1 of 5

Salesforce

Salesforce is a customer relationship management (CRM) tool used to manage sales and service.

System requirements for Salesforce

Supported editions

Structural is compatible with the following editions of Salesforce:

Professional
Enterprise
Unlimited

Required and supported products

Structural requires Sales Cloud.

It can also support any Salesforce product that is compatible with Sales Cloud.

Structural differences and limitations with Salesforce

Required license: Professional or Enterprise

Table mode limitations

You can only assign the De-Identify or Truncate table modes.

Generator limitations

Salesforce does not support any of the primary key generators. These are:

Alphanumeric String Key
ASCII Key
Integer Key
Numeric String Key
UUID Key

Subsetting limitations

When you configure subsetting for a Salesforce workspace, you cannot filter optional records.

No upsert

Salesforce workspaces do not support upsert.

No post-job scripts

For Salesforce workspaces, there is no option to run post-job scripts after a job.

You can create webhooks that are triggered by data generation jobs.

No output to container artifacts

For Salesforce workspaces, you cannot write the destination data to container artifacts.

No output to an Ephemeral snapshot

For Salesforce workspaces, you cannot write the destination data to an Ephemeral snapshot.

Before you create a Salesforce workspace

Configure Salesforce as an Identity Provider

You must enable Salesforce as an Identity Provider.

This is required for authentication between Salesforce and Structural. It is independent of any existing Salesforce single sign-on (SSO) user login.

Enable Grant API Enabled Access

You must enable Salesforce with Grant API Enabled Access.

This is required for authentication between Salesforce and Structural.

Creating the connected Salesforce application for Structural

For the integration between Structural and Salesforce:

Salesforce is set up as an Identity Provider for Structural
OAuth bearer tokens are used to transparently access Salesforce from Structural.

There are no separate passwords or user secrets. Each user is limited to only the data available based on their available level of access for their Salesforce or Structural account.

Create the application in Salesforce

Log into your Salesforce instance.
Make sure that Salesforce is enabled as an Identity Provider with Grant API Enabled Access.
In the top right corner, click the gear icon, then click Setup.

On the Setup page, in the search field, enter App Manager, then select App Manager.

Click New Connected App.

On the Create a Connected App panel, click Create a Connected App.
On the New Connected App page, under Basic Information, fill in the following fields:
- Connected App Name. We recommend that you include 'Tonic' somewhere in the name. Note that after you create a connected app, you cannot change the name.
- API Name
- Contact Email

Under API (Enable OAuth Settings):
1. Check Enable OAuth Settings.
2. In the Callback URL field, enter the URL of your Structural instance with /oauth2/callback appended to it. For a self-hosted instance, if you do not have access to the Structural URL, contact the Structural administrator at your organization. If your organization has deployed more than one Structural instance, you can enter multiple URLs. For Structural Cloud, the callback URL is https://app.tonic.ai/oath2/callback.
3. Under Selected OAuth Scopes, move the following settings from Available OAuth Scopes to Selected OAuth Scopes:
  - Manage user data via APIs (api)
  - Perform requests at any time (refresh_token, offline_access)
4. Leave the currently checked checkboxes checked.

Navigate to the bottom of the page, then click Save.

Retrieve the consumer key and secret

After you save the new application, to retrieve the consumer key and secret values:

Expand the API (Enable OAuth Settings) section, then click Manage Consumer Details.

Locate and copy the values of Consumer Key and Consumer Secret. You use these to populate the consumer key and secret values in Structural.

Set the consumer key and secret Structural environment settings

Configure the following Structural environment settings, which you can configure from the Environment Settings tab on Structural Settings:

TONIC_SALESFORCE_CONSUMER_KEY - Set to the consumer key value that you copied from Salesforce.
TONIC_SALESFORCE_CONSUMER_SECRET - Set to the consumer secret value that you copied from Salesforce.

If you do not configure these environment settings, then you must provide the consumer key and consumer secret in the workspace configuration. For example, on Structural Cloud, you must always configure the consumer key and secret in the workspace.

Confirming the connected application permissions

After you set up the connected application, the first time that you log in to Salesforce with the user that connects from Structural, Salesforce displays a warning about the additional permissions that are granted to the connected application.

This first login is likely to occur the first time you configure a workspace connection.

It prompts you to confirm those permissions.

If you do not confirm the permissions, then Structural is unable to connect to Salesforce.

Creating the source and destination connections

For a Salesforce workspace, the source and destination data connections must be separate orgs.

The source and destination connections can be production orgs, sandbox orgs, or scratch orgs.

However, the destination connection can only be a scratch org if the source connection is also a scratch org.

Ensuring required Salesforce user permissions

Salesforce users who authorize Structural to connect on their behalf must have the following permissions configured:

Granted the Marketing User option.
Assigned the All Access role.
Assigned the System Administrator profile.
Granted the additional permission Update Records with Inactive Owners.

