Salesforce Connector

Salesforce generates data for leads, tasks, opportunities, and accounts and employs a variety of features that makes it self-secure and improves the repairing functionality. 

OvalEdge uses API to connect to the data source, which allows users to crawl and profile the data objects (Tables, Table Columns, etc.) and execute Queries.


Connector Capabilities

Functionality Supported Data Objects
Crawling Table, Table Columns, relationships
Profiling Table Profiling, Column Profiling
Query Execution Select, Aggregations, Group By, Order By.

Note: Salesforce does not allow aggregations and grouping on some column types.


The prerequisites to establish a connection to Salesforce are as follows:

  1. Rest API
  2. Service Account set up with required permissions
  3. Configure environment variables (Optional)

    Rest API

    The following are prerequisites required to establish the connection to Salesforce.

    S.No. Drivers/API Version Details
    1 REST API v57.0 -

    Service Account with Minimum Permissions

    The minimum privileges required for the Service account at the source are as follows:

    Operation Minimum Access Permission
    Connection validation Access and manage data (api)

    Crawl Schema/Tables

    Access and manage data (api)

    Profile Schema/Tables

    Access and manage data (api)

    Configure Environment Variables (Optional)

    This section describes the settings or instructions that you should be aware of prior to establishing a connection. If your environments have been configured, skip this step.

    Configure Environment Names

    The Environment Names allow you to select the environment configured for the specific connector from the dropdown list in the Add Connector pop-up window.
    You might want to consider crawling the same schema in both stage and production environments for consistency. The typical environments for crawling are PROD, STG, or Temporary, and may also include QA or other environments. Additionally, crawling a temporary environment can be useful for schema comparisons, which can later be deleted, especially during application upgrade assistance. 

    Steps to Configure the Environment

    1. Navigate to Administration | Configuration 
    2. Select the Connector tab.
    3. Find the Key name “connector.environment”.
    4. Enter the desired environment values (PROD, STG) in the value column. 
    5. Click ✔ to save. 

    Establish a connection

    To establish a Connection to MongoDB:

    1. Log into the OvalEdge application
    2. Navigate to the Administration  | Connectors. The Connectors Information page is displayed.
    3. Click on + New Connector and enter Salesforce in the search bar. The Add Connector pop-up window specific to the Salesforce connector is displayed.


    Fields Details
    Connection Type* The selected connection type ‘Salesforce’ is displayed by default. If required, the dropdown menu allows the user to change the connector type.
    Credential Manager

    Select the option from the drop-down menu, where you want to save your credentials.

    Database: Oracle connection is configured with the basic Username and Password of the service account in real-time when OvalEdge establishes a connection to the Oracle database. 

    HashiCorp: The credentials are stored in the HashiCorp database server and fetched from HashiCorp to OvalEdge.  

    AWS Secrets Manager: The credentials are stored in the AWS Secrets Manager database server and fetched from the AWS Secrets Manager to OvalEdge.

    For more information on Credential Manager, refer to Credential Manager

    License Add-Ons*

    All the connectors will have a Base Connector License by default that allows you to crawl and profile to obtain the metadata and statistical information from a datasource. 

    OvalEdge supports various License Add-Ons based on the connector’s functionality requirements.

    • Select the Auto Lineage Add-On license that enables the automatic construction of the Lineage of data objects for a connector with the Lineage feature. 
    • Select the Data Quality Add-On license to identify, report, and resolve the data quality issues for a connector whose data supports data quality, using DQ Rules/functions, Anomaly detection, Reports, and more.
    • Select the Data Access Add-On license that will enforce connector access via OvalEdge with Remote Data Access Management (RDAM) feature enabled.
    Authentication Type

    OvalEdge provides two types of authentication mechanisms to establish a connection to Salesforce.

    (i) Token Based

    (i) JWT

    User Name Specify the user name for the Salesforce service account.

    The environment dropdown menu allows you to select the environment configured for the connector from the dropdown list. For example, PROD, or STG (based on the configured items in the OvalEdge configuration for the connector.environment).
    The purpose of the environment field is to help you identify which connector is connecting what type of system environment (Production, STG, or QA).  
    Note: The steps to set up environment variables in explained in the prerequisite section.

    Connection Name* Select a connection name for Salesforce. Users must specify a reference name for the easy identification of the Salesforce connection in OvalEdge easily. Example: Salesforce_Connection_DB1
    Password* Enter the Password for the Salesforce Server account.
    Client id*

    Enter the Client ID/Consumer key generated while registering in Salesforce (This will be available once the connected app is set up in Salesforce) using OAuth2.

    Note: While generating a connected app for OvalEdge in Salesforce, a service account will be created.

    Client secret* Enter the Client secret/consumer secret generated while registering in Salesforce (This will be available once the connected app is set up in Salesforce) using OAuth2.
    Security token*

    Enter the security token that will be generated (Once the user resets the password/token an email with the token will be sent to the user's account).

    Note: The user can reset the security token from my profile | Settings| My Personal Information | Reset My Security Token. Also, whenever your password is reset, your security token is also reset.


    Enter Y or N (to specify whether the instance is a sandbox or not)

    Note: The information regarding the Sandbox instance can be checked in the Organization Edition under Company Information under Setup.
    API version

    Select the API version from the dropdown list.

