Skip to main content

Prepare Salesforce Sales Cloud connector

The Salesforce Sales Cloud connector retrieves information about subscriptions and users, including third-party accounts that you have given access to your Salesforce instance.

In Salesforce, you are required to create a connected app, retrieve consumer key and consumer secret, request a refresh token, and add these values in Settings when adding the connector.


A Salesforce account of the proper edition is required to connect to the Salesforce API. See Salesforce's Help And Training Community documentation for more information.

If you have Multi Factor Authentication (MFA) for the organisation it must be enabled before creation of the app that will be used for the authentication in the API integration.

User permissions needed to read, create, update, or delete connected apps in Salesforce:

  • Customize Application and

  • Modify All Data or Manage Connected Apps


  1. Sign in to Salesforce:

  2. Create a connected app and set the scopes.

    1. Create a new Connected App.

    2. Enter the required information in Connected App Name, API Name, and Contact Email.

    3. Select Enable OAuth Settings and Enable for Device Flow.

      Leave all other checkboxes how they are selected by default.

    4. In Selected OAuth Scopes, add the following scopes:

      • Perform requests at any time (refresh_token, offline_access)

      • Full access (full)

    5. Select Save.

  3. Generate the Consumer Key and Consumer Secret for the created app.

    Since you have changed the scopes, you need to regenerate these values for the app.

    1. On the details page for the new app, select Manage Consumer Details.

    2. In Staged Consumer Details, select Generate.

      This generates new values.

    3. In Staged Consumer Details, select Apply.

      This invalidates the current values and adds the new ones to Consumer Details.

    4. Copy the vales for Consumer Key and Consumer Secret. They are used in the following steps, and when adding the connector.


      The changes can take up to 10 minutes to take effect before you can go on to Step 4.

  4. Request a refresh token with the OAuth2 authentication process.

    1. In the browser where you are signed in to Salesforce, paste the URL below and replace <CLIENT_ID> with the copied Consumer Key value.<CLIENT_ID>&redirect_uri=
    2. Press Enter.

      An OAuth2 authentication process starts.

    3. Select Continue, and then Allow.

    4. If the authentication is successful, the page shows the message Remote Access Application Authorization.

    5. Locate the code part and save it. It is used in the following step.

      It is the part after code= in the browser URI

    6. Run the following command in a command line.

      Use the cURL tool and replace <CODE> with the code copied in Step 4.e, and replace <CLIENT_ID> and CLIENT_SECRET with the copied Consumer Key and Consumer Secret values respectively.

      curl -XPOST '<CODE>&grant_type=authorization_code&client_id=<CLIENT_ID>&client_secret=<CLIENT_SECRET>&'


      Every value that is inserted into the URL must be properly encoded. If you, for example, use the Postman instead of the cURL tool, you need to decode the copied code first.

    7. In the generated JSON response, cope the value displayed for refresh_token and save it. It is used when adding the connector.

      It is the value displayed between the quotation marks.

  5. When adding the connector, in Settings, enter the values from Salesforce according to the table.


    Value from Salesforce

    Client ID

    The Consumer Key of the connected app that you created in Salesforce.

    Client secret

    The Consumer Secret of the connected app that you created in Salesforce.

    Refresh token

    The refresh token that you generated during the authentication process.

    Login URL

    The URL of the authorization server.

    • for production environments - this is the default value

    • for sandbox environments

    Company names

    The legal entities in your organization for which you want to collect data.

    • An asterisk, *, collects data for all domains connected to your organization, including user accounts without email address. This is the default value.

    • One or several domains connected to your organization collects data only for those, and will exclude user accounts without email address. One name per row.

    If you add both an asterisk and names, the asterisk takes precedence and data is collected for all legal entities.


    When the asterisk is kept in this field, the connector retrieves all subscriptions and users, including third-party accounts that you have given access to your Salesforce instance.

    If you add company names, the connector imports users only for the specified legal entities. However, the connector imports the total number of assigned subscriptions for your organization from Salesforce, regardless of entered company names.

    Therefore, if you add company names, there may be a mismatch in the SaaS pages between the number of users and the number of assigned subscriptions for your Salesforce instance.

After completing this task, follow the general procedure to Add connectors.

The connector makes API calls to the vendor to retrieve data.