Elastic Salesforce connector reference | Enterprise Search documentation [8.12]

IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.

› ›

« Elastic S3 connector reference Elastic ServiceNow connector reference »

Elastic Salesforce connector referenceedit

The Elastic Salesforce connector is a connector for Salesforce data sources.

Native connector reference (managed service)edit

View reference for the native connector reference (managed service).

Availability and prerequisitesedit

This connector is available as a native connector in Elastic Cloud since 8.12.0. To use this connector, satisfy all connector client requirements.

This connector is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features.

Compatibilityedit

This connector is compatible with the following:

Salesforce
Salesforce Sandbox

Usageedit

To use this connector as a connector client, use the Connector workflow in the Kibana UI.

For additional operations, see connectors usage.

You need to create an Salesforce connected app with OAuth2.0 enabled to authenticate with Salesforce.

Create a Salesforce connected appedit

The Salesforce connector authenticates with Salesforce through a connected app. Follow the official Salesforce documentation for Configuring a Connected App for the OAuth 2.0 Client Credentials Flow.

When creating the connected app, in the section titled API (Enable OAuth Settings) ensure the following settings are enabled:

Enable OAuth Settings
Enable for Device Flow
- Callback URL should be the Salesforce dummy callback URL, https://test.salesforce.com/services/oauth2/success
Require Secret for Web Server Flow
Require Secret for Refresh Token Flow
Enable Client Credentials Flow

All other options should be disabled. Finally, in the section Selected OAuth Scopes, include the following OAuth scopes:

Manage user data via APIs (api)
Perform requests at any time (refresh_token, offline_access)

Salesforce admin requirementsedit

By default, the Salesforce connector requires global administrator permissions to access Salesforce data. Expand the section below to learn how to create a custom Salesforce user with minimal permissions.

Create a custom Salesforce user with minimal permissions

By creating a custom profile with sufficient permissions from the Setup menu, you can remove the system administrator role requirement for fetching data from Salesforce.

To create a new profile:

From the Salesforce Setup menu, go to Administration ⇒ Users ⇒ Profiles.
Create a new profile.
Choose Read Only or Standard User from the Existing Profile dropdown. Name the profile and save it.

By default, Read Only or Standard User users have read permission to access all standard objects.
Edit the newly created profile. Under Object Permissions, assign at least Read access to the standard objects and custom objects you want to ingest into Elasticsearch.
Make sure the newly created profile has at least Read access for the following standard objects:
- Account
- Campaign
- Case
- Contact
- EmailMessage
- Lead
- Opportunity
- User
  
  If using advanced sync rules you’ll need to assign Read access for that specific object in the profile.
Go to Users ⇒ Profiles and assign the newly created profile to the user.
Go to Connected apps, select your app and then select Edit policies. Assign the client credentials flow to the user with the custom profile in Salesforce.

Now, the connector can be configured for this user profile to fetch all object records, without needing the system administration role.

Configurationedit

The following settings are required to set up this connector:

Domain (required): The domain for your Salesforce account. This is the subdomain that appears in your Salesforce URL. For example, if your Salesforce URL is foo.my.salesforce.com, then your domain would be foo. If you are using Salesforce Sandbox, your URL will contain an extra subdomain and will look similar to foo.sandbox.my.salesforce.com. In this case, your domain would be foo.sandbox.
Client ID (required): The Client ID generated by your connected app. The Salesforce documentation will sometimes also call this a Consumer Key
Client Secret (required): The Client Secret generated by your connected app. The Salesforce documentation will sometimes also call this a Consumer Secret.

Finding the Client ID and Client Secretedit

The Client ID and Client Secret are not automatically shown to you after you create a connected app. You can find them by taking the following steps:

Navigate to Setup
Go to Platform Tools > Apps > App Manager
Click on the triangle next to your app and select View
After the page loads, click on Manage Consumer Details

Your Client ID and Client Secret should now be visible at the top of the page.

