Integrating with Salesforce CRM

  • Release version: Xanadu
  • Updated August 1, 2024
  • 15 minutes to read

    • Integrating your Software Asset Management application with the Salesforce customer relationship management (CRM) services enable you to track your software subscriptions and to reclaim unused licenses.

    Note:

    If you’re using Software Asset Workspace, use SaaS Playbook for integrating your ServiceNow instance with the Salesforce CRM. For more information about creating a Salesforce CRM integration profile through Playbook, see Create a Salesforce CRM integration.

    The supported Salesforce CRM services include
    • Salesforce Sales Cloud
    • Salesforce Service Cloud
    • Salesforce Platform
    • Salesforce Customer Community
    • Salesforce Partner Community
    • Salesforce Company Community
    • Salesforce Chatter
    Both Salesforce Classic and Salesforce Lightning organizations are supported.
    Note:
    You can track entitlements for other services that you pay for but aren’t user subscription based by using custom license metrics. See Add a custom license metric for more details on how to create a custom license metric.

    The Salesforce account that you use to connect the integration requires a Salesforce user license and the following user access permissions.

    Important:
    Minimize security risks and protect information by granting access only to the necessary user or API permissions.
    Table 1. Minimal user permissions
    Process Required user role in the Salesforce CRM application Authentication scopes
    Download subscriptions User with the following permissions:
    • View Setup and Configuration
    • Customize Application
    • Manage Connected Apps
    • API Enabled
    • manage your data (api)
    • Perform requests on your behalf at any time (refresh_token, offline access)
    Pull user activity User with the following permissions:
    • View Setup and Configuration
    • Customize Application
    • Manage Connected Apps
    • API Enabled
    • manage your data (api)
    • Perform requests on your behalf at any time (refresh_token, offline access)
    Reclaim subscription User with Admin permissions
    • manage your data (api)
    • Perform requests on your behalf at any time (refresh_token, offline access)
    Download consumption User with the following permissions:
    • View Setup and Configuration
    • Customize Application
    • Manage Connected Apps
    • API Enabled
    • manage your data (api)
    • Perform requests on your behalf at any time (refresh_token, offline access)

    For additional information on the Salesforce CRM services, see the Salesforce Developer Documentation.

    Register a Salesforce application

    Register an application through the Salesforce admin portal.

    Before you begin

    Salesforce Role required: admin

    Procedure

    1. Log in to Salesforce.
      You can also switch from the Lightning UI.
    2. Select the setup icon Gear icon and then select Setup.
    3. Search for and select App Manager in the setup page search bar.
    4. On the App Manager page, select New External Client App to create an external client application.
    5. On the form, fill in the fields.
      Table 2. New Connection App form
      Field Description
      Basic Information
      External Client App Name Name of your application.
      API Name Name of the API. This field is automatically populated.
      Contact Email The email address that you want to associate with the application.
      Distribution State The scope of distribution of the application.

      Select Local as the distribution state.
      Contact Phone The phone number that you want to associate with the application.
      Info URL The URL of the web page with more information about your application.
      Logo URL The URL of your logo image that is displayed with the connected application.
      Icon URL The URL of the icon for the connected application.
      Description Description of the application.
      API (Enable OAuth Settings)
      Enable OAuth Option to enable OAuth settings.

      Select this option to enable the OAuth settings.
      Callback URL URL of the OAuth provider that users are redirected to after authentication.