    Example: v51.0

    For more information, please follow the link below:

    Keystore File Path*

    Enter the Keystore File Path after uploading into the NFS connection.

    Note: This option will appear for the JWT authentication type.

    Default Governance Roles*

    You can select a specific user or a  team from the governance roles (Steward, Custodian, Owner) that get assigned for managing the data asset. 

    Note: The dropdown list displays all the configurable roles (single user or a team) as per the configurations made in the OvalEdge Security | Governance Roles section. 

    Admin Roles

    Select the required admin roles for this connector.

    • To add Integration Admin Roles, search for or select one or more roles from the Integration Admin options, and then click on the Apply button. 
      The responsibility of the Integration Admin includes configuring crawling and profiling settings for the connector, as well as deleting connectors, schemas, or data objects.
    • To add Security and Governance Admin roles, search for or select one or more roles from the list, and then click on the Apply button. 
      The security and Governance Admin is responsible for:
      • Configure role permissions for the connector and its associated data objects.
      • Add admins to set permissions for roles on the connector and its associated data objects.
      • Update governance roles.
      • Create custom fields.
      • Develop Service Request templates for the connector.
      • Create Approval workflows for the templates.
    Select Bridge

    With the OvalEdge Bridge component, any cloud-hosted server can connect with any on-premise or public cloud data sources without modifying firewall rules. A bridge provides real-time control that makes it easy to manage data movement between any source and destination.

    For more information, refer to Bridge Overview

    4. Click on the Validate button to validate the connection details.

    5. Click on the Save button to save the connection.  Alternatively, you can also directly click on the Save & Configure button that displays the Connection Settings pop-up window to configure the settings for the selected Connector. The Save & Configure button is displayed only for the Connectors for which the settings configuration is required. 

    Note: * (asterisk) indicates the mandatory field required to create a connection. Once the connection is validated and saved, it will be displayed on the Connectors home page. 
    Note: You can either save the connection details first, or you can validate the connection first and then save it. 

    Connection Validation Errors

    S.No. Error Message Description
    1 Failed to establish connection, please check the credentials(Client Id, Client Secret, Security token, etc.,) Invalid Client ID, User Name, Security Token, and in case of the wrong password and the wrong client secret.

    Note: For any Connector issues, please contact our Customer Support team.

    Connector Setting

    Once the connection is established successfully, various settings are provided to fetch and analyze the information from the data source.  

    The connection settings include Crawler, Profiler, Data Access, Query Policies, Access Instruction, and Others.

    Connector Setting Description

    Crawler settings are configured to connect to a data source and collect and catalog all the data elements in the form of metadata.

    Profiler It is the process of gathering statistics and informative summaries about the connected data source(s). Statistics can help assess the data source's quality before using it in an analysis. Profiling is always optional; crawling can be run without profiling also.
    Data Access The Data Access Authorization is included in the crawler-specific connector settings to ensure that the right user is accessing the query sheet and queries in the data catalog. Here the system validates the user credentials and allows that particular user to access the query sheet and queries in the data catalog. 
    Query Policies

    It restricts the use of the selected query types based on your role.  

    Access Instruction

    Access Instruction allows the data owner to instruct other users on using the objects in the application. 


    The Send Metadata Changes Notifications option is used to set the change notification about the metadata changes of the data objects.

    • Users can use the toggle button to set the Default Governance Roles (Steward, Owner Custodian, etc.) 
    • From the drop-down menu, the user can select the role and team to receive the notification of metadata changes.

    Note: For more information, refer to the Connector Settings.

    The Crawling of Schema(s)

    You can use the Crawl/Profile option, which allows you to select the specific schemas for the following operations: crawl, profile, crawl & profile, or profile unprofiled. For any scheduled crawlers and profilers, the defined run date and time are displayed to set. 
    1. Navigate to the Connectors page, and click on the Crawl/Profile option.
    2. Select the required Schema(s).
    3. Click on the Run button that gathers all metadata from the connected source into OvalEdge Data Catalog.

    Note: For more information on Scheduling, refer to Scheduling Connector

    Additional Information

    This section describes the available authentication types and the FAQs.

    Salesforce Authentication

    OvalEdge supports various authentication types to set up a connection with Salesforce.

      1. Token-Based Authentication

      This is a general authentication process. The authentication process requires the username, password, client Id, client secret, and security token generated while creating the salesforce service account, to set up a connection with the salesforce.

      2. JSON Web Token (JWT)

      The JWT enables identity and security information to be shared across security domains. Salesforce validates the JWT based on a signature using a previously configured certificate and additional parameters. Assuming that the JWT is valid and that the connected app has prior approval, Salesforce issues an access token. 

      The JWT authentication process allows users to set up a connection by providing an additional layer of security in the form of a Keystore file. The Keystore file is in JSON format and contains all the authentication details in the encrypted format. The user can upload the Keystore file to the NFS path and enter the file location in the connector setting form against the Keystore file path.

      It is not mandatory to enter the password, Client Secret and Security token in the connection setting form when JWT authentication is selected.


      Q1. What is the cost of Salesforce API?

      Ans: The cost of the Salesforce API depends on the number of APIs the user calls to Salesforce.

      Copyright © 2023, OvalEdge LLC, Peachtree Corners GA USA