Sync rulesedit

Basic sync rules are identical for all connectors and are available by default. For more information read Types of sync rule.

Advanced sync rulesedit

A full sync is required for advanced sync rules to take effect.

The following section describes advanced sync rules for this connector. Advanced sync rules enable filtering of data in Salesforce before indexing into Elasticsearch.

They take the following parameters:

query : Salesforce query to filter the documents.
language : Salesforce query language. Allowed values are SOQL and SOSL.

Fetch documents based on the query and language specifiededit

Example: Fetch documents using SOQL query

[
  {
    "query": "SELECT Id, Name FROM Account",
    "language": "SOQL"
  }
]

Example: Fetch documents using SOSL query.

[
  {
    "query": "FIND {Salesforce} IN ALL FIELDS",
    "language": "SOSL"
  }
]

Fetch standard and custom objects using SOQL and SOSL queriesedit

Example: Fetch documents for standard objects via SOQL and SOSL query.

[
  {
    "query": "SELECT Account_Id, Address, Contact_Number FROM Account",
    "language": "SOQL"
  },
  {
    "query": "FIND {Alex Wilber} IN ALL FIELDS RETURNING Contact(LastModifiedDate, Name, Address)",
    "language": "SOSL"
  }
]

Example: Fetch documents for custom objects via SOQL and SOSL query.

[
  {
    "query": "SELECT Connector_Name, Version FROM Connector__c",
    "language": "SOQL"
  },
  {
    "query": "FIND {Salesforce} IN ALL FIELDS RETURNING Connectors__c(Id, Connector_Name, Connector_Version)",
    "language": "SOSL"
  }
]

Fetch documents with standard and custom fieldsedit

Example: Fetch documents with all standard and custom fields for Account object.

[
  {
    "query": "SELECT FIELDS(ALL) FROM Account",
    "language": "SOQL"
  }
]

Example: Fetch documents with all custom fields for Connector object.

[
  {
    "query": "SELECT FIELDS(CUSTOM) FROM Connector__c",
    "language": "SOQL"
  }
]

Example: Fetch documents with all standard fields for Account object.

[
  {
    "query": "SELECT FIELDS(STANDARD) FROM Account",
    "language": "SOQL"
  }
]

Documents and syncsedit

The connector syncs the following Salesforce objects:

Accounts
Campaigns
Cases
Contacts
Content Documents (files uploaded to Salesforce)
Leads
Opportunities

The connector will not ingest any objects that it does not have permissions to query.

Content Extractionedit

The connector will retrieve Content Documents from your Salesforce source if they meet the following criteria:

Are attached to one or more objects that are synced
Are of a file type that can be extracted

This means that the connector will not ingest any Content Documents you have that are not attached to a supported Salesforce object. See documents and syncs for a list of supported object types.

If a single Content Document is attached to multiple supported objects, only one Elastic document will be created for it. This document will retain links to every object that it was connected to in the related_ids field.

See content extraction for more specifics on content extraction.

Known issuesedit

There are currently no known issues for this connector. Refer to connector known issues for a list of known issues for all connectors.

Securityedit

See connectors security.

Framework and sourceedit

This connector is built with the Elastic connector framework.

View the source code for this connector (branch 8.12, compatible with Elastic 8.12).

Connector client reference (self-managed)edit

View reference for the connector client reference (self-managed).

Availability and prerequisitesedit

This connector is available as a self-managed connector client. This connector client is compatible with Elastic versions 8.10.0+. To use this connector, satisfy all connector client requirements.

Compatibilityedit

This connector is compatible with the following:

Salesforce
Salesforce Sandbox

Usageedit

To use this connector as a connector client, use the Connector workflow in the Kibana UI.

For additional operations, see connectors usage.

You need to create an Salesforce connected app with OAuth2.0 enabled to authenticate with Salesforce.

