OpenMetadata/openmetadata-docs/content/v1.4.x/connectors/database/salesforce/yaml.md

---
title: Run the Salesforce Connector Externally
slug: /connectors/database/salesforce/yaml
---

{% connectorDetailsHeader
name="Salesforce"
stage="PROD"
platform="OpenMetadata"
availableFeatures=["Metadata"]
unavailableFeatures=["Query Usage", "Data Profiler", "Data Quality", "dbt", "Lineage", "Column-level Lineage", "Stored Procedures", "Owners", "Tags"]
/ %}

In this section, we provide guides and references to use the Salesforce connector.

Configure and schedule Salesforce metadata and profiler workflows from the OpenMetadata UI:

- [Requirements](#requirements)
- [Metadata Ingestion](#metadata-ingestion)
- [Enable Security](#securing-salesforce-connection-with-ssl-in-openmetadata)

{% partial file="/v1.4/connectors/external-ingestion-deployment.md" /%}

## Requirements

Following are the permissions you will require to fetch the metadata from Salesforce.

**API Access**: You must have the API Enabled permission in your Salesforce organization.

**Object Permissions**: You must have read access to the Salesforce objects that you want to ingest.


### Python Requirements

{% partial file="/v1.4/connectors/python-requirements.md" /%}

To run the Salesforce ingestion, you will need to install:

```bash
pip3 install "openmetadata-ingestion[salesforce]"
```

## Metadata Ingestion

All connectors are defined as JSON Schemas.
[Here](https://github.com/open-metadata/OpenMetadata/blob/main/openmetadata-spec/src/main/resources/json/schema/entity/services/connections/database/salesforceConnection.json)
you can find the structure to create a connection to Salesforce.

In order to create and run a Metadata Ingestion workflow, we will follow
the steps to create a YAML configuration able to connect to the source,
process the Entities if needed, and reach the OpenMetadata server.

The workflow is modeled around the following
[JSON Schema](https://github.com/open-metadata/OpenMetadata/blob/main/openmetadata-spec/src/main/resources/json/schema/metadataIngestion/workflow.json)

### 1. Define the YAML Config

This is a sample config for Salesforce:

{% codePreview %}

{% codeInfoContainer %}

#### Source Configuration - Service Connection

{% codeInfo srNumber=1 %}

**username**: Username to connect to the Salesforce. This user should have the access as defined in requirements.

{% /codeInfo %}

{% codeInfo srNumber=2 %}

**password**: Password to connect to Salesforce.

{% /codeInfo %}

{% codeInfo srNumber=4 %}

**securityToken**: Salesforce Security Token is required to access the metadata through APIs. You can checkout [this doc](https://help.salesforce.com/s/articleView?id=sf.user_security_token.htm&type=5) on how to get the security token.

{% /codeInfo %}

{% codeInfo srNumber=5 %}

**sobjectName**: Specify the Salesforce Object Name in case you want to ingest a specific object.  If left blank, we will ingest all the Objects.

{% /codeInfo %}

{% codeInfo srNumber=6 %}

**salesforceApiVersion**: Follow the steps mentioned [here](https://help.salesforce.com/s/articleView?id=000386929&type=1) to get the API version. Enter the numerical value in the field, For example `42.0`.

{% /codeInfo %}

{% codeInfo srNumber=7 %}

**salesforceDomain**: When connecting to Salesforce, you can specify the domain to use for accessing the platform. The common domains include `login` and `test`, and you can also utilize Salesforce My Domain.
By default, the domain `login` is used for accessing Salesforce.

{% /codeInfo %}

{% partial file="/v1.4/connectors/yaml/database/source-config-def.md" /%}

{% partial file="/v1.4/connectors/yaml/ingestion-sink-def.md" /%}

{% partial file="/v1.4/connectors/yaml/workflow-config-def.md" /%}

#### Advanced Configuration

{% codeInfo srNumber=8 %}

**Connection Options (Optional)**: Enter the details for any additional connection options that can be sent to database during the connection. These details must be added as Key-Value pairs.