Making the Update Records with Inactive Owners permission available to grant

Before you can grant the Update Records with Inactive Owners permission, you must make sure that it is available to grant.

To make the permission available:

Go to Setup > User Interface.
Check the Enable “Set Audit Fields upon Record Creation” and “Update Records with Inactive Owners” User Permissions checkbox.
Click Save.

Granting the Update Records with Inactive Owners permission

After you enable the permission, to grant it, you can create and assign a permission set.

To display the permission sets page:

Go to Setup.
Under Administration, click Users, then Permission Sets.

Creating the permission set

To create the permission set:

On the Permission Sets page, click New.

In the Label field, provide a name for the permission set.
Leave License set to None.
Click Save.

Assigning the permission to the permission set

To assign the permission to the permission set:

On the Permission Sets page, under System, click System Permissions.

Under System Permissions, click Edit.

Check the Update owner and sharing-based fields with Inactive Owners permission.

Click Save and then confirm your changes.

Assigning the permission set to the user

To assign the permission set to your user:

From the permission set details, click Manage Assignments.

On the Current Assignments page, click Add Assignment.

On the Select Users to Assign page, elect the user or users that you intend to use with Structural.

Click Next, then confirm the permission set assignments.

Configuring Salesforce workspace data connections

During workspace creation, under Connection Type, click Salesforce.

Connecting to the source data

Before you can configure the source connection, you must create the connection in Salesforce. The source connection can be either a production org, a sandbox org, or a scratch org.

Providing the connected application keys

To connect to the Salesforce application, Structural requires a consumer key and a consumer secret. You get these values from the Salesforce connected application that you created in Salesforce.

You can configure these as the values of the environment settings TONIC_SALESFORCE_CONSUMER_KEY and TONIC_SALESFORCE_CONSUMER_SECRET.

If these environment settings are not configured, for example in Structural Cloud, then under Source Settings, the Connected App Credentials panel is displayed.

In the Consumer Key field, provide the consumer key value.
In the Consumer Secret field, provide the consumer secret value.

Providing and testing the server path

Under Source Settings, to connect to the source connection:

In the Server field, type the path to the source connection server.
Click Authenticate with Salesforce. Structural sends you to Salesforce to authenticate to the source connection. Note that if this is the first time you log in to Salesforce with the user for Structural, you are prompted to confirm the additional permissions that are granted to the connected application.
After you authenticate, to test the connection, click Test Source Connection.

Blocking data generation on all schema changes

By default, data generations are not blocked when schema changes do not conflict with your workspace configuration.

To block data generation when there are any schema changes, regardless of whether they conflict with your workspace configuration, toggle Block data generation on schema changes to the on position.

Connecting to the destination data

Before you can configure the destination connection, you must create the connection in Salesforce.

The destination connection must be either a sandbox org or a scratch org. However, the destination connection can only be a scratch org if the source connection is also a scratch org.

The destination connection must be a separate org from the source connection.

Providing the connected application keys

To connect to the Salesforce application, Structural requires a consumer key and a consumer secret.

If the TONIC_SALESFORCE_CONSUMER_KEY and TONIC_SALESFORCE_CONSUMER_SECRET environment settings are not configured, for example in Structural Cloud, then under Destination Settings, the Connected App Credentials panel is displayed.

To use the same key and secret that you provided under Source Settings, click Copy Settings from Source.

Otherwise:

In the Consumer Key field, provide the consumer key value.
In the Consumer Secret field, provide the consumer secret value.

Providing and testing the server path

Under Destination Settings, to connect to the destination connection:

In the Server field, type the path to the destination connection server.
Click Authenticate with Salesforce. Structural sends you to Salesforce to authenticate to the destination connection.
After you authenticate, to test the connection, click Test Destination Connection.

Configuring Salesforce workspace data connections

During workspace creation, under Connection Type, click Salesforce.

Connecting to the source data

Before you can configure the source connection, you must create the connection in Salesforce. The source connection can be either a production org, a sandbox org, or a scratch org.

Providing the connected application keys

To connect to the Salesforce application, Structural requires a consumer key and a consumer secret. You get these values from the Salesforce connected application that you created in Salesforce.

You can configure these as the values of the environment settings TONIC_SALESFORCE_CONSUMER_KEY and TONIC_SALESFORCE_CONSUMER_SECRET.

If these environment settings are not configured, for example in Structural Cloud, then under Source Settings, the Connected App Credentials panel is displayed.

In the Consumer Key field, provide the consumer key value.
In the Consumer Secret field, provide the consumer secret value.

Providing and testing the server path

Under Source Settings, to connect to the source connection:

In the Server field, type the path to the source connection server.
Click Authenticate with Salesforce. Structural sends you to Salesforce to authenticate to the source connection. Note that if this is the first time you log in to Salesforce with the user for Structural, you are prompted to confirm the additional permissions that are granted to the connected application.
After you authenticate, to test the connection, click Test Source Connection.

