跳转至

Salesforce

Foundry's Salesforce connector allows you to sync data between Salesforce and Foundry datasets.

:::callout{theme="warning"} This document refers to the latest version of the Salesforce connector. If you are editing an existing Salesforce connector, it may be a legacy version. Review the section on migration below for more information. :::

Supported capabilities

Capability Status
Exploration 🟢 Generally available
Bulk import 🟢 Generally available

Data model

The connector models all available standard ↗ and custom Salesforce objects as Foundry datasets. Schemas are retrieved dynamically. The exploration view allows you to browse the data model and preview how Salesforce objects would appear once imported to Foundry.

Data type mapping

The connector maps Salesforce API types to the following Foundry field types:

Salesforce Foundry
Auto Number STRING
Lookup Relationship STRING
Master-Detail Relationship STRING
External Lookup Relationship STRING
Checkbox BOOLEAN
Currency DECIMAL
Date DATE
Date/Time LONG
Email STRING
Geolocation STRING
Number DOUBLE
Percent DOUBLE
Phone STRING
Picklist STRING
Picklist (Multi-Select) STRING
Text STRING
Text Area STRING
Text Area (Long) STRING
Text Area (Rich) STRING
Text (Encrypted) STRING
Time INTEGER
URL STRING

Performance and limitations

The connector leverages the Salesforce Bulk API ↗ by default, which is recommended for any data operation including more than 2000 rows. Read more about Bulk API Limits ↗.

The connector can optionally use the Salesforce SOAP API ↗ when setting the JDBC property UseBulkAPI to false. The SOAP API is also subject to Salesforce SOAP API Call Limits ↗.

Setup

  1. Open the Data Connection application and select + New Source in the upper right corner of the screen.
  2. Select Salesforce from the available connector types.
  3. Follow the additional configuration prompts to continue the set up of your connector using the information in the sections below.

Learn more about setting up a connector in Foundry.

Authentication

Select a credential method to authenticate your Salesforce connection: JWT token or username-password.

JWT token

You can use the OAuth 2.0 JSON Web Token (JWT) bearer flow ↗ to authorize Foundry to access data without interactively logging in on each request.

To enable JWT authentication, you must generate a certificate, upload it while creating a Connected App, then perform a one-time authorization of the integration user.

Part 1: Generate a certificate

First, create a Salesforce user and verify it has access permission for APIs and any Salesforce objects you wish to modify. Be sure you are able to log in as the integration user, as you will need to authorize as this user in a future step.

Now, create a JWT certificate. The Salesforce JWT bearer flow ↗ requires an X.509 certificate and the associated private key. To generate a private key, use openssl at the command line and run the following commands:

  1. Generate the x.509 public and private key pair:
openssl genrsa 1024 | openssl pkcs8 -topk8 -inform PEM -out key.pem -nocrypt
openssl req -new -x509 -key key.pem -out cert.pem -days 3650
  1. Export the certificate to a PFX store, convert to Base64, and copy to clipboard:
openssl pkcs12 -export -in cert.pem -inkey key.pem | openssl base64 | pbcopy

:::callout{theme="warning"} Be sure to save the certificate value in a secure location. You will need to access the value later in the configuration. :::

Part 2: Create a connected app

In the Salesforce Lightning Experience setup page, scroll through the left side bar to select the Apps > App Manager entry under the Platform Tools section. In the App Manager page, create a new connected app by selecting New Connected App.

In the Basic Information section of the app creation page, fill in the following fields:

  1. Connected App Name
  2. API Name
  3. Email

Then, follow these steps to set up the API (Enable OAuth Settings) section:

  1. Check Enable OAuth Settings.
  2. Fill in the Callback URL with https://localhost:12345. This will be used again later.
  3. Check Use Digital Signatures and upload the cert.pem X.509 certificate file generated above.
  4. Select api, offline_access, and refresh_token from the available OAuth Scopes.
  5. Check Require Secret for Web Server Flow.

Ignore the other sections, and finalize the connected app creation by selecting Save, then Confirm on the next page. Allow ten minutes to pass before attempting to use the connected app.

Once the connected app is created, save the Consumer Key (for example, 3MVG9FG3dv...) in a secure place. The key is available under the API (Enable OAuth Settings) section.