      Enter https://instance.service-now.com/oauth_redirect.do, where <instance> is the name of your ServiceNow instance.
      OAuth Scopes OAuth scopes that determine the amount of access that is granted to an access token. The following values are required:
      • Manage user data via APIs (api)
      • Perform requests at any time (refresh_token, offline_access)
      Security
      Require Secret for Web Server Flow Enable this option to implement the Require Secret for Web Server Flow in your external client app or connected app settings.
      Require Secret for Refresh Token Flow Enable this option in your external client app or connected app while implementing the refresh token flow using a server-side callback handler.
      Require Proof Key for Code Exchange (PKCE) Extension for Supported Authorization Flows Clear this option.
    6. Select Create.
      The application registration is complete and you're redirected to the Manage External Client Apps page.
    7. Verify and edit the policies for the registered application by selecting Edit.
    8. In the OAuth Policies section, verify that the Permitted Users field is set to Admin approved users are pre-authorized for the ServiceNow application.
      Note:
      Admin-approved users who are preauthorized enable any users with the corresponding profile or permission set to access the application without prior authorization. For more information, see Pre-Authorize User App Access Through Connected App Policies.
    9. In the App Policies section, select either the profile of the integration user or the profile of the user that you want to use for the integration.
    10. In the App Authorization section, verify that the Refresh token policy field is set to Refresh token is valid until revoked and the IP Relaxation field is set to Relax IP restrictions.
    11. Select Save.
    12. Retrieve OAuth credentials.
      1. Navigate to Settings > OAuth Settings and then select Consumer Key and Secret.
        The Salesforce login page opens in a new window.
      2. Enter your credentials to log in to Salesforce.
      3. Copy the Consumer Key and Consumer Secret and save them in a secure location for later use.

    Create a Salesforce CRM integration profile

    Create an integration profile to track software subscriptions and optimize licensing for the Salesforce CRM services.

    Note:
    You must create Salesforce CRM integration only in the Global scope.

    Create your first Salesforce CRM integration profile

    Create an integration profile for the first Salesforce organization that you want to track software subscriptions and optimize licensing for.

    Before you begin

    To create a Salesforce CRM integration profile, request the Software Asset Management - SaaS License Management plugin (sn_sam_saas_int) from the ServiceNow Store.

    ServiceNow Role required: sam_integrator or admin

    About this task

    If you’re using Software Asset Workspace, the option to create the Salesforce CRM integration profile in Core UI is inactive.

    Procedure

    1. Navigate to the integration profile.
      InterfaceAction
      Core UI
      1. Navigate to All > Software Asset > SaaS License > Direct Integration Profiles.
      2. Select New.
      3. Select Salesforce CRM Integration Profile.
      Software Asset Workspace
      1. Navigate to License operations > User Subscriptions > Direct integration profiles.
      2. Select New.
      3. Select Salesforce CRM from the drop-down list.
      4. Select Continue.

        The Playbook launches for Salesforce CRM integration and the next steps aren't valid. For more information, see Create a Salesforce CRM integration.
    2. On the form, fill in the fields.
      Table 3. Integration Profile form
      Field Description
      Display name Name of the integration profile.
      Enter a name that uniquely identifies the Salesforce organization for which you’re creating this integration profile. For example, SFDC Org1.
      Tip:
      Keep this name short to help it displays better during reporting.
      Connection & Credential Connection and credential alias for Salesforce.

      For your first Salesforce CRM integration profile, use the default connection and credential alias that populates automatically.
      Status Status of the integration profile.
      • If you have not published the integration profile, this field is automatically set to Draft.
      • If you have already published the integration profile, this field is automatically set to Published.
      Profile type Type of integration profile. This value is automatically set to Salesforce CRM.
    3. On the Download Subscription Subflow tab, verify that the Subflow field is set to Salesforce CRM Download Subscriptions.
      You can view events performed by individual users up to one year prior to the current date. For more information, see Review a software reclamation rule.
      Note:
      Software Asset Management pulls the events from the time that you start downloading user subscriptions irrespective of the profile creation date.
    4. On the Reclaim Subscription Subflow tab, verify that the Subflow field is set to Salesforce CRM Reclaim Subscription.
    5. On the Download Consumption Subflow tab, verify that the Subflow field is set to Salesforce CRM Download Consumption.
    6. Select Save.
      Note:
      The Calculate Activity Subflow isn’t required for Salesforce CRM integrations because these integrations use information about last user login from the user records.
      Your instance creates a draft integration profile. You can view consumption counts for the specific consumption based Salesforce CRM application.

      The Connection & Credential field appears and is automatically set to sn_sforce_v2_spoke.Salesforce.

    7. Open the connection & credential aliases record by selecting the preview icon (Preview icon.) next to the Connection & Credential field to configure the child alias.
    8. Select Open Record in the record preview.
    9. On the Connection & Credential Aliases form, select the Create New Connection & Credential related link.
    10. In the Create Connection and Credential dialog box, fill in the fields.
      Table 4. Create Connection and Credential dialog box
      Field Description
      Connection Name Name of the connection.

