# Configuring Salesforce workspace data connections During workspace creation, under **Connection Type**, click **Salesforce**. ## Connecting to the source data Before you can configure the source connection, you must create the connection in Salesforce. The source connection can be either a production org, a sandbox org, or a scratch org. ### **Providing the connected application keys** To connect to the Salesforce application, Structural requires a consumer key and a consumer secret. You get these values from the Salesforce connected application that you created in Salesforce. You can configure these as the values of the [environment settings](https://docs.tonic.ai/app/admin/environment-variables-setting) `TONIC_SALESFORCE_CONSUMER_KEY` and `TONIC_SALESFORCE_CONSUMER_SECRET`. If these environment settings are not configured, for example in Structural Cloud, then under **Source Settings**, the **Connected App Credentials** panel is displayed. 1. In the **Consumer Key** field, provide the consumer key value. 2. In the **Consumer Secret** field, provide the consumer secret value. ### **Providing and testing the server path** Under **Source Settings**, to connect to the source connection: 1. In the **Server** field, type the path to the source connection server. 2. Click **Authenticate with Salesforce**.\ \ Structural sends you to Salesforce to authenticate to the source connection.\ \ Note that if this is the first time you log in to Salesforce with the user for Structural, you are prompted to confirm the additional permissions that are granted to the connected application. 3. After you authenticate, to test the connection, click **Test Source Connection**. ## Connecting to the destination data Before you can configure the destination connection, you must create the connection in Salesforce. The destination connection must be either a sandbox org or a scratch org. However, the destination connection can only be a scratch org if the source connection is also a scratch org. The destination connection must be a separate org from the source connection. ### **Providing the connected application keys** To connect to the Salesforce application, Structural requires a consumer key and a consumer secret. If the `TONIC_SALESFORCE_CONSUMER_KEY` and `TONIC_SALESFORCE_CONSUMER_SECRET` [environment settings](https://docs.tonic.ai/app/admin/environment-variables-setting) are not configured, for example in Structural Cloud, then under **Destination Settings**, the **Connected App Credentials** panel is displayed. To use the same key and secret that you provided under **Source Settings**, click **Copy Settings from Source**. Otherwise: 1. In the **Consumer Key** field, provide the consumer key value. 2. In the **Consumer Secret** field, provide the consumer secret value. ### **Providing and testing the server path** Under **Destination Settings**, to connect to the destination connection: 1. In the **Server** field, type the path to the destination connection server. 2. Click **Authenticate with Salesforce**.\ \ Structural sends you to Salesforce to authenticate to the destination connection. 3. After you authenticate, to test the connection, click **Test Destination Connection**. ## De-identifying Salesforce users in the destination data If **Scramble Specific Users’ Data** is enabled for the destination org, then you can configure the workspace to de-identify Salesforce users in the destination data. To de-identify Salesforce users, toggle **De-identify Salesforce Users** to the on position. ### Excluding users from de-identification Salesforce automatically excludes from de-identification specific internal users and users that have specific roles. To exclude other users from de-identification, in the **Excluded usernames** field, type a comma-separated list of the users to exclude. ### Salesforce internal users that cannot be de-identified The following internal users are never de-identified: * Automated User * Platform Integration User * Analytics Cloud Integration User * Analytics Cloud Security User * Sales Insights Integration User * Structural user ### Salesforce roles for which users cannot be de-identified Users who have the following roles cannot be de-identified. If you need to de-identify a user that has one of these roles, then before you run data generation, you must assign a different user to the role. | Salesforce role | Where to configure | | -------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------- | | Owner or recipient in Email Alerts | Salesforce Setup > Email Alerts | | Default Workflow User | Salesforce Setup > Process Automation Settings | | Default Case Owner or Automated Case User | Salesforce Setup > Support Settings | | Default Lead Creator (Web-to-Lead) | Salesforce Setup > Web-to-Lead | | Default Lead Owner | Salesforce Setup > Lead Settings | | Owner in Assignment Rules (Lead, Case, or Territory) |

Salesforce Setup > Lead Assignment Rules

Salesforce Setup > Case Assignment Rules

Salesforce Setup > Territory Rules

| | Owner or recipient in Escalation Rules | Salesforce Setup > Escalation Rules | | Owner or recipient in Auto-Response Rules (Lead or Case) |

Salesforce Setup > Lead Auto-Response Rules

Salesforce Setup > Case Auto-Response Rules

| | Hard-coded user in Apex, Flows, or Process Builder |

Salesforce Setup > Flows

Salesforce Setup > Process Builder

Salesforce Setup > Apex Classes

|