the administrator who performed the initial setup no longer has a valid Salesforce account), simply return to the configuration page and click the "Obtain New Token" button again.
The Salesforce API has request limits that vary according to the service tier and available licenses. Once the Organizational Identity Source configuration has been set up, a View API Limits button will become available to see the current API usage.
Note that the API call required to determine the current API limits counts against the API limit.