Salesforce Application Integration Setup

Getting Started

BalkanID recommends creating a separate service account for the purposes of this integration, instead of using personal or employee named accounts.

Requirements:

• Username

• Consumer Key

To obtain the above, you can following instructions on your Salesforce Portal.

Integration Profile

The integration needs only 2 administrative permissions.

It is best to create a profile for this purpose.

1. Create a BalkanID profile.

2. Grant the following 2 Administrative permissions:

• View Setup and Configuration

• View Roles and Role Hierarchy (prerequisite)

Connected App

A must be configured for authentication.

3. Add a new app by clicking New Connected App:

   1. Connected App Name: Balkan ID

   2. API Name: Balkan_ID

   4. Enable Enable OAuth Settings.

   5. Use https://app.balkan.id/api/oauth/sfdc/redirect for Callback URL. The URL is required but not used.

   6. Check Use digital signatures

   7. Click "Choose File" and choose salesforce.crt

BalkanID team will have provided the salesforce.crt prior to this

1. For Selected OAuth Scopes, add Manage user data via APIs (api) and Perform requests on your behalf at any time (refresh_token, offline_access).

2. Enable Require Secret for Web Server Flow.

3. Enable Require Secret for Refresh Token Flow.

4. Click Save to save.

5. On the resulting “View” connected app page, copy the Consumer Key and use it as the value for SALESFORCE_INT_APP_CONSUMER_KEY in configuration. This will differ per customer so needs to be configured per customer until sharing a Connected App is enabled.

6. On the same “View” connected app page, click Manage.

7. Click Edit Policies.

8. In the OAuth policies section, change Permitted Users to Admin approved users are pre-authorized.

9. Change IP Relaxation to Relax IP restrictions.

10. Click Save to save.

11. Back on the app page again, in the Profiles section, click Manage Profiles.

12. On the Application Profile Assignment page, assign the Read Only profile.

13. Click Save to save.

14. Continue to create the Integration User

Integration User

The integration impersonates a user. It is best to create a user for this purpose with Read Only access.

• Create a BalkanID user

• • Lastname: BalkanID

  • Alias: BalkanID

  • Email: BalkanID

  • User License: Salesforce

  • Role: <None specified>

  • Profile Read Only

  • Username: balkanid@example.test

  • Email: balkanid@example.test

Configure Salesforce in your BalkanID tenant

1. Login to the BalkanID application and switch to the tenant you would like to add your integration to.

2. Head to Integrations > Third Party Applications and click Add Integration, select Salesforce. Set up the Primary Application owner and the Description, if any.
3. Salesforce would have been added to the list of applications. Click on the Configure and Integrate button beside the integration name, and configure the fields with the values that were noted prior. It should look like this:
4. Once you filled in the information, click Save changes. Your integration is now configured and you will see the status of the integration displayed alongside other integrations on the Integrations page. Integrations are synced daily. When data is available, the integration Status column will read Connected and the integration Message will read Data available.