Salesforce generates data for leads, tasks, opportunities, and accounts and employs a variety of features that makes it self-secure and improves the repairing functionality.
OvalEdge uses API to connect to the data source, which allows users to crawl and profile the data objects (Tables, Table Columns, etc.) and execute Queries.
Connector Capabilities
| Functionality | Supported Data Objects |
| Crawling | Table, Table Columns, relationships |
| Profiling | Table Profiling, Column Profiling |
| Query Execution | Select, Aggregations, Group By, Order By. |
Note: Salesforce does not allow aggregations and grouping on some column types.
Prerequisites
The prerequisites to establish a connection to Salesforce are as follows:
- Rest API
- Service Account set up with required permissions
- Configure environment variables (Optional)
Rest API
The following are prerequisites required to establish the connection to Salesforce.
| S.No. | Drivers/API | Version | Details |
| 1 | REST API | v57.0 | - |
Service Account with Minimum Permissions
The minimum privileges required for the Service account at the source are as follows:
| Operation | Minimum Access Permission |
| Connection validation | Access and manage data (api) |
|
Crawl Schema/Tables |
Access and manage data (api) |
| Profile Schema/Tables |
Access and manage data (api) |
Configure Environment Variables (Optional)
This section describes the settings or instructions that you should be aware of prior to establishing a connection. If your environments have been configured, skip this step.
Configure Environment Names
The Environment Names allow you to select the environment configured for the specific connector from the dropdown list in the Add Connector pop-up window.
You might want to consider crawling the same schema in both stage and production environments for consistency. The typical environments for crawling are PROD, STG, or Temporary, and may also include QA or other environments. Additionally, crawling a temporary environment can be useful for schema comparisons, which can later be deleted, especially during application upgrade assistance.
Steps to Configure the Environment
- Navigate to Administration | Configuration
- Select the Connector tab.
- Find the Key name “connector.environment”.
- Enter the desired environment values (PROD, STG) in the value column.
- Click ✔ to save.
Establish a connection
To establish a Connection to MongoDB:
- Log into the OvalEdge application
- Navigate to the Administration | Connectors. The Connectors Information page is displayed.
- Click on + New Connector and enter Salesforce in the search bar. The Add Connector pop-up window specific to the Salesforce connector is displayed.
| Fields | Details |
| Connection Type* | The selected connection type ‘Salesforce’ is displayed by default. If required, the dropdown menu allows the user to change the connector type. |
| Credential Manager |
Select the option from the drop-down menu, where you want to save your credentials. Database: Oracle connection is configured with the basic Username and Password of the service account in real-time when OvalEdge establishes a connection to the Oracle database. HashiCorp: The credentials are stored in the HashiCorp database server and fetched from HashiCorp to OvalEdge. AWS Secrets Manager: The credentials are stored in the AWS Secrets Manager database server and fetched from the AWS Secrets Manager to OvalEdge. For more information on Credential Manager, refer to Credential Manager |
| License Add-Ons* |
All the connectors will have a Base Connector License by default that allows you to crawl and profile to obtain the metadata and statistical information from a datasource. OvalEdge supports various License Add-Ons based on the connector’s functionality requirements.
|
| Authentication Type |
OvalEdge provides two types of authentication mechanisms to establish a connection to Salesforce. (i) Token Based (i) JWT |
| User Name | Specify the user name for the Salesforce service account. |
| Environment |
The environment dropdown menu allows you to select the environment configured for the connector from the dropdown list. For example, PROD, or STG (based on the configured items in the OvalEdge configuration for the connector.environment). |
| Connection Name* | Select a connection name for Salesforce. Users must specify a reference name for the easy identification of the Salesforce connection in OvalEdge easily. Example: Salesforce_Connection_DB1 |
| Password* | Enter the Password for the Salesforce Server account. |
| Client id* |
Enter the Client ID/Consumer key generated while registering in Salesforce (This will be available once the connected app is set up in Salesforce) using OAuth2. Note: While generating a connected app for OvalEdge in Salesforce, a service account will be created. |
| Client secret* | Enter the Client secret/consumer secret generated while registering in Salesforce (This will be available once the connected app is set up in Salesforce) using OAuth2. |
| Security token* |
Enter the security token that will be generated (Once the user resets the password/token an email with the token will be sent to the user's account). Note: The user can reset the security token from my profile | Settings| My Personal Information | Reset My Security Token. Also, whenever your password is reset, your security token is also reset. |
| IS SANDBOX? |
Enter Y or N (to specify whether the instance is a sandbox or not) Note: The information regarding the Sandbox instance can be checked in the Organization Edition under Company Information under Setup. |
| API version |
Select the API version from the dropdown list. Example: v51.0 For more information, please follow the link below: https://help.salesforce.com/s/articleView?id=000386929&type=1 |
| Keystore File Path* |
Enter the Keystore File Path after uploading into the NFS connection. Note: This option will appear for the JWT authentication type. |
| Default Governance Roles* |
You can select a specific user or a team from the governance roles (Steward, Custodian, Owner) that get assigned for managing the data asset. Note: The dropdown list displays all the configurable roles (single user or a team) as per the configurations made in the OvalEdge Security | Governance Roles section. |
| Admin Roles |
Select the required admin roles for this connector.
