# Salesforce Salesforce CRM is a cloud platform for sales, service, and marketing. The underlying metadata (objects, fields, folders, reports, dashboards, and flows) is what teams build analytics and integrations on—so observing that structure helps you understand impact, ownership, and relationships across the org. Euno integrates with Salesforce by **inventorying metadata and lineage**, not by running data-quality monitors against table rows (such as freshness or volume anomaly detection on queried data). This page describes **what Euno captures** and how to **connect using OAuth 2.0 client credentials** via Salesforce’s **External Client App** model (consumer key, consumer secret, and My Domain). Euno's Salesforce integration supports auto-discovery of: * Salesforce Organization * Salesforce Users (when **Observe users & groups** is enabled) * Salesforce Groups (when **Observe users & groups** is enabled) * Salesforce Folders (reports and dashboards) * Salesforce Objects (standard and custom, subject to your patterns) * Salesforce Fields (standard, custom, formula, relationships) * Salesforce Reports * Salesforce Dashboards * Salesforce Flows (when **Include flows** is enabled) ## Capability overview Euno’s Salesforce source emphasizes **discovery and graph relationships**, not running monitors against live Salesforce records: | Area | What Euno does today | | ------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------- | | **Metadata** | Discovers organizations, folders, objects, fields, reports, dashboards, and flows | | **Lineage-style relationships** | Links dashboards → reports; reports and Flows → objects/fields; folders → contents; objects → fields; optional users/groups → ownership | | **Data monitors** | Not applicable—Euno does not run freshness/volume/count monitors on Salesforce data by default | {% hint style="info" %} For **sandbox** vs **production**, use the **My Domain URL** that Salesforce shows for that org (sandbox hostnames typically differ from prod). Paste the full host or the prefix described below; Euno normalizes common formats. {% endhint %} ## Prerequisites / Requirements You need: 1. **An External Client App** in Salesforce with **OAuth 2.0 client credentials flow** enabled and an **execution user** (Salesforce acts on behalf of that user). 2. **Consumer key**, **consumer secret**, and **My Domain** hostname (see setup below). 3. For the execution user profile/permission sets: rights sufficient to describe metadata and read report/dashboard structure over the REST and Analytics APIs, and (**if you enable Flow discovery**) to query **Flow** metadata over the **Tooling API**. ### Recommended permissions on the execution user Grant the Salesforce user designated as **execution user** (or equivalent profile) at least: * **API Enabled** — required for REST access * **View Setup and Configuration** — metadata for objects/setup * **Run Reports** — report metadata/analytics endpoints as needed by your org * **View All Data** *(recommended)* — consistent visibility across objects in large orgs; tighten only if policy requires a scoped integration account * **Tooling API** — for Flow definition reads; omit if **Include flows (Tooling API)** is turned off in Euno. {% hint style="info" %} Many teams create a dedicated **integration / service** user whose only job is powering API clients, assign it the External Client App’s **client credentials execution user**, and grant the minimum workable permissions. {% endhint %} ## Stage 1: Configure Salesforce for API access For many Salesforce orgs, long-lived integrations should use machine-to-machine access instead of **username**, **password**, and **security token** against the legacy login APIs. **Euno uses OAuth client credentials** with an External Client App, as Salesforce documents for secured API access patterns. Consult [Salesforce Help](https://help.salesforce.com/) for your edition’s latest steps (“External Client App,” “OAuth,” “client credentials,” “execution user”)—menu names vary by release. ### Step 1: Create an External Client App Adapt these steps to your Salesforce UI wording (menus change between releases): 1. In Salesforce Setup, open **Apps** → **External Client Apps** (or equivalent) → **External Client App Manager**. 2. **New External Client App** and fill basic information (name, API name, distribution state appropriate for internal use). ### Step 2: Enable OAuth for the app Under the app’s **API / OAuth** settings: * Enable **OAuth**. * Choose **OAuth scopes** that include **API access** (e.g. *Full access (`full`)* if your policy permits, or **`api`** scope as documented for your tooling). * Under **Flow enablement**, turn on **Client credentials flow**. * Salesforce may still require registering a **callback URL** for the Connected / External Client App—even when you only use client credentials—use an HTTPS URL permitted by your org’s policy if prompted. Euno does **not** rely on an interactive browser redirect after client credentials are configured. ### Step 3: Policies and execution user 1. Open **OAuth Policies** / **Policies** for the app. 2. Ensure **Enable Client Credentials Flow** (and any **External Client App** enhancements) are allowed under your policies. 3. Set the **execution user**—the Salesforce user whose rights will apply to REST calls made with tokens from this client. This should be your integration-capable account (see [permissions](#recommended-permissions-on-the-execution-user)). ### Step 4: Consumer key and consumer secret 1. On the app, open **Settings** (or the credentials pane). 2. **Consumer Key / Client ID** and **Consumer Secret** — copy both into Euno (treat the **secret like a password**). ### Step 5: My Domain (hostname) 1. Setup → **Company Settings** → **My Domain** (names vary). 