      Enter a name that uniquely identifies the Salesforce organization for which you’re creating this connection and credential. For example, SFDC Org1.
      Connection URL (Instance URL) URL that displays after logging in to Salesforce or your custom domain URL of Salesforce.
      OAuth Client ID Client ID (consumer key) that is assigned to your Salesforce application.
      OAuth Client Secret Client secret (consumer secret) that is assigned to your Salesforce application.
      OAuth Redirect URL URL of the OAuth provider that users are redirected to after authentication.

      This field populates automatically based on the callback URL that you specified in Register a Salesforce application.
    11. Select Create and Get OAuth Token.
      Note:
      For the role required to perform this step, refer to the Minimal user permissions table.
    12. In the OAuth2 dialog box, log in to the same Salesforce admin account that you used to create your Salesforce application.
      Tip:
      If the dialog box doesn’t open automatically, check to make sure that pop-ups are allowed on your browser.
      Your ServiceNow instance creates an OAuth token for Salesforce and then automatically returns you to the Integration Profile form.
    13. Select Publish.

    Result

    After you publish the integration profile, your ServiceNow instance begins retrieving data from your Salesforce CRM services. For organizations with fewer than 100 users, this process typically takes only a few minutes to complete. For organizations with 100–5000 users, this process can take around 15 minutes to complete. For organizations with over 5000 users, this process can take over one hour to complete.

    What to do next

    After the integration connects, your ServiceNow instance automatically creates software models, reclamation rules, and software subscriptions that are refreshed daily.

    If you want to set up multiple integration profiles with unique connections, create child aliases to manage different configurations and settings for each integration profile. For more information, see Create a child alias to set up multiple integration profiles.

    Review all automatically generated reclamation rules to reclaim user subscriptions. For more information, see Review a software reclamation rule.

    Create software entitlements for the automatically generated software models to track used software against owned software.
    Reconciliation also runs on your subscriptions as a scheduled job or on-demand. You can view your reconciliation results in the License Workbench (Software Asset Management classic application) or the License usage view (Software Asset Workspace). Use these results to determine your license compliance position and to remediate any non-compliance.

    Create additional Salesforce CRM integration profiles

    Create an integration profile for each additional Salesforce organization that you want to track software subscriptions and optimize licensing for.

    Before you begin

    To create a Salesforce CRM integration profile, request the Software Asset Management - SaaS License Management plugin (sn_sam_saas_int) from the ServiceNow Store.

    ServiceNow Role required: sam_integrator or admin

    About this task

    If you’re using Software Asset Workspace, the option to create the Salesforce CRM integration profile in Core UI is inactive.

    Procedure

    1. Navigate to the integration profile.
      InterfaceAction
      Core UI
      1. Navigate to All > Software Asset > SaaS License > Direct Integration Profiles.
      2. Select New.
      3. Select Salesforce CRM Integration Profile.
      Software Asset Workspace
      1. Navigate to License operations > User Subscriptions > Direct integration profiles.
      2. Select New.
      3. Select Salesforce CRM from the drop-down list.
      4. Select Continue.

        The Playbook launches for Salesforce CRM integration and the next steps aren't valid. For more information, see Create a Salesforce CRM integration.
    2. On the form, fill in the fields.
      Table 5. Integration Profile form
      Field Description
      Display name Name of the integration profile.
      Enter a name that uniquely identifies the Salesforce organization for which you’re creating this integration profile. For example, SFDC Org2.
      Tip:
      Keep this name short to help it display better during reporting.
      Status Status of the integration profile.
      • If you have not published the integration profile, this field is automatically set to Draft.
      • If you have already published the integration profile, this field is automatically set to Published.
      Profile type Type of integration profile. This value is automatically set to Salesforce CRM.
    3. On the Download Subscription Subflow tab, verify that the Subflow field is set to Salesforce CRM Download Subscriptions.
      You can view events performed by individual users up to one year prior to the current date. For more information, see Review a software reclamation rule.
      Note:
      Software Asset Management pulls the events from the time that you start downloading user subscriptions irrespective of the profile creation date.
    4. On the Reclaim Subscription Subflow tab, verify that the Subflow field is set to Salesforce CRM Reclaim Subscription.
    5. On the Download Consumption Subflow tab, verify that the Subflow field is set to Salesforce CRM Download Consumption.
    6. Select Save.
      Note:
      The Calculate Activity subflow isn’t required for Salesforce CRM integrations because these integrations use information about last user logins from the user records.
      Your instance creates a draft integration profile. You can view consumption counts for the specific consumption based Salesforce CRM application.