Create a Salesforce connected appedit

When creating the connected app, in the section titled API (Enable OAuth Settings) ensure the following settings are enabled:

Enable OAuth Settings
Enable for Device Flow
- Callback URL should be the Salesforce dummy callback URL, https://test.salesforce.com/services/oauth2/success
Require Secret for Web Server Flow
Require Secret for Refresh Token Flow
Enable Client Credentials Flow

All other options should be disabled. Finally, in the section Selected OAuth Scopes, include the following OAuth scopes:

Manage user data via APIs (api)
Perform requests at any time (refresh_token, offline_access)

Salesforce admin requirementsedit

Create a custom Salesforce user with minimal permissions

By creating a custom profile with sufficient permissions from the Setup menu, you can remove the system administrator role requirement for fetching data from Salesforce.

To create a new profile:

From the Salesforce Setup menu, go to Administration ⇒ Users ⇒ Profiles.
Create a new profile.
Choose Read Only or Standard User from the Existing Profile dropdown. Name the profile and save it.

By default, Read Only or Standard User users have read permission to access all standard objects.
Edit the newly created profile. Under Object Permissions, assign at least Read access to the standard objects and custom objects you want to ingest into Elasticsearch.
Make sure the newly created profile has at least Read access for the following standard objects:
- Account
- Campaign
- Case
- Contact
- EmailMessage
- Lead
- Opportunity
- User
  
  If using advanced sync rules you’ll need to assign Read access for that specific object in the profile.
Go to Users ⇒ Profiles and assign the newly created profile to the user.
Go to Connected apps, select your app and then select Edit policies. Assign the client credentials flow to the user with the custom profile in Salesforce.

Now, the connector can be configured for this user profile to fetch all object records, without needing the system administration role.

Deployment using Dockeredit

Connector clients are run on your own infrastructure.

You can deploy the Salesforce connector as a self-managed connector client using Docker. Follow these instructions.

Step 1: Download sample configuration file

Download the sample configuration file. You can either download it manually or run the following command:

curl https://raw.githubusercontent.com/elastic/connectors/main/config.yml.example --output ~/connectors-config/config.yml

Remember to update the --output argument value if your directory name is different, or you want to use a different config file name.

Step 2: Update the configuration file for your self-managed connector

Update the configuration file with the following settings to match your environment:

elasticsearch.host
elasticsearch.api_key
connectors

If you’re running the connector service against a Dockerized version of Elasticsearch and Kibana, your config file will look like this:

# When connecting to your cloud deployment you should edit the host value
elasticsearch.host: http://host.docker.internal:9200
elasticsearch.api_key: <ELASTICSEARCH_API_KEY>

connectors:
  -
    connector_id: <CONNECTOR_ID_FROM_KIBANA>
    service_type: salesforce
    api_key: <CONNECTOR_API_KEY_FROM_KIBANA>

Using the elasticsearch.api_key is the recommended authentication method. However, you can also use elasticsearch.username and elasticsearch.password to authenticate with your Elasticsearch instance.

Note: You can change other default configurations by simply uncommenting specific settings in the configuration file and modifying their values.

Step 3: Run the Docker image

Run the Docker image with the Connector Service using the following command:

docker run \
-v ~/connectors-config:/config \
--network "elastic" \
--tty \
--rm \
docker.elastic.co/enterprise-search/elastic-connectors:8.12.2.0 \
/app/bin/elastic-ingest \
-c /config/config.yml

Refer to DOCKER.md in the elastic/connectors repo for more details.

Find all available Docker images in the official registry.

We also have a quickstart self-managed option using Docker Compose, so you can spin up all required services at once: Elasticsearch, Kibana, and the connectors service. Refer to this README in the elastic/connectors repo for more information.