Part 3: Authorize user

Authorize the integration user with one of the following options:

  • Perform a one-time authorization: Authorize the connected app for the integration user by performing the login flow in a browser:
  • Navigate to the following Salesforce URL: https://<salesforce-url>/services/oauth2/authorize?client_id=<CONSUMER_KEY>&redirect_uri=<CALLBACK_URL>&scope=api%20offline_access%20refresh_token&response_type=code&response_mode=query&nonce=bebmwgu22zh
    • Replace <CONSUMER_KEY> with your connected app consumer key and <CALLBACK_URL> with the URL you entered during the API configuration step.
    • Replace <salesforce-url> with your Salesforce instance URL (<site>.my.salesforce.com).
  • Complete the login flow as the integration user, selecting Use Custom Domain if necessary. Select Allow on the next page to allow the connected app to act on your behalf for the specified scopes. Ensure the username of the integration user is shown and not your personal account username.
  • Then, you will be redirected back to https://localhost:12345 (the CALLBACK_URL). Since the callback URL is not real, the browser will show an expected "Not Found” error.
  • Pre-authorize the user by following the Salesforce guidance ↗ on how to change the Permitted Users policy to Admin approved users are pre-authorized. Once pre-authorization is complete, return to the connected app configuration page to grant access to the connected app.Access can be given to the individual integration user Profile, or a Permission Set that includes the integration user.

Continue setting up a Salesforce connector in Foundry using the JWT authentication configuration options below:

Name Required Description
This is a Salesforce sandbox account Yes Determines if the connection should be made to a Salesforce sandbox account. Sets the default value for Login URL: login.salesforce.com for standard accounts and test.salesforce.come for sandbox accounts.
Username Yes Enter the username of the integration user.
Base64 PFX certificate Yes Value obtained from generating a certificate.
The certificate is password protected No Toggle on if the certificate store is password protected.
Certificate password No The certificate store password.
Specify the certificate subject No Leave off to use the first certificate in the store. Toggle on to specify a certificate to use if the certificate store contains multiple certificates.
Certificate subject No The subject of the desired certificate. Used to locate the certificate in the store . If an exact match is not found, the store is searched for a certificate whose subject contains the supplied value.
Consumer key Yes Enter the consumer key available in the settings of the connected app.

Username-password

To connect to Salesforce with the username-password ↗ authentication method, you must create a service user account and connected app in Salesforce. Then, add credentials for both into the Salesforce connector.

Follow the steps below to enable the username-password authentication flow.

  1. Create a Salesforce user and verify it has access permission for APIs and any Salesforce objects you wish to modify. Note the user’s username and password for future reference.

  2. Create a connected app:

  3. In the Salesforce Lightning Experience setup page, scroll through the left side bar to select the Apps > App Manager entry under the Platform Tools section. In the App Manager page, create a new connected app by selecting New Connected App.

  4. In the Basic Information section of the app creation page, fill in the following fields:

    1. Connected App Name
    2. API Name
    3. Email
  5. Then, follow these steps to set up the API (Enable OAuth Settings) section:

    1. Check Enable OAuth Settings.
    2. Fill in the Callback URL with https://localhost:12345. This field is required for configuration though the callback URL will not be used.
    3. Select Full access (full) from the available Selected OAuth Scopes to allow access to all data accessible to the active user.
  6. Ignore the other sections and finalize the connected app creation by selecting Save, then Confirm on the next page. Allow two to ten minutes to pass before attempting to use the connected app.

Once the connected app is created, navigate to it from the App Manager page. Select Manage, then Edit Policies. Under OAuth Policies > Permitted Users select All users may self-authorize.

The username-password authentication method supports the following configuration options:

Name Required Description
This is a Salesforce sandbox account Yes Determines if the connection should be made to a Salesforce sandbox account. Sets the default value for Login URL: login.salesforce.com for standard accounts and test.salesforce.come for sandbox accounts.
Username Yes The username of the account that the connected app is imitating.
Password Yes The password of the account that the connected app is imitating.

:::callout{theme="neutral"} If you experience authorization problems when trying to connect from Foundry and see Failed: API security token required in the Salesforce Login History of the user, you must add the user's security token to the end of the password.

