Salesforce (opens new window) is a best-of-breed cloud customer relationship management app, enabling organizations to easily manage and track leads, contacts, and opportunities. It is built on the Force.com (opens new window) platform, and can be readily extended with an expansive range of third-party marketplace apps and other Salesforce products that encompasses sales, marketing, customer service and commerce.
# API version
The Salesforce connector uses Salesforce REST API (opens new window).
# Supported editions and versions
The Salesforce connector works with all Salesforce cloud instances, for example, Professional, Enterprise, Unlimited, and Developer. It also supports the following (not limited to) editions of Salesforce:
- Salesforce Sales Cloud
- Salesforce Service Cloud
- Salesforce Partner Community
- To login, go to
Advanced settingsin the connection and provide the community custom domain
- To login, go to
- Salesforce Commerce Cloud
- Salesforce Consumer Goods Cloud
- Salesforce Marketing Cloud
- SFMC has a separate connector
It also works with
Force.com applications. For all other editions not mentioned above, please contact your Workato representative for assistance.
# How to connect to Salesforce on Workato
The Salesforce connector uses OAuth 2.0 authentication to authenticate with Salesforce.
Configured Salesforce connection
- Connection name
Give this Salesforce connection a unique name that identifies which Salesforce instance it is connected to.
To connect to a Salesforce Sandbox instance, simply use the login credentials for your sandbox account and select "yes" on this field.
- Salesforce community custom domain URL
The URL to your Salesforce community's custom domain.
- Requested permissions
Select permissions to request for this connection. Defaults to full (all permissions) if left blank. Minimum permissions required are basic info, manage data and make requests at any time; those are always requested in addition to selected permissions.
Fill in the above fields and click connect. A Salesforce connection pop-up prompts you to provide your Salesforce login credentials for OAuth 2.0 authorization with username and password.
# Roles and permissions required to connect
Salesforce users can connect to Salesforce from Workato. We recommend that a separate user be created for integration purposes.
The connected user will have the same permissions (opens new window) through the Workato Salesforce connector as in Salesforce. They will be able to read and write the objects as specified in their Salesforce profile. The user profile should be setup to allow appropriate access to the requisite objects required for the recipes. The permissions can be edited via the connected user's profile in Salesforce.
User permissions and access settings are specified in profiles and permission sets. To use them effectively, understand the differences between profiles and permission sets as follows:
User permissions and access settings specify what users can do within an organization:
- Permissions determine a user's ability to edit an object record, view the Setup menu, permanently delete records in the Recycle Bin, or reset a user's password.
- Access settings determine other functions, such as access to Apex classes, app visibility etc.
Every user is assigned only one profile, but can have multiple permission sets. When determining access for your user, use profiles to assign the minimum permissions and access settings for specific groups of users. Then use permission sets to grant more permissions as needed.
# API Enabled permission
The connected user's profile should be API enabled. This permission can be found in
API enabled permission - profile setup
# Standard and custom object permissions
To interact with an object in Salesforce, it is recommended that the connected user's profile needs to have permissions to
modify all for the standard or custom object in your Salesforce organization. This is to avoid any confusion for example, when the connected user is unable to update/upsert to certain records.
View this Salesforce article (opens new window) for the difference between the standard privileges and 'View all'/'Modify all'.
Salesforce standard object profile permissions setup
Salesforce custom object profile permissions setup
Object-level security (or object permissions) provide the bluntest way to control data access. Using object permissions, you can prevent a user from seeing, creating, editing, or deleting any instance of a particular object type, such as a lead or opportunity. Object permissions let you hide whole tabs and objects from particular users, so that they don’t even know that type of data exists.
Once object-level security is enabled, the corresponding object will not appear on the Workato platform in object dropdowns on triggers or actions.
# Platform event permissions
In order to use platform events triggers and actions, you need platform events to be enabled in your Salesforce organization. You would need to set
create permissions for the connected user's profile.
Salesforce platform events permissions - profile setup
# Real-time trigger permissions
To use real-time triggers in Salesforce, workflow rules have to be set up in your Salesforce organization. These workflow rules require the
Customize application permission, although the connected user does not need to be the user who sets these rules up. This permission can be found in
Customize application permission - profile setup
# Connecting to custom domains
Salesforce allows custom domains to be defined on both Salesforce organization and Salesforce Communities (opens new window). Workato allows connections to be created to both.
If your Salesforce organization is hosted on a custom domain, connect your account by clicking on 'Use custom domain' on the OAuth 2.0 pop-up. Then, enter your custom domain and the username and password.
Use a custom domain
If you are connecting to a Salesforce community with a custom domain, expand the 'Advanced settings' in the connection. Here, enter your Salesforce community's custom domain before clicking on 'Link your account'. You will see the login page for your community where you can simply enter your username and password to connect.
Use a Salesforce Communities custom domain
# Permissions required for bulk/batch actions
Manage Data Integrations,
View Setup and Configuration and
API Enabled permissions are required on the connected Salesforce User's account to allow all bulk operations to work correctly. View this document (opens new window) for more information.
# Field-level security
Field-level security is available in Permission Sets and Profiles. It is used when users should have access to an object while also having limited access to individual fields in that object. Field-level security—or field permissions—control whether a user can see, edit, and delete the value for a particular field on an object.
They allow the protection of sensitive fields without having to hide the whole object from users. Field permissions are also controlled in permission sets and profiles. Field permissions control the visibility of fields in any part of the app, including related lists, list views, reports, and search results.
If you expect to see a certain mappable field on the Workato platform that cannot be found, field-level security is the likeliest cause. Check with your Salesforce admin if the field you're looking for is enabled for the connected Integration User. As such, it is recommended that all fields are available to the connected user to avoid confusion.
# Working with the Salesforce connector
# Can I connect more than one Salesforce account in a single recipe?
Yes, you may use up to 2. Simply use the Salesforce Secondary app on Workato, and you will be able to use both accounts in a single recipe. Find out more here.
# Best practices
When starting to use Workato with your Salesforce account, we recommend that you either do it on a sandbox account, or test on non-essential pieces of data. This would prevent any loss of crucial data, especially since actions performed through Workato cannot be undone.
# Working with sandboxes on Workato
Salesforce sandboxes are isolated from your Salesforce production organization, so operations that you perform in your sandboxes don’t affect your Salesforce production organization, and conversely. Sandboxes are nearly identical to your Salesforce production organization. For a list of differences, see Sandbox Setup Tips and Considerations (opens new window).
Here is a list of common errors that you may encounter, and links to how to rectify them.
400 Bad Request
Workato connection cannot be established (Connection failed due to server error)
- Check that Workato is not blocked in
Connected Apps OAuth Usage
- Check that Workato is not blocked in