Connect Salesforce

This page describes how to connect Salesforce to Agentspace Enterprise.

Before you begin

Before setting up your connection, do the following:

  1. Use either an Enterprise or a Developer plan. Trial accounts are not supported.
  2. Set up access control for your data source. For information about setting up access control, see Use data source access control.
  3. Verify that the Salesforce CORS allowlist contains Google Cloud.
    1. To configure the allowlist, see Enable CORS for OAuth Endpoints.
    2. To include Google Cloud, add https://console.cloud.google.com/ as the origin URL, and save your configuration.

Create a connected app in Salesforce

You must set up Vertex AI Search as a connected app in Salesforce for API integration.

After you connect Vertex AI Search as a connected app, you can obtain the following authentication information that is needed to create a Salesforce connector in Agentspace Enterprise.

  • Instance URL
  • Consumer ID or client ID
  • Consumer secret or client key

To enable OAuth 2.0 and obtain the authentication information, do the following:

  1. In your Salesforce app, click the setup icon, and then select Setup.

    select setup for your salesforce app
    Select Setup for your Salesforce app

  2. Enter External Client App in the Quick Find box and select External Client App Manager.

  3. In the menu, go to Settings.

  4. Turn the Allow creation of connected apps toggle to the on position and click New Connected App.

    To do so, you must have the correct permissions for external client apps. Verify whether you have the following permissions:

    • Create, edit, and delete external client apps
    • View all external client apps
    • View all external client apps, view their settings, and edit their policies
    Find your app manager and create new connected app
    Find your App Manager and create new connected app

  5. In the creation page for the new connected app, add the basic information for your app, such as the app name, your contact details, and a logo to identify your app. For more information, see Configure Basic Connected App Settings.

  6. In the API (Enable OAuth Settings) section, configure the following OAuth settings. For more information, see Enable OAuth Settings for API Integration.

    Enable and configure OAuth Settings
    Enable and configure OAuth settings

    1. Select Enable OAuth Settings.

    2. Specify the callback URL as https://vertexaisearch.cloud.google.com/console/oauth/salesforce_oauth.html.

    3. In the Selected OAuth scopes section, add Full Access(full) and Perform request at any time (refresh_token, offline_access). For more information, see OAuth Tokens and Scopes.

    4. Select Enable Client Credentials Flow.

    5. Select Enable Authorization Code and Credentials Flow.

    6. Select the Require user credentials in the POST body for Authorization Code and Credentials Flow.

    7. In Custom connected app handler, specify a Run as user. This user must have read permissions to all the entities that the user needs the connector to extract.

      Specify Run as in Custom connected app handler
      Specify a Run as user who has read permissions

  7. Click Save to create the connected app.

  8. Enter Manage connected apps in the Quick Find box and select Manage connected apps.

  9. Find your app in the list, select Edit, and then on the connected app details page select Edit policies to configure the following details:

    manage connected app and edit policies
    Manage the connected app and edit its policies

    1. Set IP Relaxation to Relax IP restrictions.

      Configure the connected app and add client credentials flow
      Additional setup for the connected app and client credentials flow

      This option determines whether the access to the connected app is restricted by IP ranges. IP restrictions are enforced based on how they're set in the user profile. You must verify whether an organization-wide IP ranges enforcement is configured in the user settings. If Enforce login IP ranges on every request is enabled, then setting the IP Relaxation option to Relax IP restrictions doesn't remove the IP restrictions. For more information, see Connected App IP Relaxation and Continuous IP Enforcement. If you want to enforce IP restrictions in the connected app, set up trusted IP. For more information, see Configure Trusted IP Ranges for a Connected App If you don't want to have any IP access restrictions, verify that the Enforce login IP ranges on every request isn't selected.

    2. Set Refresh Token Policy to Refresh token is valid until revoked.

    3. Set Permitted Users to All users may self-authorize.

    4. In the Client Credentials Flow section, specify a Run As user. The specified user must have read permissions to all the entities that they need the connector to extract. To check whether the user you selected has all the required permissions, do the one of the following:

      1. In your Salesforce app, click the setup icon, and then select Setup.
      2. In the main menu, click Users and click the username whose permissions you want to verify.
      3. Click Profiles, go to the Standard object permissions section and verify the permissions.
        Verify user read permissions
        Verify the user's permissions

    5. Verify that the selected user has access to the permissions. This involves checking whether the default access at the user's profile level is set to Private. When an entity's access is set to Private, your Google Cloud connector can't access the required object and registers an error in Cloud Logging. To allow access, do one of the following:

      • Change the default profile permission to Public.
      • Configure the access to each entity separately in Sharing settings.
        Sharing settings for entities
        Configure sharing settings for entities
      • Create a permission set and share the permission set with the user:
        1. Enter Permission sets in the Quick Find box and select Permission sets.
        2. Click New.
        3. Enter a name and save the permission set.
        4. Under System, click System permissions.
        5. Click Edit, select View setup and configuration, and save.
        6. On the Permission sets page, click Manage assignments
        7. Click Add assignments, select the user that you want to assign the permission set to, and then click Assign.
      • For more information, see Data access in Salesforce and Organization-Wide Sharing Defaults.

  10. Click Save.

  11. Enter OAuth and openID connect settings in the Quick Find box, select OAuth and OpenId Connect Settings, and then enable Allow Authorization Code and Credentials Flows

    Set OAuth and openID connect settings
    Set OAuth and openID connect settings

  12. Get the instance URL:

    1. Enter My domain in the Quick Find box and select My Domain.
      Copy app domain name
      Copy your app's domain name
    2. Copy the domain that ends in my.salesforce.com.
    3. Add https:// to the beginning of the copied domain. This is the instance URL that you need when you create the Salesforce connector in Agentspace Enterprise. The instance URL must be in the following format: https://<var>DOMAIN_NAME</var>.my.salesforce.com</var>.

  13. Get the consumer ID and consumer key.

    1. Go to App manager, locate your app, and in the options, select View.
      View app details in app manager
      View app details
    2. Click Manage Customer Details.
      Click manage consumer details
      Click Manage Consumer Details button
    3. If prompted, verify your identity.

    4. Copy the consumer details.

      Copy the consumer key and secret
      Copy the consumer key and secret

      This is the instance URL that you need when you create the Salesforce connector in Agentspace Enterprise.

      If Refresh token is enabled, ensure that the token is refreshed and that you copy the latest token when you create the Salesforce connector in the Agentspace Enterprise.

Create a Salesforce connector

Console

To use the Google Cloud console to sync data from Salesforce to Agentspace Enterprise , follow these steps:

  1. In the Google Cloud console, go to the Agentspace page.

    Agentspace

  2. In the navigation menu, click Data stores.

  3. Click Create data store.

  4. On the Select a data source page, scroll or search for Salesforce to connect your third-party source.

  5. Enter your Salesforce authentication information.

  6. Select which entities to sync and click Continue.

  7. Select a region for your data store.

  8. Enter a name for your data store.

  9. Select a synchronization frequency. After you set up your data source and import data the first time, the data store syncs data from that source at a frequency that you select during setup.

  10. Click Create. Agentspace Enterprise creates your data store and displays your data stores on the Data stores page.

  11. To check the status of your ingestion, go to the Data stores page and click your data store name to see details about it on its Data page. The Connector state changes from Creating to Running when it starts synchronizing data. When ingestion is complete, the state changes to Active to indicate that the connection to your data source is set up and awaiting the next scheduled synchronization.

    Depending on the size of your data, ingestion can take minutes or hours.

Next steps