The security token is an automatically generated key that must be added to the password to log in to Salesforce from an untrusted network. Salesforce does not allow users to view the security token within the application; instead, you must log in to Salesforce as the integration user and navigate to My Settings in the top right corner. Then, navigate to Personal > Reset My Security Token. :::

Networking

If a direct connection is running your Salesforce connector, you must add a network egress policy to allowlist the connection.

Choose to add an existing policy, or create a new policy.

To allowlist a direct connection for Salesforce, add the following policies:

  • Login URL: Requires DNS, port 443 (HTTPS), and one of the following:
  • login.salesforce.com (production) OR
  • test.salesforce.com (sandbox)

  • Instance URL: Requires DNS for <site>.my.salesforce.com, port 443 (HTTPS).

Certificates and private keys

SSL connections validate servers certificates. Normally, SSL validations happen through a certificate chain; by default, both agent and Foundry workers trust most industry-standard certificate chains. If the server to which you are connecting has a self-signed certificate, or if there is TLS interception during the validation, the connector must trust the certificate. Learn more about using certificates in Data Connection.

Configuration options

The Salesforce connector supports the following configuration options:

Name Required Default Description
API version Yes 50 The Salesforce API version.
Connected app credentials Yes JWT bearer token Contains credentials needed to connect to Salesforce. Review the Authentication sections above for more information.
Login URL No login.salesforce.com (production), or test.salesforce.com (sandbox) The URL used to connect to retrieve OAuth tokens.
Timeout No 60 The duration of time before the HTTP client connection times out while waiting for a response. Time is in seconds.
Proxy settings No No The proxy configuration to use when connecting to Salesforce.

Sync data from Salesforce

Use the exploration view to sync tables. Additional configuration options are available when editing a sync.

Incremental

During incremental syncs with the Salesforce connector, new data is synced if the incremental column value is greater than or equal to the previous observed maximum value. This behavior, though required for precision and correctness of synced data, will lead to duplicate rows in the output dataset. Incremental pipelines should always contain a deduplication step.

Filtering

You can add row filters to a sync configuration to exclude data that does not fit a set criteria. Use the condition tree to define your filter:

  • Logical operators:
  • ALL: Requires all nodes nested beneath to be true.
  • ANY: Requires at least one of the nested nodes to be true.
  • Conditions:
  • Select from a list of available columns.
  • Depending on the column type, choose an appropriate operator.
  • Set a value to compare against the selected column.

Be sure to Save your configurations to apply them to the sync.

Migration

If you already have a Salesforce connector, you may be running a legacy version. To identify your connector version, migrate to Connection settings > Connection details. If source configuration shows a Custom YAML section with a type: salesforce field, you are using a legacy Salesforce connector. You must migrate to the latest version to receive Palantir support beyond bug fixes.

Migrate connector

  1. Open the Data Connection application and select + New Source in the upper right corner of the screen.
  2. Select Salesforce from the available connector types.
  3. Follow the additional configuration prompts to continue the set up of your connector using the information in the sections below.
  4. Configure the authentication to match that of the legacy source. In the legacy source configuration, find the auth-method or authentication-method block in the custom YAML.
  5. If type: oauth2-jwt, configure the new source with JWT authentication:
    • claim-sub from the custom YAML becomes Username in new connector configuration.
    • x509-cert is exported to PFX, then Base64 encoded and becomes Certificate. Learn more about certificates in the JWT authentication section above.
  6. If the PFX is password protected, toggle on The certificate is password protected and enter the Certificate password.
    • claim-iss from the custom YAML becomes becomes Consumer key in the new connector configuration.
  7. If type: oauth2-username-password, configure the new source with username-password authentication:
    • username from the custom YAML becomes Usernamein the new connector configuration.
    • password from the custom YAML becomes becomes Passwordin the new connector configuration.
    • client-id and client-secret properties on the legacy source are not required by the new connector.
  8. Configure other properties:
  9. auth-url from the custom YAML becomes becomes Login URLin the new connector configuration.
  10. If auth-url had a value of test.salesforce.com in the custom YAML, toggle on Is Salesforce sandbox account in the new connector configuration.

Migrate syncs

After configuring a new Salesforce connector, create syncs for the objects that were previously synced by the legacy connector. Use the exploration view to bulk sync multiple objects at once and create new datasets.