Configurationedit

The following settings are required to set up this connector:

domain(required): The domain for your Salesforce account. This is the subdomain that appears in your Salesforce URL. For example, if your Salesforce URL is foo.my.salesforce.com, then your domain would be foo. If you are using Salesforce Sandbox, your URL will contain an extra subdomain and will look similar to foo.sandbox.my.salesforce.com. In this case, your domain would be foo.sandbox.
client_id(required): The Client ID generated by your connected app. The Salesforce documentation will sometimes also call this a Consumer Key
client_secret(required): The Client Secret generated by your connected app. The Salesforce documentation will sometimes also call this a Consumer Secret.

Finding the Client ID and Client Secretedit

The Client ID and Client Secret are not automatically shown to you after you create a connected app. You can find them by taking the following steps:

Navigate to Setup
Go to Platform Tools > Apps > App Manager
Click on the triangle next to your app and select View
After the page loads, click on Manage Consumer Details

Your Client ID and Client Secret should now be visible at the top of the page.

Sync rulesedit

Basic sync rules are identical for all connectors and are available by default.

For more information read sync rules.

Advanced sync rulesedit

A full sync is required for advanced sync rules to take effect.

The following section describes advanced sync rules for this connector. Advanced sync rules enable filtering of data in Salesforce before indexing into Elasticsearch.

They take the following parameters:

query : Salesforce query to filter the documents.
language : Salesforce query language. Allowed values are SOQL and SOSL.

Fetch documents based on the query and language specifiededit

Example: Fetch documents using SOQL query

[
  {
    "query": "SELECT Id, Name FROM Account",
    "language": "SOQL"
  }
]

Example: Fetch documents using SOSL query.

[
  {
    "query": "FIND {Salesforce} IN ALL FIELDS",
    "language": "SOSL"
  }
]

Fetch standard and custom objects using SOQL and SOSL queriesedit

Example: Fetch documents for standard objects via SOQL and SOSL query.

[
  {
    "query": "SELECT Account_Id, Address, Contact_Number FROM Account",
    "language": "SOQL"
  },
  {
    "query": "FIND {Alex Wilber} IN ALL FIELDS RETURNING Contact(LastModifiedDate, Name, Address)",
    "language": "SOSL"
  }
]

Example: Fetch documents for custom objects via SOQL and SOSL query.

[
  {
    "query": "SELECT Connector_Name, Version FROM Connector__c",
    "language": "SOQL"
  },
  {
    "query": "FIND {Salesforce} IN ALL FIELDS RETURNING Connectors__c(Id, Connector_Name, Connector_Version)",
    "language": "SOSL"
  }
]

Fetch documents with standard and custom fieldsedit

Example: Fetch documents with all standard and custom fields for Account object.

[
  {
    "query": "SELECT FIELDS(ALL) FROM Account",
    "language": "SOQL"
  }
]

Example: Fetch documents with all custom fields for Connector object.

[
  {
    "query": "SELECT FIELDS(CUSTOM) FROM Connector__c",
    "language": "SOQL"
  }
]

Example: Fetch documents with all standard fields for Account object.

[
  {
    "query": "SELECT FIELDS(STANDARD) FROM Account",
    "language": "SOQL"
  }
]

Documents and syncsedit

The connector syncs the following Salesforce objects:

Accounts
Campaigns
Cases
Contacts
Content Documents (files uploaded to Salesforce)
Leads
Opportunities

The connector will not ingest any objects that it does not have permissions to query.

Content Extractionedit

The connector will retrieve Content Documents from your Salesforce source if they meet the following criteria:

Are attached to one or more objects that are synced
Are of a file type that can be extracted

This means that the connector will not ingest any Content Documents you have that are not attached to a supported Salesforce object. See documents and syncs for a list of supported object types.

See content extraction for more specifics on content extraction.

Known issuesedit

There are currently no known issues for this connector. Refer to connector known issues for a list of known issues for all connectors.

Securityedit

See connectors security.

Framework and sourceedit

This connector is built with the Elastic connector framework.

View the source code for this connector (branch 8.12, compatible with Elastic 8.12).

« Elastic S3 connector reference Elastic ServiceNow connector reference »