Blocking data generation on all schema changes

By default, data generations are not blocked when schema changes do not conflict with your workspace configuration.

Connecting to the destination data

Before you can configure the destination connection, you must create the connection in Salesforce.

The destination connection must be either a sandbox org or a scratch org. However, the destination connection can only be a scratch org if the source connection is also a scratch org.

The destination connection must be a separate org from the source connection.

Providing the connected application keys

To connect to the Salesforce application, Structural requires a consumer key and a consumer secret.

To use the same key and secret that you provided under Source Settings, click Copy Settings from Source.

Otherwise:

In the Consumer Key field, provide the consumer key value.
In the Consumer Secret field, provide the consumer secret value.

Providing and testing the server path

Under Destination Settings, to connect to the destination connection:

In the Server field, type the path to the destination connection server.
Click Authenticate with Salesforce. Structural sends you to Salesforce to authenticate to the destination connection.
After you authenticate, to test the connection, click Test Destination Connection.

Before you create a Salesforce workspace

Configure Salesforce as an Identity Provider

You must enable Salesforce as an Identity Provider.

This is required for authentication between Salesforce and Structural. It is independent of any existing Salesforce single sign-on (SSO) user login.

Enable Grant API Enabled Access

You must enable Salesforce with Grant API Enabled Access.

This is required for authentication between Salesforce and Structural.

Creating the connected Salesforce application for Structural

For the integration between Structural and Salesforce:

Salesforce is set up as an Identity Provider for Structural
OAuth bearer tokens are used to transparently access Salesforce from Structural.

There are no separate passwords or user secrets. Each user is limited to only the data available based on their available level of access for their Salesforce or Structural account.

Create the application in Salesforce

Log into your Salesforce instance.
Make sure that Salesforce is enabled as an Identity Provider with Grant API Enabled Access.
In the top right corner, click the gear icon, then click Setup.

On the Setup page, in the search field, enter App Manager, then select App Manager.

Click New Connected App.

On the Create a Connected App panel, click Create a Connected App.
On the New Connected App page, under Basic Information, fill in the following fields:
- Connected App Name. We recommend that you include 'Tonic' somewhere in the name. Note that after you create a connected app, you cannot change the name.
- API Name
- Contact Email

Under API (Enable OAuth Settings):
1. Check Enable OAuth Settings.
2. In the Callback URL field, enter the URL of your Structural instance with /oauth2/callback appended to it. For a self-hosted instance, if you do not have access to the Structural URL, contact the Structural administrator at your organization. If your organization has deployed more than one Structural instance, you can enter multiple URLs. For Structural Cloud, the callback URL is https://app.tonic.ai/oath2/callback.
3. Under Selected OAuth Scopes, move the following settings from Available OAuth Scopes to Selected OAuth Scopes:
  - Manage user data via APIs (api)
  - Perform requests at any time (refresh_token, offline_access)
4. Leave the currently checked checkboxes checked.

Navigate to the bottom of the page, then click Save.

Retrieve the consumer key and secret

After you save the new application, to retrieve the consumer key and secret values:

Expand the API (Enable OAuth Settings) section, then click Manage Consumer Details.

Locate and copy the values of Consumer Key and Consumer Secret. You use these to populate the consumer key and secret values in Structural.

Set the consumer key and secret Structural environment settings

Configure the following Structural environment settings, which you can configure from the Environment Settings tab on Structural Settings:

TONIC_SALESFORCE_CONSUMER_KEY - Set to the consumer key value that you copied from Salesforce.
TONIC_SALESFORCE_CONSUMER_SECRET - Set to the consumer secret value that you copied from Salesforce.

Confirming the connected application permissions

This first login is likely to occur the first time you configure a workspace connection.

It prompts you to confirm those permissions.

If you do not confirm the permissions, then Structural is unable to connect to Salesforce.

Creating the source and destination connections

For a Salesforce workspace, the source and destination data connections must be separate orgs.

The source and destination connections can be production orgs, sandbox orgs, or scratch orgs.

However, the destination connection can only be a scratch org if the source connection is also a scratch org.

Ensuring required Salesforce user permissions

Salesforce users who authorize Structural to connect on their behalf must have the following permissions configured:

Granted the Marketing User option.
Assigned the All Access role.
Assigned the System Administrator profile.
Granted the additional permission Update Records with Inactive Owners.

Making the Update Records with Inactive Owners permission available to grant

Before you can grant the Update Records with Inactive Owners permission, you must make sure that it is available to grant.

To make the permission available:

Go to Setup > User Interface.
Check the Enable “Set Audit Fields upon Record Creation” and “Update Records with Inactive Owners” User Permissions checkbox.
Click Save.