:::callout{theme="neutral"} If using the same API version, both the legacy and new Salesforce connectors will use the same schema; all downstream applications should continue to function if inputs are remapped. :::

You must migrate downstream pipelines to use the new sync datasets. Once you have confirmed that no other consumers require the legacy datasets, you can delete the datasets, associated syncs, and connections. Use Data Lineage to find where the legacy datasets are used in your environment.


中文翻译

Salesforce

Foundry 的 Salesforce 连接器允许您在 Salesforce 和 Foundry 数据集之间同步数据。

:::callout{theme="warning"} 本文档适用于最新版本的 Salesforce 连接器。如果您正在编辑现有的 Salesforce 连接器,它可能是旧版本。请查看下方关于迁移的部分以获取更多信息。 :::

支持的功能

功能 状态
探索 🟢 正式可用
批量导入 🟢 正式可用

数据模型

该连接器将所有可用的 标准 ↗ 和自定义 Salesforce 对象建模为 Foundry 数据集。模式(Schema)是动态检索的。探索视图允许您浏览数据模型,并预览 Salesforce 对象导入到 Foundry 后的样子。

数据类型映射

该连接器将 Salesforce API 类型映射到以下 Foundry 字段类型

Salesforce Foundry
自动编号(Auto Number) STRING
查找关系(Lookup Relationship) STRING
主从关系(Master-Detail Relationship) STRING
外部查找关系(External Lookup Relationship) STRING
复选框(Checkbox) BOOLEAN
货币(Currency) DECIMAL
日期(Date) DATE
日期/时间(Date/Time) LONG
电子邮件(Email) STRING
地理位置(Geolocation) STRING
数字(Number) DOUBLE
百分比(Percent) DOUBLE
电话(Phone) STRING
选项列表(Picklist) STRING
选项列表(多选)(Picklist (Multi-Select)) STRING
文本(Text) STRING
文本区域(Text Area) STRING
文本区域(长)(Text Area (Long)) STRING
文本区域(富文本)(Text Area (Rich)) STRING
文本(加密)(Text (Encrypted)) STRING
时间(Time) INTEGER
URL STRING

性能与限制

该连接器默认使用 Salesforce Bulk API ↗,建议用于任何包含超过 2000 行数据的操作。了解更多关于 Bulk API 限制 ↗ 的信息。

当将 JDBC 属性 UseBulkAPI 设置为 false 时,该连接器可以选择使用 Salesforce SOAP API ↗。SOAP API 也受 Salesforce SOAP API 调用限制 ↗ 的约束。

设置

  1. 打开 数据连接(Data Connection) 应用程序,并在屏幕右上角选择 + 新建源(+ New Source)
  2. 从可用的连接器类型中选择 Salesforce
  3. 按照额外的配置提示,使用以下部分中的信息继续设置您的连接器。

了解更多关于在 Foundry 中 设置连接器 的信息。

身份验证

选择一种凭证方法来验证您的 Salesforce 连接:JWT 令牌或用户名-密码。

JWT 令牌

您可以使用 OAuth 2.0 JSON Web 令牌 (JWT) 持有者流程 ↗ 来授权 Foundry 访问数据,而无需在每次请求时交互式登录。

要启用 JWT 身份验证,您必须生成一个证书,在创建连接应用程序(Connected App)时上传它,然后对集成用户执行一次性授权。

第 1 部分:生成证书

首先,创建一个 Salesforce 用户,并验证其具有 API 和您希望修改的任何 Salesforce 对象的访问权限。确保您能够以集成用户身份登录,因为您需要在后续步骤中以此用户身份进行授权。

现在,创建一个 JWT 证书。Salesforce JWT 持有者流程 ↗ 需要一个 X.509 证书和相关的私钥。要生成私钥,请在命令行中使用 openssl 并运行以下命令:

  1. 生成 x.509 公钥和私钥对:
openssl genrsa 1024 | openssl pkcs8 -topk8 -inform PEM -out key.pem -nocrypt
openssl req -new -x509 -key key.pem -out cert.pem -days 3650
  1. 将证书导出到 PFX 存储,转换为 Base64,并复制到剪贴板:
openssl pkcs12 -export -in cert.pem -inkey key.pem | openssl base64 | pbcopy

:::callout{theme="warning"} 请务必将证书值保存在安全的位置。您稍后将在配置中需要访问该值。 :::

