Skip to main content
This is an updated and improved version of the Salesforce connector! If you’re setting up Salesforce with C1 for the first time, you’re in the right place.

Availability

C1 only integrates with the Salesforce editions with API access: Salesforce Enterprise, Unlimited, Developer, and Performance editions. You cannot use this connector successfully with Group or Essentials editions, or with Professional edition without an API add-on. Learn more about which Salesforce editions support API access in the Salesforce documentation.

Capabilities

ResourceSyncProvision
Accounts*
Groups
Roles
Permission sets
Permission set groups
Profiles
Connected apps
The Salesforce connector supports automatic account provisioning. This connector does not support account deprovisioning. You must deprovision accounts directly in Salesforce. *You have the option to sync user accounts that use non-standard licenses.

Connector actions

Connector actions are custom capabilities that extend C1 automations with app-specific operations. You can use connector actions in the Perform connector action automation step.
Action nameAdditional fieldsDescription
update_user_statusresource_id (string, required)
is_active (Boolean, required)		Updates a Salesforce user’s status to active or inactive

Gather Salesforce credentials

Configuring the connector requires you to pass in credentials generated in Salesforce. Gather these credentials before you move on.
The connector user must have the API Enabled and Manage Users system permissions. If syncing connected apps, also add Customize Application. If using provisioning, also add Manage Roles and Role Hierarchy and Manage Groups.

Enable API access and permissions for your Salesforce user

Before you begin, make sure that the Salesforce user who will set up the integration with C1 has the required system permissions. The recommended approach is to create a Permission Set and assign it to the connector user.
1
Log into Salesforce as an Administrator. Click the gear icon and select Setup.
2
Search for “permission sets” and select Permission Sets.
3
Click New to create a permission set (for example, “ConductorOne Connector Access”).
4
In the permission set, click System Permissions, then click Edit.
5
Enable API Enabled and Manage Users. If syncing connected apps, also enable Customize Application. If using provisioning, also enable Manage Roles and Role Hierarchy and Manage Groups.
6
Click Save.
7
Click Manage Assignments, then Add Assignment to assign the permission set to the connector user.
Your connector user now has the required permissions to sync Salesforce data.

Locate your Salesforce domain

1
Log into the Salesforce admin panel and copy the URL from your browser.
C1 integrates with domains that use one of the following Salesforce URL structures:
  • my.salesforce.com
  • sandbox.my.salesforce.com
  • test.salesforce.com
  • lightning.force.com
  • develop.lightning.force.com
  • sandbox.lightning.force.com
That’s it! Next, move on to the connector configuration instructions.

Configure the Salesforce connector

To complete this task, you’ll need:
  • The Connector Administrator or Super Administrator role in C1
  • Access to the set of Salesforce credentials generated by following the instructions above
Follow these instructions to use a built-in, no-code connector hosted by C1.
1
In C1, navigate to Integrations > Connectors and click Add connector.
2
Search for Salesforce v2 and click Add.
3
Choose how to set up the new Salesforce connector:
  • Add the connector to a currently unmanaged app (select from the list of apps that were discovered in your identity, SSO, or federation provider that aren’t yet managed with C1)
  • Add the connector to a managed app (select from the list of existing managed apps)
  • Create a new managed app
4
Set the owner for this connector. You can manage the connector yourself, or choose someone else from the list of C1 users. Setting multiple owners is allowed.If you choose someone else, C1 will notify the new connector owner by email that their help is needed to complete the setup process.
5
Click Next.
6
Find the Settings area of the page and click Edit.
7
Select your method of authenticating to Salesforce and click either OAuth or Username and password.
8
If you chose OAuth:
  1. In the Domain field, enter your Salesforce domain.
  2. Optional. Check the box to tell C1 to use Salesforce usernames as the email addresses for your organization’s accounts. This option is especially helpful if your organization uses multiple service accounts that all share a noreply@salesforce.com email address.
  3. Optional. Check the box if you want the connector to sync connected apps.
  4. Optional. Uncheck the box if you do not want to sync deactivated users.
  5. Optional. Check the box if you want the connector to sync users on non-standard licenses, such as external users.
  6. Optional. Create a map of the Salesforce license types used by your organization and the profile associated with each license type that has the fewest permissions. C1 will use this information when deprovisioning user profiles to automatically reassign the user to the least-privilege profile associated with their license type.
  7. Click Save.
  8. Click Login with OAuth.
  9. Log in and authorize C1 with your Salesforce instance.
  10. You will then be redirected back to the Salesforce setup page in C1, where you’ll see an authorization message.
If you chose Username and password:
  1. Enter your Salesforce username and password in the top two fields.
  2. Enter your Salesforce security token in the Security token field. If trusted IP is configured on your user, entering this token is optional. If needed, refer to Reset Your Security Token in the Salesforce documentation.
  3. In the Domain field, enter your Salesforce domain.
  4. Optional. Check the box to tell C1 to use Salesforce usernames as the email addresses for your organization’s accounts. This option is especially helpful if your organization uses multiple service accounts that all share a noreply@salesforce.com email address.
  5. Optional. Check the box if you want the connector to sync connected apps.
  6. Optional. Uncheck the box if you do not want to sync deactivated users.
  7. Optional. Check the box if you want the connector to sync users on non-standard licenses, such as external users.
  8. Optional. Create a map of the Salesforce license types used by your organization and the profile associated with each license type that has the fewest permissions. C1 will use this information when deprovisioning user profiles to automatically reassign the user to the least-privilege profile associated with their license type.
  9. Click Save.
9
The connector’s label changes to Syncing, followed by Connected. You can view the logs to ensure that information is syncing.
That’s it! Your Salesforce connector is now pulling access data into C1.

Troubleshooting the Salesforce integration

When I try to log in with OAuth, I see a “This feature is not currently enabled for this user” error

Salesforce returns this error if the user who is logging in with OAuth does not have permission to access the Salesforce APIs: 
{"code":2, "message":"error getting info from connectorClient: [simpleforce] Error. http code: 403 Error Message:  This feature is not currently enabled for this user. Error Code: FUNCTIONALITY_NOT_ENABLED"}
If you see this message, follow the instructions to Enable API access and permissions for your Salesforce user and then try logging in again.

When I try to sync, I see an “insufficient access rights on cross-reference id” error

Salesforce returns this error if the connector user does not have sufficient permissions: 
{"error": "error: listing resources failed: rpc error: code = InvalidArgument desc = 400 Bad Request\n[simpleforce] Error. http code: 400 Error Message:  insufficient access rights on cross-reference id Error Code: INSUFFICIENT_ACCESS"}
Create a Permission Set with the following system permissions and assign it to the connector user: Required system permissions for sync:
PermissionPurpose
API EnabledAccess Salesforce APIs
Manage UsersRead users and setup objects
Customize ApplicationRequired only if syncing connected apps
Additional permissions required for provisioning:
PermissionPurpose
Manage Roles and Role HierarchyAssign and revoke role assignments
Manage GroupsAdd and remove users from public groups
To fix this error, follow the instructions to Enable API access and permissions for your Salesforce user to create a Permission Set with the required permissions and assign it to the connector user.