Introduction
In the context of organizational information systems, there are often several specialized or legacy systems, and their integration with CRM enriches the experience of its users, either allowing access to information from the various systems, centrally in the same interface, or allowing additional functionality and usability optimization. Salesforce CRM is no exception, with multiple forms of integration, typically dependent on system characteristics, the context and functionality to be made available.
In this article we’ll talk about the Qlik Sense Salesforce integration using connected apps.
Context
Qlik Sense is a platform that, briefly, has as its central objective on enabling data analysis. This platform allows the creation of specific indicator frameworks, based on consolidated information and from various sources.
Salesforce is the market-leading cloud CRM platform, and like most CRM systems, it's often the core system at the forefront of the transformation and digital adoption of Organizations, enabling, in addition to many other areas such as business management and marketing, customer and partnership management, and all their interactions. Therefore, it has coverage over almost all areas of the Organizations. Thus, the integration of CRM with external services is a way to give users access to features and information from other systems in an integrated way, optimizing processes, sales and satisfaction of employees, partners and customers.
In this article we talk about the integration of the two systems, which allows the universe of CRM users to enrich decision-making in interaction with customers, based on data analyzed by Qlik from various sources.
Implementation
For this integration we’ve created a Connected App in Salesforce to make the connection between both systems more secure and automatic. Before we look at our Qlik integration example, let's look at what Connected Apps are and what they're used for.
Connected Apps
In Salesforce a Connected App, it's a framework that allows an external application to integrate with Salesforce using standard APIs and protocols, such as SAML, OAuth, and OpenID Connect.
Connected Apps use the protocols indicated to authenticate, authorize, and create a single sign-in (SSO) experience for external applications. External apps built with Salesforce can run on Salesforce or other SaaS platforms, devices, or subscriptions.
For example, when you sign in to the Salesforce mobile app and you see data from the Salesforce Organization, you're using a Connected App.
There are four main use cases for implementing a Connected App:
Access to Salesforce data by an external application
For example, making a web application that reads order status data directly from Salesforce available through the Salesforce API would be integrated with Connected Apps. For a Connected App to request access, it must be integrated with the Salesforce API using the OAuth 2.0 protocol. OAuth 2.0 is an open protocol that authorizes secure data sharing between applications through tokens exchange.
To do this, application implementations establish OAuth authorization flows, which integrate with the Salesforce API. These authorization flows allow one user to work in one application, but see data from another.
Integration of Service Providers
Salesforce can be used as an identity provider. To do this you can use a Connected App to integrate the service provider with Salesforce Org, using one of the following methods:
Use an application connected with SAML 2.0 to integrate a service provider with Org Salesforce.
Salesforce supports single-sign-on SAML (SSO) when the service provider or identity provider initiates the flow. For example, imagine that we want to build a custom web application that implements SAML 2.0 for user authentication, and we would like your users to be able to sign in to the app with their Salesforce credentials. To set up the SSO stream, we set up the new app as a Connected App, set Org Salesforce as the SAML identity provider for the Connected App, and users can sign in to the app with their Salesforce credentials.
Use a Connected App with OpenID Connect to integrate a service provider with Org Salesforce.
To use this option, the service provider must accept OpenID Connect tokens. For example, imagine this time that we want users to pass directly (and authenticate automatically) from Org Salesforce to an external application that accepts OpenID Connect. To do this, you'll need to create a Connected App for the external app. In the Connected App, we activate OAuth settings, select the "Allow access to your unique identifier (openid)" scope, and set up an ID token. This configuration allows the SSO flow to the new application, and in this way, we integrate the service provider with Org Salesforce.
Manage access to third-party apps
Salesforce admins can set security policies to control the data that a third-party application can access from Org. Administrators can also define who can use the third-party app. For example, by installing an appExchange app that allows users of your Org to make travel reservations by selecting the "Administrator approved users are pre-authorized" option for the Connected App, the administrator can assign user-specific profiles to the app. This way only users with this user profile can access the application. The administrator can also set an update token policy to revoke the travel booking app's access to your salesforce data after a set period of time. In addition to setting security policies for managing third-party apps, your administrator can uninstall, and when necessary, block access to these apps from Org Salesforce.
Provide Authorization for External APIS Gateways
Salesforce can function as a standalone OAuth authorization server to protect resources hosted on an External APIs Gateways. Using the OpenID Connect dynamic client registry, resource servers can dynamically create client applications such as Connected Apps in Salesforce. Salesforce can then authorize these Connected Apps to access protected resources hosted by the third-party service.
For example, Salesforce can act as the OAuth authorization server for API gateways that are hosted on Mulesoft's Anypoint platform (external system). MuleSoft's Anypoint platform, which is the resource server, can dynamically create client applications such as Connected Apps. These Connected Apps can send a request to Salesforce and request access to data protected by API gateways. Salesforce can then authorize Connected Apps, allowing them access to data protected by API gateways.
Qlik Integration
In this specific case, we will use the connected app in the use case of Service Provider Integration with SAML, where the provider is Qlik Sense.
The first task of preparing the integration to be performed will be on the Qlik Sense side. This task consists of setting up a virtual proxy with data that will be needed later in the creation of the Connected App, namely the "SAML Host URI" and the "SAML Entity ID". In addition, in this fill-in you must have the certificate of the Salesforce environment to which the system will be connected, previously obtained in the Salesforce section of "Identity Provider". More details here.
Once the previous task is completed, the configuration in the Salesforce component is followed. In the creation of the Connected App the most important fields that guarantee the connection to the service are: "Entity Id" and "ACS URL", and in these fields we will use the values entered in the fields mentioned earlier in the virtual proxy. Respectively we associate the "SAML entity ID" with the "Entity Id" and the "SAML Host URI" with the "ACS URL".
If there are users who cannot access this service, you must create a "Permission Set" with users whose access is authorized and associate it with the created app.
Finally, you need to create a mechanism where you can see Qlik Sense content in Salesforce. For this, we considered two hypotheses:
- Web Tab;
- Visualforce page.
The Visualforce page is most recommended because it is more versatile and can be inserted in various locations, such as: detail page of an object, tab Home, etc. This page has only in its content the tag "iframe" obtained from the frame that you want to show from Qlik Sense.
With the process complete, we get Qlik content integrated into Salesforce:
Conclusion
The flexibility of integrating systems into CRM is critical. Salesforce enables a number of integration mechanisms, including Connected Apps, that reinforce process optimization with users, ensuring a central access point and a uniform view of information from multiple systems within CRM.