第 2 部分:创建连接应用程序

在 Salesforce Lightning Experience 设置页面中,滚动左侧边栏,在 平台工具(Platform Tools) 部分下选择 应用程序 > 应用程序管理器(Apps > App Manager) 条目。在应用程序管理器页面中,通过选择 新建连接应用程序(New Connected App) 来创建一个新的连接应用程序。

在应用程序创建页面的 基本信息(Basic Information) 部分,填写以下字段:

  1. 连接应用程序名称(Connected App Name)
  2. API 名称(API Name)
  3. 电子邮件(Email)

然后,按照以下步骤设置 API (启用 OAuth 设置)(API (Enable OAuth Settings)) 部分:

  1. 勾选 启用 OAuth 设置(Enable OAuth Settings)
  2. 回调 URL(Callback URL) 中填写 https://localhost:12345。这将在稍后再次使用。
  3. 勾选 使用数字签名(Use Digital Signatures) 并上传上面生成的 cert.pem X.509 证书文件
  4. 从可用的 OAuth 作用域(OAuth Scopes) 中选择 apioffline_accessrefresh_token
  5. 勾选 需要 Web 服务器流程的密钥(Require Secret for Web Server Flow)

忽略其他部分,通过选择 保存(Save),然后在下一页选择 确认(Confirm) 来完成连接应用程序的创建。在尝试使用连接应用程序之前,请等待十分钟。

连接应用程序创建完成后,将 消费者密钥(Consumer Key)(例如,3MVG9FG3dv...)保存在安全的地方。该密钥可在 API (启用 OAuth 设置)(API (Enable OAuth Settings)) 部分下找到。

第 3 部分:授权用户

通过以下选项之一授权集成用户:

  • 执行一次性授权: 通过在浏览器中执行登录流程来为集成用户授权连接应用程序:
  • 导航到以下 Salesforce URL:https://<salesforce-url>/services/oauth2/authorize?client_id=<CONSUMER_KEY>&redirect_uri=<CALLBACK_URL>&scope=api%20offline_access%20refresh_token&response_type=code&response_mode=query&nonce=bebmwgu22zh
    • <CONSUMER_KEY> 替换为您的连接应用程序消费者密钥,将 <CALLBACK_URL> 替换为您在 API 配置步骤中输入的 URL。
    • <salesforce-url> 替换为您的 Salesforce 实例 URL(<site>.my.salesforce.com)。
  • 以集成用户身份完成登录流程,如有必要,选择 使用自定义域(Use Custom Domain)。在下一页选择 允许(Allow),以允许连接应用程序代表您对指定的作用域执行操作。确保显示的是集成用户的用户名,而不是您个人账户的用户名。
  • 然后,您将被重定向回 https://localhost:12345(CALLBACK_URL)。由于回调 URL 不是真实的,浏览器将显示预期的"未找到(Not Found)"错误。
  • 预授权用户,请按照 Salesforce 指南 ↗ 操作,了解如何将 允许的用户(Permitted Users) 策略更改为 管理员批准的用户已预授权(Admin approved users are pre-authorized)。预授权完成后,返回连接应用程序配置页面,以授予对连接应用程序的访问权限。可以授予对单个集成用户配置文件(Profile)或包含集成用户的权限集(Permission Set)的访问权限。

使用下面的 JWT 身份验证配置选项继续在 Foundry 中设置 Salesforce 连接器:

名称 必需 描述
这是 Salesforce 沙箱账户(This is a Salesforce sandbox account) 确定是否应连接到 Salesforce 沙箱账户。设置 登录 URL(Login URL) 的默认值:标准账户为 login.salesforce.com,沙箱账户为 test.salesforce.com
用户名(Username) 输入集成用户的用户名。
Base64 PFX 证书(Base64 PFX certificate) 生成证书中获得的值。
证书受密码保护(The certificate is password protected) 如果证书存储受密码保护,则切换为开启。
证书密码(Certificate password) 证书存储密码。
指定证书主题(Specify the certificate subject) 留空以使用存储中的第一个证书。如果证书存储包含多个证书,则切换为开启以指定要使用的证书。
证书主题(Certificate subject) 所需证书的主题。用于在存储中定位证书。如果未找到完全匹配项,则搜索存储中主题包含所提供值的证书。
消费者密钥(Consumer key) 输入连接应用程序设置中可用的消费者密钥。

