Salesforce
Learn how to connect your Salesforce accounts with Opal to manage and review access.
Opal natively supports an integration with Salesforce. This integration enables organizations to manage access to permission sets, profiles, and roles.
![](https://files.readme.io/f06330dffb2e879b7270635a6ce5c6827a9ba7a01a9067d6690be5f75efa4005-salesforce-opal-example.png)
1. Create app in Opal
In Opal, go to the Inventory, select the +App icon, and go to the Salesforce app.
2. Create a service account for Opal
Opal requires a service account to manage your Salesforce on your behalf. Follow these instructions:
- In Salesforce, open Setup > Platform Tools > Apps > App Manager > New Connected App (top right). Use the following settings.
Setting | Value |
---|---|
Name | Opal |
API name | opal |
Enable OAuth Settings | Enabled |
Callback URL | https://auth.opal.dev |
Scopes | Manage User Data via APIs Perform requests at any time |
Save the app, then copy the Consumer Key and Consumer Secret. Click Manage > Edit Policies. Under Oauth Policies > Permitted Users, select All users may self-authorize. Under IP Relaxation, select Relax IP restrictions. Save these settings.
- On the left menu, open Setup > Administration > Users > Profiles, and create a new profile for Opal. We recommend using the Existing Profile Minimum Access - Salesforce and setting the Profile Name to Opal Integration.
- On the following page, select Edit and ensure the profile has the following permissions:
- API Enabled
- Assign Permission Sets
- Manage Internal Users
- Manage Profiles and Permission Sets
- Manage Roles
- View all Profiles
- View all Users
- View Roles and Role Hierarchy
- View Setup and Configuration
The Opal integration will be prohibited from assigning any profile with the Modify All Data permission (e.g. System Administrator) unless it also has that permission, so enable Modify All Data.
- Modify All Data
- In Setup > Administration > Users > Users, create a new user. Select the Salesforce User License and the Opal Integration profile you created. You must use a real email address to complete account activation; save the email address. Finally, set all other the required fields to any values; e.g., set Last Name to Opal.
- Open the account activation email and set a long, 32+ random character password—think of this as an API key. For the security question, choose a different long 32+ random character random value. Save the password.
- Log in to the service account and click the user profile avatar in the top right of the page. Copy the Salesforce hostname listed in the dropdown, and save it.
3. Add your credentials in Opal
After you create the service account, go back to Opal and input the user's credentials and the required fields using the values you saved in the previous steps.
Updated 7 days ago