General
Supported version
The connector is developed using the SOAP API version 3234.0 (Winter '15) and tested with Salesforce Enterprise Edition ('16). Sandbox and production environments can be indexed by the connector.
Limitations
As of June 2016, it was not possible to list members of the computer generated group "All Internal Users". In our test environment this group is used for giving user permissions in Salesforce, but it is not possible to check if a given user is part of this group - to set accurate security permissions. It is possible to check if a user is internal - just not if it's an actual member of this group.
There are several security override possibilities in Salesforce. Permissions can for example be given to different Profiles (Standard User or custom profiles etc.) or to User Roles (can also be custom). Objects can also be set to inherit security from other objects (contacts from accounts) or in user hierarchy. Therefore, Salesforce Security must be tested, using settings from the environment where it will be installed, and maybe some changes must be done to the connector before it can be deployed.
...
A connection to Salesforce is established based on the username, password, User Security Token, Consumer Key and the Consumer Secret provided in the Admin Wizard. The Salesforce API is used for all communication with the application.
Content types
The connector can index following content types.
- Users
- Accounts
- Contacts
- Opportunities
- Leads
- Attachments
User
Selected metadata
...
Field
...
Example
...
Show
...
Searchable
...
Use as refiner
...
Comment
...
Id
...
005A0000006ScSEIA0
...
No
...
No
...
No
...
Internal id
...
A complete list of all user metadata fields can found here:
https://developer.salesforce.com/docs/atlas.en-us.192.0.api.meta/api/sforce_api_objects_user.htm
User items can only be viewed by users that have a profile set to view all users.
Account
Selected metadata
...
Field
...
Example
...
Show
...
Searchable
...
Use as refiner
...
Comment
...
Id
...
001A0000013RamJIAS
...
No
...
No
...
No
...
Internal id
...
USD
...
A complete list of all account metadata fields can found here:
https://developer.salesforce.com/docs/atlas.en-us.192.0.api.meta/api/sforce_api_objects_account.htm
Contact
Selected metadata
...
Field
...
Example
...
Show
...
Searchable
...
Use as refiner
...
Comment
...
Id
...
003A000001gMLRzIAO
...
No
...
No
...
No
...
Internal id
...
A complete list of all contact metadata fields can found here:
https://developer.salesforce.com/docs/atlas.en-us.192.0.api.meta/api/sforce_api_objects_contact.htm
Contacts can be set to inherite security tokens from a accounts - depending on the Salesforce settings.
Opportunity
Selected metadata
...
Field
...
Example
...
Show
...
Searchable
...
Use as refiner
...
Comment
...
Id
...
006A000000Mjv5cIAB
...
No
...
No
...
No
...
Internal id
...
A complete list of all opportunity metadata fields can found here:
https://developer.salesforce.com/docs/atlas.en-us.192.0.api.meta/api/sforce_api_objects_opportunity.htm
Lead
Selected metadata
...
Field
...
Example
...
Show
...
Searchable
...
Use as refiner
...
Comment
...
Id
...
00QA000000hOyJKMA0
...
No
...
No
...
No
...
Internal id
...
ConvertedContact (ConvertedContactId)
...
A complete list of all lead metadata fields can found here:
https://developer.salesforce.com/docs/atlas.en-us.192.0.api.meta/api/sforce_api_objects_lead.htm
Attachment
Selected metadata
...
Field
...
Example
...
Show
...
Searchable
...
Use as refiner
...
Comment
...
Id
...
00PA000000dfTYzMAM
...
No
...
No
...
No
...
Internal id
...
A complete list of all attachment metadata fields can found here:
https://developer.salesforce.com/docs/atlas.en-us.192.0.api.meta/api/sforce_api_objects_attachment.htm
...
Custom Templates
Custom templates are not in use.
Refiners
No refiners are defined in the connector. They must be set up for each installation independently. Under Show Navigator in ViaWorks Locator all the item types and document owners in Salesforce are listed. There the user can specify which items and owners to search for.
Preview
There are is no preview of documents due to the restrictions in Salesforce API usage within 24 hours.
Opening / Buttons
When clicking on the open button all items open directly in Salesforce - where users can see and edit the full content. The user must log in to Salesfoce in order to display the items. Other buttons leads to related objects in Salesforce. The buttons displayed in ViaWorks depends on the item type and its content. For example, only attachments can be downloaded. As an alternative to the buttons, rights clicking on the title lists the options available for an item.
