Connect Salesforce
Stay organized with collections Save and categorize content based on your preferences.

This page describes how to connect Salesforce to Agentspace Enterprise.

Before you begin

Before setting up your connection, do the following:

Use either an Enterprise or a Developer plan. Trial accounts are not supported.
Set up access control for your data source. For information about setting up access control, see Use data source access control.
Ensure that the Salesforce CORS allowlist contains Google Cloud.
1. To configure the allowlist, see Enable CORS for OAuth Endpoints.
2. To include Google Cloud, add https://console.cloud.google.com/ as the origin URL, and save your configuration.

Create a connected app in Salesforce

You must set up Vertex AI Search as a connected app in Salesforce for API integration.

After you connect Vertex AI Search as a connected app, you can obtain the following authentication information that is needed to create a Salesforce connector in Agentspace Enterprise.

Instance URL
Consumer ID or client ID
Consumer secret or client key

To enable OAuth 2.0 and obtain the authentication information, do the following:

In your Salesforce app, click the setup icon, and then select Setup.

Select Setup for your Salesforce app
Enter Apps in the Quick Find box and select App manager.

Find your App Manager and create new connected app
Click New connected app.
In the creation page for the new connected app, add the basic information for your app, such as the app name, your contact details, and a logo to identify your app. For more information, see Configure Basic Connected App Settings.
In the API (Enable OAuth Settings) section, configure the following OAuth settings. For more information, see Enable OAuth Settings for API Integration.

Enable and configure OAuth settings
1. Select Enable OAuth Settings.
2. Specify the callback URL as https://vertexaisearch.cloud.google.com/console/oauth/salesforce_oauth.html.
3. In the Selected OAuth scopes section, add Full Access(full) and Perform request at any time (refresh_token, offline_access). For more information, see OAuth Tokens and Scopes.
4. Select Enable Client Credentials Flow.
5. Select Enable Authorization Code and Credentials Flow.
6. Select the Require user credentials in the POST body for Authorization Code and Credentials Flow.
Click Save to create the connected app.
Enter Manage connected apps in the Quick Find box and select Manage connected apps.
Find your app in the list, select Edit, and then on the connected app details page select Edit policies to configure the following details:

Manage the connected app and edit its policies
1. Set IP Relaxation to Relax IP restrictions.
  
  Additional setup for the connected app and client credentials flow
  
  This option determines whether the access to the connected app is restricted by IP ranges. IP restrictions are enforced based on how they're set in the user profile. You must verify whether an organization-wide IP ranges enforcement is configured in the user settings. If Enforce login IP ranges on every request is enabled, then setting the IP Relaxation option to Relax IP restrictions doesn't remove the IP restrictions. For more information, see Connected App IP Relaxation and Continuous IP Enforcement. If you want to enforce IP restrictions in the connected app, set up trusted IP. For more information, see Configure Trusted IP Ranges for a Connected App If you don't want to have any IP access restrictions, ensure that the Enforce login IP ranges on every request isn't selected.
2. Set Refresh Token Policy to Refresh token is valid until revoked.
3. Set Permitted Users to All users may self-authorize.
4. In the Client Credentials Flow section, specify a Run As user. This user must have read permissions to all the entities that the user needs the connector to extract.
Click Save.
Enter OAuth and openID connect settings in the Quick Find box, select OAuth and OpenId Connect Settings, and then enable Allow Authorization Code and Credentials Flows

Set OAuth and openID connect settings
Get the instance URL:
1. Enter My domain in the Quick Find box and select My Domain.
  
  Copy your app's domain name
2. Copy the domain that ends in my.salesforce.com.
3. Add https:// to the beginning of the copied domain. This is the instance URL that you need when you create the Salesforce connector in Agentspace Enterprise. The instance URL must be in the following format: https://<var>DOMAIN_NAME</var>.my.salesforce.com</var>.
Get the consumer ID and consumer key.
1. Go to App manager, locate your app, and in the options, select View.
  
  View app details
2. Click Manage Customer Details.
  
  Click Manage Consumer Details button
3. If prompted, verify your identity.
4. Copy the consumer details.
  
  Copy the consumer key and secret
  
  This is the instance URL that you need when you create the Salesforce connector in Agentspace Enterprise.
  
  If Refresh token is enabled, ensure that the token is refreshed and that you copy the latest token when you create the Salesforce connector in the Agentspace Enterprise.

Create a Salesforce connector

Console

To use the Google Cloud console to sync data from Salesforce to Agentspace Enterprise , follow these steps:

In the Google Cloud console, go to the Agentspace page.

Agentspace
In the navigation menu, click Data stores.
Click Create data store.
On the Select a data source page, scroll or search for Salesforce to connect your third-party source.
Enter your Salesforce authentication information.
Select which entities to sync and click Continue.
Select a region for your data store.
Enter a name for your data store.
Select a synchronization frequency. After you set up your data source and import data the first time, the data store syncs data from that source at a frequency that you select during setup.
Click Create. Agentspace Enterprise creates your data store and displays your data stores on the Data stores page.
To check the status of your ingestion, go to the Data stores page and click your data store name to see details about it on its Data page. The Connector state changes from Creating to Running when it starts synchronizing data. When ingestion is complete, the state changes to Active to indicate that the connection to your data source is set up and awaiting the next scheduled synchronization.

Depending on the size of your data, ingestion can take minutes or hours.

Next steps

To attach your data store to an app, create an app and select your data store following the steps in Create an app.
To preview how your search results appear after your app and data store are set up, see Preview search results. If you used third-party access control, see Preview results for apps with third-party access control.
To enable alerts for the data store, see Configure alerts for third-party data stores.