|
| Select Bridge |
With the OvalEdge Bridge component, any cloud-hosted server can connect with any on-premise or public cloud data sources without modifying firewall rules. A bridge provides real-time control that makes it easy to manage data movement between any source and destination. For more information, refer to Bridge Overview |
4. Click on the Validate button to validate the connection details.
5. Click on the Save button to save the connection. Alternatively, you can also directly click on the Save & Configure button that displays the Connection Settings pop-up window to configure the settings for the selected Connector. The Save & Configure button is displayed only for the Connectors for which the settings configuration is required.
Note: * (asterisk) indicates the mandatory field required to create a connection. Once the connection is validated and saved, it will be displayed on the Connectors home page.
Note: You can either save the connection details first, or you can validate the connection first and then save it.
Connection Validation Errors
| S.No. | Error Message | Description |
| 1 | Failed to establish connection, please check the credentials(Client Id, Client Secret, Security token, etc.,) | Invalid Client ID, User Name, Security Token, and in case of the wrong password and the wrong client secret. |
Note: For any Connector issues, please contact our Customer Support team.
Connector Setting
Once the connection is established successfully, various settings are provided to fetch and analyze the information from the data source.
The connection settings include Crawler, Profiler, Data Access, Query Policies, Access Instruction, and Others.
| Connector Setting | Description |
| Crawler |
Crawler settings are configured to connect to a data source and collect and catalog all the data elements in the form of metadata. |
| Profiler | It is the process of gathering statistics and informative summaries about the connected data source(s). Statistics can help assess the data source's quality before using it in an analysis. Profiling is always optional; crawling can be run without profiling also. |
| Data Access | The Data Access Authorization is included in the crawler-specific connector settings to ensure that the right user is accessing the query sheet and queries in the data catalog. Here the system validates the user credentials and allows that particular user to access the query sheet and queries in the data catalog. |
| Query Policies |
It restricts the use of the selected query types based on your role. |
| Access Instruction |
Access Instruction allows the data owner to instruct other users on using the objects in the application. |
| Others |
The Send Metadata Changes Notifications option is used to set the change notification about the metadata changes of the data objects.
|
Note: For more information, refer to the Connector Settings.
The Crawling of Schema(s)
You can use the Crawl/Profile option, which allows you to select the specific schemas for the following operations: crawl, profile, crawl & profile, or profile unprofiled. For any scheduled crawlers and profilers, the defined run date and time are displayed to set.- Navigate to the Connectors page, and click on the Crawl/Profile option.
- Select the required Schema(s).
- Click on the Run button that gathers all metadata from the connected source into OvalEdge Data Catalog.
Note: For more information on Scheduling, refer to Scheduling Connector
Additional Information
This section describes the available authentication types and the FAQs.
Salesforce Authentication
OvalEdge supports various authentication types to set up a connection with Salesforce.
1. Token-Based Authentication
This is a general authentication process. The authentication process requires the username, password, client Id, client secret, and security token generated while creating the salesforce service account, to set up a connection with the salesforce.
2. JSON Web Token (JWT)
The JWT enables identity and security information to be shared across security domains. Salesforce validates the JWT based on a signature using a previously configured certificate and additional parameters. Assuming that the JWT is valid and that the connected app has prior approval, Salesforce issues an access token.
The JWT authentication process allows users to set up a connection by providing an additional layer of security in the form of a Keystore file. The Keystore file is in JSON format and contains all the authentication details in the encrypted format. The user can upload the Keystore file to the NFS path and enter the file location in the connector setting form against the Keystore file path.
It is not mandatory to enter the password, Client Secret and Security token in the connection setting form when JWT authentication is selected.
FAQs
Q1. What is the cost of Salesforce API?
Ans: The cost of the Salesforce API depends on the number of APIs the user calls to Salesforce.
Copyright © 2023, OvalEdge LLC, Peachtree Corners GA USA