Salesforce Application Integration Setup

Getting Started

BalkanID recommends creating a separate service account for the purposes of this integration, instead of using personal or employee named accounts.

Requirements:

• Username

• Consumer Key

To obtain the above, you can following instructions on your Salesforce Portal.

Integration Profile

The integration needs only 2 administrative permissions.

It is best to create a profile for this purpose.

1. Create a BalkanID profile.

2. Grant the following 2 Administrative permissions:

• View Setup and Configuration

• View Roles and Role Hierarchy (prerequisite)

Connected App

A Connected App must be configured for authentication.

1. Go to SalesForce Setup by clicking the Gear icon at the top right.

2. Go to Apps -> App Manager in the left sidebar.

3. Add a new app by clicking New Connected App:

   1. Connected App Name: Balkan ID

   2. API Name: Balkan_ID

   3. Contact Email: [email protected]

   4. Enable Enable OAuth Settings.

   5. Use https://app.balkan.id/api/oauth/sfdc/redirect for Callback URL. The URL is required but not used.

   6. Check Use digital signatures

   7. Click "Choose File" and choose salesforce.crt

BalkanID team will have provided the salesforce.crt prior to this

1. For Selected OAuth Scopes, add Manage user data via APIs (api) and Perform requests on your behalf at any time (refresh_token, offline_access).

2. Enable Require Secret for Web Server Flow.

3. Enable Require Secret for Refresh Token Flow.

4. Click Save to save.

5. On the resulting “View” Connected App page, locate and copy the Consumer Key.

   You will then use this value in the ‘Consumer Key’ field within your BalkanID integration configuration. Note: This key is unique to your specific Salesforce instance and must be configured individually for each customer.

6. On the same “View” connected app page, click Manage.

7. Click Edit Policies.

8. In the OAuth policies section, change Permitted Users to Admin approved users are pre-authorized.

9. Change IP Relaxation to Relax IP restrictions.

10. Click Save to save.

11. Back on the app page again, in the Profiles section, click Manage Profiles.

12. On the Application Profile Assignment page, assign the Read Only profile.

13. Click Save to save.

14. Continue to create the Integration User.

Integration User

The integration impersonates a user. It is best to create a user for this purpose with Read Only access.

• Create a BalkanID user with the following information:

  • Lastname: BalkanID

  • Alias: BalkanID

  • Email: BalkanID

  • User License: Salesforce

  • Role: <None specified>

  • Profile Read Only

  • Username: [email protected]

  • Email: [email protected]

Configure Salesforce in your BalkanID tenant

1. Login to the BalkanID application and switch to the tenant you would like to add your integration to.

2. Head to Integrations > Add Integration, select Salesforce.

   

   
3. Set up the Primary Application owner (mandatory) and the Description, if any. Set up Secondary Application Owner(s), if any.

   Select the Extraction Type. From here, you can configure your application using one of the following methods:

   1. Direct integration - Provide your Salesforce User Name and Consumer Key obtained above to set up a direct connection with BalkanID.

   2. SCIM integration - Provide SCIM server credentials to set up a SCIM connection with BalkanID.

   3. Manual file upload - Upload Entity and Entity Relations through a .CSV file upload. Contact the team for assistance with this.

   4. Automated upload using API - You can upload data using our Bulk APIs with the help of an API key which will be provided to you. Please refer to the entity and entity relation upload docs for specific instructions on uploading your data through the API.

   
4. Click on next to move onto Optional Configuration.

5. Fill Optional configuration, if required.

   
6. Once you filled in the information, click Save. Your integration is now configured and you will see the status of the integration displayed alongside other integrations on the Integrations page. When data is available, the integration Status will read Connected and the integration Message will read Data available.