...
...
Function
...
Application
...
Log in required
...
Open
...
Opens a Salesforce URL to the item
...
in Salesforce (web browser)
...
Yes
...
Open Owner
...
Opens a Salesforce URL to the Owner (User) of the item
...
In Salesforce (web browser)
...
Yes
...
Open Parent
...
Opens a Salesforce URL to Parent of the item
...
In Salesforce (web browser)
...
Yes
...
Converted Account
...
Only for leads. Opens a Salesforce URL to the converted account
...
in Salesforce (web browser)
...
Yes
...
Download
...
Only for attachments. Downloads file
...
in web browser
...
Yes
Authentication
At search time users needs to log into their Salesforce accounts in ViaWorks. This authentication is done under Account & Settings and Source Credentials.
The salesforce security token is given for each user and can be reset and sent by email from Salesforce. This user token is needed together with the username and password to get access to the API and use the connector. It is possible to omit the token and only use the username and password to login. This is done by adding the IP in use under IP Login IP Ranges in Salesforce. The ranges are given for each profile group (for example System Administrator etc). Each user having the current profile can then login without the security token. Still a random text string must be filled in the field salesforcetoken in the window, to be able to authenticate the user, but this text is ignored.
Authorization
Items are marked with a list of Salesforce groups and user SIDs at fetching time. At search time, users are given SIDs based on the Salesforce account associated with the ViaWorks login.
Example:
- "SalesF 005A0000004wzojIAA" (User)
- "SalesF 00GA0000001LnPuMAK" (Group)
- "SalesF AllData" (View all data - from profile settings)
- "SalesF Users" (View all users - from profile settings)
Installation
After installing the connector using the MSI package the Salesforce Fetch Service can be started. When the fetch service is running please open the ViaWorks Locator Management Console to set up an connection.
ViaWorks Admin Wizard
When installing the connector the following values in the Admin Wizard below needs to filled in.
Under Salesforce Entities to index, it is possible to restrict indexing to certain object types.
There could be quite strict API restriction for organizations. The maximum number of calls to the API is calculated for a 24 hours period. Information about the current API usage is found in the response header and checked in the program. Two different stop limits are set in the wizard and used by the connector. Both limits are in percentage of the maximum numbers of API calls. The first one is a limit for when to start a full crawl. In the example above this limit is set to 20%. The other limit is when to stop making any API call from the connector. This restriction also includes Salesfoece login in Viaworks. Here this limit is set to 80%. This second limit is also stored in the database to be used within the Security Authentication plugin.
The Consumer Key and the Consumer Secret must be included in the second page of the Admin Wizard. As mentioned under Authentication the User Security Token must be included unless the IP that is used is added to the "Login IP Ranges" in Salesforce (for the profile of the index user).
The values Consumer Key and Consumer Secret are used with the Source Credentials entered in Viaworks (browser login at search time - see Authentication) to authenticate the user. FullStopAPILimit is the same as the second limit from the general settings (stop all API calls). Not even authenticating the user is possible if the organizations API usage exceeds this limit (here set to 80%).
The 3 values used by the Security Authentication plugin are stored in database table search.auth_realm_setting.
Custom Templates
Custom templates are not in use.
Security
A user can be granted access to an item in several ways. Not all possible ways are currently included in the connector. The possible security overrides depends on the Salesforce edition.
The current user security access is implemented in the connector.
- User access is given by the user Id
- Group access is given from user roles and inherited sub roles
- Permission to view all data, if the profile has this access
- Permission to view all users, if the profile has this access
Salesforce Connected Apps
As mentioned above a Connected App must be registered in the Salesforce application to generate a Consumer Key and a Consumer for connecting to the Salesforce API. A Connected App can be created under Setup → Create → Apps as shown below.
...
a connection. If an exe file is used for installing the connector, the Salesforce Fetch Service will start automatically.
Salesforce API
Salesforce objects and the API can be tested in the developer console in the application or in the workbench: https://workbench.developerforce.com/login.php
API Documentation: https://developer.salesforce.com/docs/atlas.en-us.192.0.api.meta/api/sforce_api_quickstart_intro.htm
Salesforce Security
'Who Sees What' Videos: sforce.co/whoseeswhat