Salesforce

Overview

Opal natively supports an integration with Salesforce. This integration enables organizations to manage access to permission sets, profiles, and roles

How to Set up the App

Navigate to Apps, click on the + icon, and navigate to the Salesforce App:

Create a service account for Opal

Opal requires a service account to manage your Salesforce on your behalf. Follow these instructions:

  • In Salesforce, open Setup › Platform Tools › Apps › App Manager › New Connected App (top right). Use the name "Opal", API name "opal", and any contact email. Select "Enable OAuth Settings." Set the callback URL to "https://auth.opal.dev" and add the "Manage User Data via APIs", and "Perform requests at any time" scopes. Save the app, then copy the Consumer Key and Consumer Secret below. Click Manage › Edit Policies. › Under Oauth Policies › Permitted Users, select "All users may self-authorize." Under IP Relaxation, select "Relax IP restrictions." Save these settings.

  • On the left menu, open Setup › Administration › Users › Profiles, and create a new profile for Opal. We recommend using the Existing Profile "Minimum Access - Salesforce" and setting the Profile Name to "Opal Integration".

  • On the following page, click "Edit" and ensure the profile has the following permissions

    • API Enabled
      Assign Permission Sets
      Manage Internal Users
      Manage Profiles and Permission Sets
      Manage Roles
      View all Profiles
      View all Users
      View Roles and Role Hierarchy
      View Setup and Configuration
  • The Opal integration will be prohibited from assigning any profile with the "Modify All Data" permission (e.g. System Administrator) unless it also has that permission

    • Modify All Data
  • In Setup › Administration › Users › Users, create a new user. Select the "Salesforce" User License and the "Opal Integration" profile you created. You must use a real email address to complete account activation; save the email address below. Finally, set all other the required fields to any values; e.g., set Last Name to "Opal".
  • Open the account activation email and set a long, 32+ random character password (think of this as an API key). For the security question, choose a different long 32+ random character random value. Save the password below.
  • Log in to the service account and click the user profile avatar in the top right of the page. Copy the Salesforce hostname listed in the dropdown, and save it below.

Add your service account credentials

Once the service account is created, please input the user's credentials and some information about the connection.