{% /codeInfo %}

{% codeInfo srNumber=9 %}

**Connection Arguments (Optional)**: Enter the details for any additional connection arguments such as security or protocol configs that can be sent to database during the connection. These details must be added as Key-Value pairs.

- In case you are using Single-Sign-On (SSO) for authentication, add the `authenticator` details in the Connection Arguments as a Key-Value pair as follows: `"authenticator" : "sso_login_url"`

{% /codeInfo %}

{% /codeInfoContainer %}

{% codeBlock fileName="filename.yaml" %}

```yaml {% isCodeBlock=true %}
source:
  type: salesforce
  serviceName: local_salesforce
  serviceConnection:
    config:
      type: Salesforce
```
```yaml {% srNumber=1 %}
      username: username
```
```yaml {% srNumber=2 %}
      password: password
```
```yaml {% srNumber=4 %}
      securityToken: securityToken
```
```yaml {% srNumber=5 %}
      sobjectName: sobjectName
```
```yaml {% srNumber=6 %}
      salesforceApiVersion: 42.0
```
```yaml {% srNumber=7 %}
      salesforceDomain: login
```
```yaml {% srNumber=8 %}
      # connectionOptions:
      #   key: value
```
```yaml {% srNumber=9 %}
      # connectionArguments:
      #   key: value
```

{% partial file="/v1.4/connectors/yaml/database/source-config.md" /%}

{% partial file="/v1.4/connectors/yaml/ingestion-sink.md" /%}

{% partial file="/v1.4/connectors/yaml/workflow-config.md" /%}

{% /codeBlock %}

{% /codePreview %}

{% partial file="/v1.4/connectors/yaml/ingestion-cli.md" /%}

## Securing Salesforce Connection with SSL in OpenMetadata

To establish secure connections between OpenMetadata and Salesforce, navigate to the Advanced Config section. Here, you can provide the CA certificate used for SSL validation by specifying the `caCertificate`.Alternatively, if both client and server require mutual authentication, you'll need to use all three parameters: `ssl_key`, `ssl_cert`, and `ssl_ca`. In this case, `ssl_cert` is used for the client’s SSL certificate, `ssl_key` for the private key associated with the SSL certificate, and `ssl_ca` for the CA certificate to validate the server’s certificate.

```yaml
      sslConfig:
            caCertificate: "/path/to/ca_certificate"
            sslCertificate: "/path/to/your/ssl_cert"
            sslKey: "/path/to/your/ssl_key"
```
-												docs: 1.4.x-SNAPSHOT (#15506)

* docs: 1.4.x-SNAPSHOT
added partials
added images
updated paths
											
										
										
											2024-03-11 10:42:26 +01:00
+								---
 								title: Run the Salesforce Connector Externally
 								slug: /connectors/database/salesforce/yaml
 								---
 								{% connectorDetailsHeader
 								name="Salesforce"
 								stage="PROD"
 								platform="OpenMetadata"
 								availableFeatures=["Metadata"]
 								unavailableFeatures=["Query Usage", "Data Profiler", "Data Quality", "dbt", "Lineage", "Column-level Lineage", "Stored Procedures", "Owners", "Tags"]
 								/ %}
 								In this section, we provide guides and references to use the Salesforce connector.
 								Configure and schedule Salesforce metadata and profiler workflows from the OpenMetadata UI:
 								- [Requirements](#requirements)
 								- [Metadata Ingestion](#metadata-ingestion)
-												Doc: Updating Database Connector Docs for SSL (#17269)

Co-authored-by: Prajwal Pandit <prajwalpandit@Prajwals-MacBook-Air.local>
											
										
										
											2024-08-07 11:41:00 +05:30
+								- [Enable Security](#securing-salesforce-connection-with-ssl-in-openmetadata)
-												docs: 1.4.x-SNAPSHOT (#15506)

* docs: 1.4.x-SNAPSHOT
added partials
added images
updated paths
											
										
										
