Salesforce
Salesforce CRM is a cloud platform for sales, service, and marketing. The underlying metadata (objects, fields, folders, reports, and dashboards) is what teams build analytics and integrations on—so observing that structure helps you understand impact, ownership, and relationships across the org.
Euno integrates with Salesforce by inventorying metadata and lineage, not by running data-quality monitors against table rows (such as freshness or volume anomaly detection on queried data). This page describes what Euno captures and how to connect using OAuth 2.0 client credentials via Salesforce’s External Client App model (consumer key, consumer secret, and My Domain).
Capability overview
Euno’s Salesforce source emphasizes discovery and graph relationships, not running monitors against live Salesforce records:
Metadata
Discovers organizations, folders, objects, fields, reports, and dashboards
Lineage-style relationships
Links dashboards → reports they use; folders → contents; objects → fields; optional users/groups → ownership
Data monitors
Not applicable—Euno does not run freshness/volume/count monitors on Salesforce data by default
For sandbox vs production, use the My Domain URL that Salesforce shows for that org (sandbox hostnames typically differ from prod). Paste the full host or the prefix described below; Euno normalizes common formats.
What Euno discovers
The integration supports auto-discovery of:
Salesforce Organization
Salesforce Users (when Observe users & groups is enabled)
Salesforce Groups (when Observe users & groups is enabled)
Salesforce Folders (reports and dashboards)
Salesforce Objects (standard and custom, subject to your patterns)
Salesforce Fields (standard, custom, formula, relationships)
Salesforce Reports
Salesforce Dashboards
Details of resource types and properties: Salesforce integration discovered resources.
Salesforce requirements
You need:
An External Client App in Salesforce with OAuth 2.0 client credentials flow enabled and an execution user (Salesforce acts on behalf of that user).
Consumer key, consumer secret, and My Domain hostname (see setup below).
For the execution user profile/permission sets: rights sufficient to describe metadata and read report/dashboard structure over the REST and Analytics APIs.
Recommended permissions on the execution user
Grant the Salesforce user designated as execution user (or equivalent profile) at least:
API Enabled — required for REST access
View Setup and Configuration — metadata for objects/setup
Run Reports — report metadata/analytics endpoints as needed by your org
View All Data (recommended) — consistent visibility across objects in large orgs; tighten only if policy requires a scoped integration account
Many teams create a dedicated integration / service user whose only job is powering API clients, assign it the External Client App’s client credentials execution user, and grant the minimum workable permissions.
Connecting to Salesforce (External Client App — recommended)
For many Salesforce orgs, long-lived integrations should use machine-to-machine access instead of username, password, and security token against the legacy login APIs. Euno uses OAuth client credentials with an External Client App, as Salesforce documents for secured API access patterns.
Consult Salesforce Help for your edition’s latest steps (“External Client App,” “OAuth,” “client credentials,” “execution user”)—menu names vary by release.
Step 1: Create an External Client App
Adapt these steps to your Salesforce UI wording (menus change between releases):
In Salesforce Setup, open Apps → External Client Apps (or equivalent) → External Client App Manager.
New External Client App and fill basic information (name, API name, distribution state appropriate for internal use).
Step 2: Enable OAuth for the app
Under the app’s API / OAuth settings:
Enable OAuth.
Choose OAuth scopes that include API access (e.g. Full access (
full) if your policy permits, orapiscope as documented for your tooling).Under Flow enablement, turn on Client credentials flow.
Salesforce may still require registering a callback URL for the Connected / External Client App—even when you only use client credentials—use an HTTPS URL permitted by your org’s policy if prompted. Euno does not rely on an interactive browser redirect after client credentials are configured.
Step 3: Policies and execution user
Open OAuth Policies / Policies for the app.
Ensure Enable Client Credentials Flow (and any External Client App enhancements) are allowed under your policies.
Set the execution user—the Salesforce user whose rights will apply to REST calls made with tokens from this client. This should be your integration-capable account (see permissions).
Step 4: Consumer key and consumer secret
On the app, open Settings (or the credentials pane).
Consumer Key / Client ID and Consumer Secret — copy both into Euno (treat the secret like a password).
Step 5: My Domain (hostname)
Setup → Company Settings → My Domain (names vary).
Copy Current My Domain URL, e.g.
https://acme.my.salesforce.com.
In Euno you can paste either:
The full URL, or
The prefix used before
.salesforce.com(example:acme.my)
Euno strips https:// and .salesforce.com automatically so tokens are requested against the correct host.
Do not use the legacy login / test “environment” shorthand as the sole domain string for OAuth client credentials; use the My Domain host Salesforce gives you (sandbox orgs still have their own My Domain URL).
Configure the Salesforce source in Euno
General configuration
Name*
Friendly name for this source
Consumer key*
External Client App OAuth Consumer Key / Client ID
Consumer secret*
External Client App Consumer Secret
My Domain host*
From My Domain (full URL or your-org.my style prefix)
Then set Scheduling, resource cleanup, and save as for other sources. For cadence, daily or every 12–24 hours is often enough for metadata; increase frequency if your org changes structure often.
Recommended: Schedule the Salesforce integration at least daily so folder, report, and dashboard metadata stays reasonably current.
Resource cleanup
Uses the same sponsorship/cleanup semantics as other Euno sources. See Resource sponsorship and cleanup.
Advanced settings
Object pattern
Allow/deny regexes for Salesforce object API names (default often includes everything)
Only crawl custom objects
Limits discovery to objects ending in __c
Include reports
Discover reports (default: on)
Include dashboards
Discover dashboards (default: on)
Observe users & groups
Emit users/groups for ownership linkage (default: on)
Object filtering
You can narrow which objects are crawled using Euno’s Object pattern and Only crawl custom objects settings instead of indexing every object in the org. Align those patterns with your governance policy; exclusions are governed by your configuration, not by a fixed static list inside Euno.
Lineage relationships
Among other edges, Euno captures:
Dashboard → Report references
Object → Field containment
Folder → Report / Dashboard containment when applicable
See discovered resources for canonical types and relationships.
Personal vs. shared folders
Personal folders: Reports and dashboards under personal folders (or analogous “Unfiled” buckets) still appear where Salesforce exposes them via API metadata, typically directly under the organization rather than under a folder resource—only broadly shared folders show as salesforce_folder resources depending on Salesforce’s folder model for your tenant.
Last updated