2. Copy **Current My Domain URL**, e.g. `https://acme.my.salesforce.com`. In Euno you can paste either: * The **full URL**, or * The **prefix** used before `.salesforce.com` (example: `acme.my`) Euno strips `https://` and `.salesforce.com` automatically so tokens are requested against the correct host. {% hint style="warning" %} Do **not** use the legacy **`login`** / **`test`** “environment” shorthand as the sole domain string for OAuth client credentials; use the My Domain host Salesforce gives you (sandbox orgs still have their own My Domain URL). {% endhint %} ## Stage 2: Configure the Salesforce source in Euno ### Step 1: Access the Sources page In Euno, open **Sources**, choose **Add New Source**, and select **Salesforce**. ### Step 2: General configuration Asterisk (\*) means a mandatory field. | Configuration | Description | | --------------------- | ------------------------------------------------------- | | **Name**\* | Friendly name for this source | | **Consumer key**\* | External Client App OAuth **Consumer Key / Client ID** | | **Consumer secret**\* | External Client App **Consumer Secret** | | **My Domain host**\* | From My Domain (full URL or `your-org.my` style prefix) | ### Step 3: Schedule Enable **Schedule** and pick a cadence that fits how often your org’s metadata changes. **Daily** or every **12–24 hours** is often enough for metadata; increase frequency if your org changes structure often. {% hint style="info" %} **Recommended**: Schedule the Salesforce integration at least daily so folder, report, and dashboard metadata stays reasonably current. {% endhint %} ### Step 4: Resource cleanup Choose a **Resource cleanup** policy the same way as for other Euno sources (for example immediate cleanup vs retaining stale resources). See [Resource sponsorship and cleanup](/developer-reference/technical-concepts/resource-sponsorship-and-cleanup-in-euno.md). Save the source when you are finished (**Test & Save**). ## What Euno discovers The Salesforce source discovers: * Salesforce Organization * Salesforce Users (when **Observe users & groups** is enabled) * Salesforce Groups (when **Observe users & groups** is enabled) * Salesforce Folders (reports and dashboards) * Salesforce Objects (standard and custom, subject to your patterns) * Salesforce Fields (standard, custom, formula, relationships) * Salesforce Reports * Salesforce Dashboards * Salesforce Flows (when **Include flows (Tooling API)** is enabled) Details of resource types, properties, and relationships: [Salesforce integration discovered resources](/sources/business-intelligence/salesforce-integration/salesforce-integration-discovered-resources.md). ## Advanced settings Open the **Advanced** section on the source form to configure optional filters and scopes. | Configuration | Description | | ------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | **Object filter** | Allow/deny regexes matched against Salesforce **object API names** (e.g. `Account`, `Custom__c`) | | **Report filter** | Allow/deny regexes matched against the report’s **display Name** only (not Id or DeveloperName) | | **Dashboard filter** | Allow/deny regexes matched against the dashboard’s **Title** only (not Id or DeveloperName) | | **Only crawl custom objects** | Limits discovery to objects ending in `__c` | | **Include reports** | Discover reports (default: on); combined with report filter patterns | | **Include dashboards** | Discover dashboards (default: on); combined with dashboard filter patterns | | **Include flows (Tooling API)** | Discover Flow definitions and version metadata for lineage (default: on); requires Tooling/API permissions—disable if your connected app cannot read Flow metadata | | **Observe users & groups** | Emit users/groups for ownership linkage (default: on) | ## Filtering objects, reports, and dashboards You can narrow crawl scope using: * **Object filter** plus **Only crawl custom objects** — control which **sObjects** and their **fields** are observed. * **Report filter** — include or exclude reports by **Name** regex. * **Dashboard filter** — include or exclude dashboards by **Title** regex. Align those patterns with your governance policy; exclusions are governed by your configuration. Reports or dashboards excluded by regex **do not** appear as resources—downstream lineage that would have depended only on those assets will be absent for them. ## Lineage relationships Among other edges, Euno captures: * **Dashboard → Report** references (when describe metadata exposes them, including at crawl time from dashboard describe `components` when available) * **Report → Object / Field** dependencies derived from Analytics **report describe** columns (subject to discovered objects and fields; global processing enriches `table_dependencies` / `upstream_fields` where metadata allows) * **Flow → Object / Field** lineage derived from Flow **record create/update** and related metadata (subject to Flow discovery being enabled and successful Tooling reads) * **Object → Field** containment * **Folder → Report / Dashboard** containment when applicable Exact property names (`table_dependencies`, `upstream_fields`, `salesforce_flow_lineage`, etc.) are summarized in [discovered resources](/sources/business-intelligence/salesforce-integration/salesforce-integration-discovered-resources.md). ## Personal vs. shared folders {% hint style="info" %} **Personal folders**: Reports and dashboards under personal folders (or analogous “Unfiled” buckets) still appear where Salesforce exposes them via API metadata, typically **directly under the organization** rather than under a folder resource—only broadly shared folders show as **`salesforce_folder`** resources depending on Salesforce’s folder model for your tenant. {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.euno.ai/sources/business-intelligence/salesforce-integration.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.