											2024-03-11 10:42:26 +01:00
 								{% partial file="/v1.4/connectors/external-ingestion-deployment.md" /%}
 								## Requirements
 								Following are the permissions you will require to fetch the metadata from Salesforce.
 								**API Access**: You must have the API Enabled permission in your Salesforce organization.
 								**Object Permissions**: You must have read access to the Salesforce objects that you want to ingest.
 								### Python Requirements
-												docs cleanup (#16216)


											
										
										
											2024-05-10 13:18:35 +05:30
+								{% partial file="/v1.4/connectors/python-requirements.md" /%}
-												docs: 1.4.x-SNAPSHOT (#15506)

* docs: 1.4.x-SNAPSHOT
added partials
added images
updated paths
											
										
										
											2024-03-11 10:42:26 +01:00
+								To run the Salesforce ingestion, you will need to install:
 								```bash
 								pip3 install "openmetadata-ingestion[salesforce]"
 								```
 								## Metadata Ingestion
 								All connectors are defined as JSON Schemas.
 								[Here](https://github.com/open-metadata/OpenMetadata/blob/main/openmetadata-spec/src/main/resources/json/schema/entity/services/connections/database/salesforceConnection.json)
 								you can find the structure to create a connection to Salesforce.
 								In order to create and run a Metadata Ingestion workflow, we will follow
 								the steps to create a YAML configuration able to connect to the source,
 								process the Entities if needed, and reach the OpenMetadata server.
 								The workflow is modeled around the following
 								[JSON Schema](https://github.com/open-metadata/OpenMetadata/blob/main/openmetadata-spec/src/main/resources/json/schema/metadataIngestion/workflow.json)
 								### 1. Define the YAML Config
 								This is a sample config for Salesforce:
 								{% codePreview %}
 								{% codeInfoContainer %}
 								#### Source Configuration - Service Connection
 								{% codeInfo srNumber=1 %}
 								**username**: Username to connect to the Salesforce. This user should have the access as defined in requirements.
 								{% /codeInfo %}
 								{% codeInfo srNumber=2 %}
 								**password**: Password to connect to Salesforce.
 								{% /codeInfo %}
 								{% codeInfo srNumber=4 %}
 								**securityToken**: Salesforce Security Token is required to access the metadata through APIs. You can checkout [this doc](https://help.salesforce.com/s/articleView?id=sf.user_security_token.htm&type=5) on how to get the security token.
 								{% /codeInfo %}
 								{% codeInfo srNumber=5 %}
 								**sobjectName**: Specify the Salesforce Object Name in case you want to ingest a specific object.  If left blank, we will ingest all the Objects.
 								{% /codeInfo %}
 								{% codeInfo srNumber=6 %}
 								**salesforceApiVersion**: Follow the steps mentioned [here](https://help.salesforce.com/s/articleView?id=000386929&type=1) to get the API version. Enter the numerical value in the field, For example `42.0`.
 								{% /codeInfo %}
 								{% codeInfo srNumber=7 %}
 								**salesforceDomain**: When connecting to Salesforce, you can specify the domain to use for accessing the platform. The common domains include `login` and `test`, and you can also utilize Salesforce My Domain.
 								By default, the domain `login` is used for accessing Salesforce.
 								{% /codeInfo %}
 								{% partial file="/v1.4/connectors/yaml/database/source-config-def.md" /%}
 								{% partial file="/v1.4/connectors/yaml/ingestion-sink-def.md" /%}
 								{% partial file="/v1.4/connectors/yaml/workflow-config-def.md" /%}
 								#### Advanced Configuration
 								{% codeInfo srNumber=8 %}
-												Doc: Updating DB String in place of Athena (#16811)


											
										
										
											2024-06-27 00:12:11 +05:30
+								**Connection Options (Optional)**: Enter the details for any additional connection options that can be sent to database during the connection. These details must be added as Key-Value pairs.
-												docs: 1.4.x-SNAPSHOT (#15506)

* docs: 1.4.x-SNAPSHOT
added partials
added images
updated paths
											
										
										