用户名-密码

要使用 用户名-密码 ↗ 身份验证方法连接到 Salesforce,您必须在 Salesforce 中创建一个服务用户账户和连接应用程序。然后,将两者的凭据添加到 Salesforce 连接器中。

按照以下步骤启用用户名-密码身份验证流程。

  1. 创建一个 Salesforce 用户,并验证其具有 API 和您希望修改的任何 Salesforce 对象的访问权限。记下用户的用户名和密码以备将来参考。

  2. 创建一个连接应用程序:

  3. 在 Salesforce Lightning Experience 设置页面中,滚动左侧边栏,在 平台工具(Platform Tools) 部分下选择 应用程序 > 应用程序管理器(Apps > App Manager) 条目。在应用程序管理器页面中,通过选择 新建连接应用程序(New Connected App) 来创建一个新的连接应用程序。

  4. 在应用程序创建页面的 基本信息(Basic Information) 部分,填写以下字段:

    1. 连接应用程序名称(Connected App Name)
    2. API 名称(API Name)
    3. 电子邮件(Email)
  5. 然后,按照以下步骤设置 API (启用 OAuth 设置)(API (Enable OAuth Settings)) 部分:

    1. 勾选 启用 OAuth 设置(Enable OAuth Settings)
    2. 回调 URL(Callback URL) 中填写 https://localhost:12345。此字段是配置所必需的,尽管回调 URL 不会被使用。
    3. 从可用的 选定的 OAuth 作用域(Selected OAuth Scopes) 中选择 完全访问(full)(Full access (full)),以允许访问活动用户可访问的所有数据。
  6. 忽略其他部分,通过选择 保存(Save),然后在下一页选择 确认(Confirm) 来完成连接应用程序的创建。在尝试使用连接应用程序之前,请等待两到十分钟。

连接应用程序创建完成后,从应用程序管理器页面导航到它。选择 管理(Manage),然后选择 编辑策略(Edit Policies)。在 OAuth 策略 > 允许的用户(OAuth Policies > Permitted Users) 下,选择 所有用户可自行授权(All users may self-authorize)

用户名-密码身份验证方法支持以下配置选项:

名称 必需 描述
这是 Salesforce 沙箱账户(This is a Salesforce sandbox account) 确定是否应连接到 Salesforce 沙箱账户。设置 登录 URL(Login URL) 的默认值:标准账户为 login.salesforce.com,沙箱账户为 test.salesforce.com
用户名(Username) 连接应用程序所模拟的账户的用户名。
密码(Password) 连接应用程序所模拟的账户的密码。

:::callout{theme="neutral"} 如果您在尝试从 Foundry 连接时遇到授权问题,并在用户的 Salesforce 登录历史记录(Salesforce Login History) 中看到 失败:需要 API 安全令牌(Failed: API security token required),则必须将用户的安全令牌附加到密码末尾。

安全令牌是一个自动生成的密钥,必须将其添加到密码中才能从未受信任的网络登录 Salesforce。Salesforce 不允许用户在应用程序中查看安全令牌;相反,您必须以集成用户身份登录 Salesforce,然后导航到右上角的 我的设置(My Settings)。然后,导航到 个人设置 > 重置我的安全令牌(Personal > Reset My Security Token)。 :::

网络

如果直接连接正在运行您的 Salesforce 连接器,您必须添加一个网络出口策略(Network Egress Policy) 以将连接列入白名单。

选择添加现有策略,或创建新策略。

要为 Salesforce 将直接连接列入白名单,请添加以下策略:

  • 登录 URL:需要 DNS、端口 443 (HTTPS),以及以下之一:
  • login.salesforce.com (生产环境) 或者
  • test.salesforce.com (沙箱)

  • 实例 URL:需要 <site>.my.salesforce.comDNS、端口 443 (HTTPS)。

证书和私钥

SSL 连接会验证服务器证书。通常,SSL 验证通过证书链进行;默认情况下,代理和 Foundry 工作节点都信任大多数行业标准的证书链。如果您要连接的服务器具有自签名证书,或者在验证期间存在 TLS 拦截,则连接器必须信任该证书。了解更多关于在数据连接中使用证书的信息。

配置选项

Salesforce 连接器支持以下配置选项:

名称 必需 默认值 描述
API 版本(API version) 50 Salesforce API 版本。
连接应用程序凭据(Connected app credentials) JWT 持有者令牌(JWT bearer token) 包含连接到 Salesforce 所需的凭据。请查看上方身份验证部分以获取更多信息。
登录 URL(Login URL) login.salesforce.com (生产环境),或 test.salesforce.com (沙箱) 用于连接以检索 OAuth 令牌的 URL。
超时(Timeout) 60 HTTP 客户端连接在等待响应时超时的持续时间。时间以秒为单位。
代理设置(Proxy settings) 连接到 Salesforce 时要使用的代理配置。

从 Salesforce 同步数据

使用探索视图(Exploration View)来同步表。编辑同步时,可以使用其他配置选项。

增量同步

在使用 Salesforce 连接器进行增量同步期间,如果增量列值大于或等于先前观察到的最大值,则会同步新数据。这种行为虽然对于同步数据的精确性和正确性是必需的,但会导致输出数据集中出现重复行。增量管道应始终包含一个去重步骤。

过滤

您可以向同步配置添加行过滤器,以排除不符合特定条件的数据。 使用条件树来定义您的过滤器:

  • 逻辑运算符:
  • ALL:要求其下嵌套的所有节点都为真。
  • ANY:要求至少一个嵌套节点为真。
  • 条件:
  • 从可用列列表中选择。
  • 根据列类型,选择合适的运算符。
  • 设置一个值以与所选列进行比较。

请务必 保存(Save) 您的配置以将其应用于同步。

迁移

如果您已有 Salesforce 连接器,您可能正在运行旧版本。要识别您的连接器版本,请导航到 连接设置 > 连接详情(Connection settings > Connection details)。如果源配置显示一个包含 type: salesforce 字段的 自定义 YAML(Custom YAML) 部分,则您正在使用旧版 Salesforce 连接器。您必须迁移到最新版本才能获得 Palantir 在错误修复之外的支持。

迁移连接器

  1. 打开 数据连接(Data Connection) 应用程序,并在屏幕右上角选择 + 新建源(+ New Source)
  2. 从可用的连接器类型中选择 Salesforce
  3. 按照额外的配置提示,使用以下部分中的信息继续设置您的连接器。
  4. 配置身份验证以匹配旧版源的身份验证。在旧版源配置中,找到自定义 YAML 中的 auth-methodauthentication-method 块。
  5. 如果是 type: oauth2-jwt,则使用 JWT 身份验证 配置新源:
    • 自定义 YAML 中的 claim-sub 成为新连接器配置中的 用户名(Username)
    • x509-cert 被导出为 PFX,然后进行 Base64 编码并成为 证书(Certificate)。请参阅上方 JWT 身份验证 部分中关于证书的更多信息。
  6. 如果 PFX 受密码保护,请切换开启 证书受密码保护(The certificate is password protected) 并输入 证书密码(Certificate password)
    • 自定义 YAML 中的 claim-iss 成为新连接器配置中的 消费者密钥(Consumer key)
  7. 如果是 type: oauth2-username-password,则使用 用户名-密码身份验证 配置新源:
    • 自定义 YAML 中的 username 成为新连接器配置中的 用户名(Username)
    • 自定义 YAML 中的 password 成为新连接器配置中的 密码(Password)
    • 旧版源上的 client-idclient-secret 属性不是新连接器所必需的。
  8. 配置其他属性:
  9. 自定义 YAML 中的 auth-url 成为新连接器配置中的 登录 URL(Login URL)
  10. 如果自定义 YAML 中的 auth-url 值为 test.salesforce.com,请在新连接器配置中切换开启 是 Salesforce 沙箱账户(Is Salesforce sandbox account)

迁移同步

配置新的 Salesforce 连接器后,为之前由旧版连接器同步的对象创建同步。使用探索视图(Exploration View)一次批量同步多个对象并创建新数据集。

:::callout{theme="neutral"} 如果使用相同的 API 版本,旧版和新版 Salesforce 连接器将使用相同的模式(Schema);如果重新映射输入,所有下游应用程序应继续正常运行。 :::

您必须迁移下游管道以使用新的同步数据集。一旦确认没有其他消费者需要旧版数据集,您可以删除这些数据集、相关的同步和连接。使用数据沿袭(Data Lineage)来查找旧版数据集在您环境中的使用位置。