      The Connection & Credential field appears and is automatically set to sn_sforce_v2_spoke.Salesforce.

    7. Select the preview icon (Preview icon.) next to the Connection & Credential field to open the connection & credential aliases record.
    8. Select Open Record in the record preview.
    9. On the Connection & Credential Aliases form, create a child alias that can uniquely identify the connection and credentials for this integration profile.
      The first Salesforce CRM integration profile that you create uses the default (parent) connection and credential alias for Salesforce. Each additional Salesforce CRM integration profile that you create requires a unique child alias that helps differentiate the connection and credentials between each integration profile.
      1. Select the link under Child Aliases > Parentalias=*** to add child aliases.
      2. Select New.
        The Connection & Credential Aliases form for the child alias opens.
      3. Enter a name for the child alias in the Name field.
      4. Select and hold (or right-click) the form header and then select Save.
      5. After the form reloads, select the Create New Connection & Credential related link.
      6. In the Create Connection and Credential dialog box, fill in the fields.
        Table 6. Create Connection and Credential dialog box
        Field Description
        Connection Name Name of the connection.

        Enter a name that uniquely identifies the Salesforce organization for which you’re creating this connection and credential. For example, SFDC Org2.
        Connection URL (Instance URL) URL of the Salesforce instance that you’re connecting to through this integration.
        OAuth Client ID Client ID (consumer key) that is assigned to your Salesforce application.
        OAuth Client Secret Client secret (consumer secret) that is assigned to your Salesforce application.
        OAuth Redirect URL URL of the OAuth provider that users are redirected to after authentication.

        This field populates automatically based on the callback URL that you specified in Register a Salesforce application.
      7. Select Create and Get OAuth Token.
        Note:
        For the role required to perform this step, refer to the Minimal user permissions table.
      8. In the OAuth2 dialog box, log in to the same Salesforce admin account that you used to register your Salesforce application.
        Tip:
        If the dialog box doesn’t open automatically, check to make sure that pop-ups are allowed on your browser.
        Your ServiceNow instance creates an OAuth token for Salesforce and then automatically returns you to the Connection & Credential Aliases form.
    10. Return to your integration profile by navigating to SaaS License > Administration > Direct Integration Profiles and then selecting the profile from the Integration Profiles list.
    11. In the Connection & Credential field of the Integration Profile form, select the lookup icon to locate and select the child alias that you created in step 8.
      Selecting the child alias associates the alias with the integration profile. Your ServiceNow instance uses this alias to identify the connection and credentials for this integration profile.
    12. Select Publish.

    Result

    After you publish the integration profile, your ServiceNow instance begins retrieving data from your Salesforce CRM services. For organizations with fewer than 100 users, this process typically takes only a few minutes to complete. For organizations with 100-5000 users, this process can take around 15 minutes to complete. For organizations with over 5000 users, this process can take over one hour to complete.

    What to do next

    After the integration connects, your ServiceNow instance automatically creates software models, reclamation rules, and software subscriptions that are refreshed daily.

    If you want to set up multiple integration profiles with unique connections, create child aliases to manage different configurations and settings for each integration profile. For more information, see Create a child alias to set up multiple integration profiles.

    Review all automatically generated reclamation rules to reclaim user subscriptions. For more information, see Review a software reclamation rule.

    Create software entitlements for the automatically generated software models to track used software against owned software.
    Reconciliation also runs on your subscriptions as a scheduled job or on-demand. You can view your reconciliation results in the License Workbench (Software Asset Management classic application) or the License usage view (Software Asset Workspace). Use these results to determine your license compliance position and to remediate any non-compliance.