Salesforce actions setup

Use Salesforce actions to let Glean Assistant and Agents search and update Salesforce data without leaving Glean.

With this setup, you can:

• Enable the Salesforce action pack for a datasource instance.
• Authenticate with a Salesforce OAuth app.
• Decide which agents and surfaces can use these actions.

Prerequisites

Before enabling Salesforce actions:

• The Salesforce datasource must be configured and successfully crawling content.
• You must be able to access the Glean Admin Console.
• A Salesforce admin can create a connected app and grant OAuth scopes.

Setup instructions

Follow these steps to set up the Salesforce action pack:

1. In Glean, go to Admin → Platform → Actions.

2. Click Add.

3. From Add pre‑set actions, select Salesforce Actions under Action templates.

4. In the Configuration tab:

   1. Add the Instance Name.
   2. Select the connected Datasource Instance to link this action to your Salesforce instance.
   3. Configure authentication. Salesforce actions use user OAuth so that actions run as the signed‑in user and respect their permissions. You can either use a central Glean‑managed app (recommended) or configure a custom OAuth app in Salesforce.

   Use the central option if:

   • Your organization is Glean‑hosted, and
   • Central apps are available for Salesforce in your environment.

   Steps:

   1. Select Central under Authenticate sectionin on the Salesforce Actions setup page.
   2. Click Save.

   End users are prompted to connect their Salesforce account the first time they run an action, and tokens are managed centrally thereafter.

   Use the custom option if:

   • You are self‑hosted, or
   • Your security model requires a customer‑owned Salesforce OAuth app.

   Steps:

   In order to setup OAuth for Salesforce actions, follow these steps:

   Step 1: Create a New External Client App

   1. Navigate to Salesforce and login using your credentials.

   2. Click Setup (top right).

   3. Go to App Manager (search under Quick Find).

   4. Click New External Client App. The External Client App Manager page opens up.

   5. Under Basic information, add the following mandatory details:

      1. External Client App Name. Name your app appropriately to indicate that Glean will have access to this data, for example, Glean sales app.

      2. API Name.

      3. Contact Email.

      4. Distribution State. Based on your requirement, select from either Local or Packaged.

         • Local: Use this if the app will only be used in the current Salesforce org. Local apps can not be packaged or distributed to other orgs.
         • Packaged: Use this if you plan to include the app in a second-generation (2GP) managed package and distribute it to other Salesforce orgs.

   Step 2: Enable OAuth Settings

   1. Select the Enable OAuth.

   2. Under App Settings, add the following information:

      1. Callback URL. Copy the Callback URL from the Glean admin console:
         1. Navigate to Salesforce actions configuration page on the Glean admin console.
         2. Select custom under the Authenticate section.
         3. Copy the Callback URL.

   3. Add the following OAuth scopes:

      • Manage user data via APIs (api)
      • Perform requests at anytime (refresh_token, offline_access)
        Optionally add Full access (full) scope if you plan to use Salesforce extension actions.

   4. Based on your requirement, you can either enable or keep the Introspect all Tokens and Configure ID token options disabled.

      • Introspect all Tokens: Allows the app to use token introspection endpoint of Salesforce to validate and inspect access/refresh tokens across the org, returning details such as whether the token is active, its expiry, user, and scopes. If you plan to have your integration check token status through /services/oauth2/introspect, enable this option; otherwise you can leave it disabled.

      • Configure ID token: Controls how Salesforce issues OpenID Connect ID tokens for this app. If your integration uses the openid scope, enable this option to configure ID token behavior, including the lifetime of the token (1–720 minutes; default 2 minutes). If you do not use ID tokens and only rely on access/refresh tokens for API calls, you can leave this disabled.

   Step 3: Security settings

   • Uncheck Require Proof Key for Code Exchange (PKCE) extension for Supported Authorization Flows under Security.

   Step 4: Create the app

   • Click Create to create the app.

   Step 5: Copy the Consumer Key and Consumer Secret

   After creating the app, you are redirected to the app details page. Get the Consumer Key and Consumer Secret information from this page:

   1. Under the Settings tab, go to OAuth Settings.
   2. Under App Settings, click Consumer Key and Secret.
   3. Verify your identity. After verification, you are redirected to the External Client App Name page with the consumer key and secret details.
   4. Copy the Consumer Key and Consumer Secret and keep it safe.

   Step 6: Add OAuth Policies

   1. Under Apps, go to External Client Apps --> External Client Apps Manager.
   2. Find your app and click on your app.
   3. Under Policies, click Edit.
   4. Go to OAuth Policies and set Permitted Users to All users may self-authorize.
   5. Click Save.

   Step 7: Fill the client ID and client secret

   1. Navigate to Salesforce actions configuration page on the Glean admin console.
   2. Select custom under the Authenticate section.
   3. Add the Client ID and Client secret information.
   4. Click Save.

5. Click Edit settings under Enable Actions section to make actions visible for all or some teammates within Glean Chat and Agents.