											2024-03-11 10:42:26 +01:00
 								{% /codeInfo %}
 								{% codeInfo srNumber=9 %}
-												Doc: Updating DB String in place of Athena (#16811)


											
										
										
											2024-06-27 00:12:11 +05:30
+								**Connection Arguments (Optional)**: Enter the details for any additional connection arguments such as security or protocol configs that can be sent to database during the connection. These details must be added as Key-Value pairs.
-												docs: 1.4.x-SNAPSHOT (#15506)

* docs: 1.4.x-SNAPSHOT
added partials
added images
updated paths
											
										
										
											2024-03-11 10:42:26 +01:00
 								- In case you are using Single-Sign-On (SSO) for authentication, add the `authenticator` details in the Connection Arguments as a Key-Value pair as follows: `"authenticator" : "sso_login_url"`
 								{% /codeInfo %}
 								{% /codeInfoContainer %}
 								{% codeBlock fileName="filename.yaml" %}
-												Docs: Required content changes to fix the copy-to-clipboard functionality (#16557)

* Required content changes to fix the copy-to-clipboard functionality

* fix(workflow): typo for paths-ignore for playwright (#16559)

---------

Co-authored-by: Chirag Madlani <12962843+chirag-madlani@users.noreply.github.com>
											
										
										
											2024-06-06 21:07:16 +05:30
+								```yaml {% isCodeBlock=true %}
-												docs: 1.4.x-SNAPSHOT (#15506)

* docs: 1.4.x-SNAPSHOT
added partials
added images
updated paths
											
										
										
											2024-03-11 10:42:26 +01:00
+								source:
 								  type: salesforce
 								  serviceName: local_salesforce
 								  serviceConnection:
 								    config:
 								      type: Salesforce
 								```
 								```yaml {% srNumber=1 %}
 								      username: username
 								```
 								```yaml {% srNumber=2 %}
 								      password: password
 								```
 								```yaml {% srNumber=4 %}
 								      securityToken: securityToken
 								```
 								```yaml {% srNumber=5 %}
 								      sobjectName: sobjectName
 								```
 								```yaml {% srNumber=6 %}
 								      salesforceApiVersion: 42.0
 								```
 								```yaml {% srNumber=7 %}
 								      salesforceDomain: login
 								```
 								```yaml {% srNumber=8 %}
 								      # connectionOptions:
 								      #   key: value
 								```
 								```yaml {% srNumber=9 %}
 								      # connectionArguments:
 								      #   key: value
 								```
 								{% partial file="/v1.4/connectors/yaml/database/source-config.md" /%}
 								{% partial file="/v1.4/connectors/yaml/ingestion-sink.md" /%}
 								{% partial file="/v1.4/connectors/yaml/workflow-config.md" /%}
 								{% /codeBlock %}
 								{% /codePreview %}
 								{% partial file="/v1.4/connectors/yaml/ingestion-cli.md" /%}
-												Doc: Updating Database Connector Docs for SSL (#17269)

Co-authored-by: Prajwal Pandit <prajwalpandit@Prajwals-MacBook-Air.local>
											
										
										
											2024-08-07 11:41:00 +05:30
 								## Securing Salesforce Connection with SSL in OpenMetadata
 								To establish secure connections between OpenMetadata and Salesforce, navigate to the Advanced Config section. Here, you can provide the CA certificate used for SSL validation by specifying the `caCertificate`.Alternatively, if both client and server require mutual authentication, you'll need to use all three parameters: `ssl_key`, `ssl_cert`, and `ssl_ca`. In this case, `ssl_cert` is used for the client’s SSL certificate, `ssl_key` for the private key associated with the SSL certificate, and `ssl_ca` for the CA certificate to validate the server’s certificate.
 								```yaml
 								      sslConfig:
 								            caCertificate: "/path/to/ca_certificate"
 								            sslCertificate: "/path/to/your/ssl_cert"
 								            sslKey: "/path/to/your/ssl_key"
 								```