Our Dropzone Connector for Salesforce allows you to integrate your SendSafely Hosted Dropzone with Salesforce. The Connector is available to subscribers on SendSafely Business and Enterprise plans. 

Once configured, the connector updates existing Salesforce tickets with SendSafely secure links for file downloads. 

The connector uses the Dropzone lookup field (Ticket ID) to associate inbound files with the appropriate ticket in Salesforce. This value can either be entered by the customer at the time of Dropzone file submission, or, more commonly, embedded in the Dropzone URL that is provided to the customer by a Salesforce agent.

Below are the steps for creating and configuring the MS Azure connector using an Azure Resource Manager template (ARM template).

Prerequisites

1. Overview

The steps outlined in this article assumes the following prerequisites:

• You already have a SendSafely account with a Dropzone enabled. Refer to the “Initial Dropzone Setup” section of the Hosted Dropzone article for steps on how to enable. 
• You have created a “Connected App” in Salesforce and generated a Refresh Token (see below).
• You have permissions within MS Azure to setup and deploy new resources. Specifically you will need permission to:
  • Create a new Azure Function triggered by an HTTP request
  • Create a new Azure Cosmos Table 
  • Create a new Communication Service
  • Create a new Log Analytics Workspace
  • Create a new Storage Account
  • Create a new Key Vault Secret (via Key Vault)
  • Create a new Managed Identity for use by the Azure Function

Prior to beginning this setup please contact support@sendsafely.com for instructions on how to obtain the ARM template file, which is required for Step 1 below.

2. Set up a Connected App in Salesforce

Follow the steps outlined here to set up a new Connected App in Salesforce: https://sendsafely.zendesk.com/hc/en-us/articles/360040234451

3. Obtain a Refresh Token 

Use the getRefreshToken.js script to obtain a Salesforce Refresh Token for the Dropzone Connector to use. The script can be downloaded here: https://github.com/SendSafely/Code-Examples/tree/master/Obtain%20Salesforce%20Refresh%20Token

The script will require you to enter the following values obtained during the Connected App setup:

1. Salesforce Consumer Key
2. Salesforce Consumer Secret

Once the above items are provided, the script will produce a URL that you must copy/paste into your browser while authenticated to Salesforce. This URL will prompt you for permission to authorize the app to run.  

Once authorized, you will be redirected to a screen that says "Remote Access Application Authorization". In the URL you will see a value that says code=XXXX where XXXX is the Authorization Code. Please copy that value (excluding the code= portion of the value) and provide it to the script when prompted. 

Once the script verifies the Authorization Code, it will print the Refresh Token to the screen. The Refresh Token is a credential for Service Cloud. Make sure you do not store it unprotected or disclose it to anyone. 

Step 1: Deploy from ARM template to new resource group

Prior to beginning this setup you will need to contact support@sendsafely.com for instructions on how to obtain the CloudFormation template file, which is required for the setup.

From the Azure portal search bar, search for “deploy a custom template” and then select it from the available options.

Click “Build your own template in the editor”.

Then click “Load file” from the ribbon menu. 

After uploading the ARM template (which you received from your SendSafely Support representative), click “Save”.

On the “Custom Deployment” screen, select the Azure subscription to create the resource group under. Select “Create new” and enter a name for the new resource group, i.e. “salesforce-connector”.

There are a number of mandatory fields to populate:

• Azure Connector Owner: email address to receive connector errors.
• Salesforce Portal URL: must include PROTOCOL (i.e. https://)
• Sendsafely Validation Key: secret validation key for dropzone that is receiving submissions (do not confuse with dropzone ID)
• Salesforce Refresh Token: secret entry, which must be generated using
• Salesforce Email: email address of the Salesforce admin who has generated the Salesforce API key

There are also some optional fields, which can be configured now or post-deployment:

• Comment Submitter Matches Requester: When ticket is updated with a dropzone submission, and the submitter email MATCHES the original ticket requester email, the comment is either public or private.
• Comment Submitter Does Not Match Requester: If the submitter email does NOT match the original ticket requester email, a private comment is added to the ticket. You also have the option to disallow such submissions and email the dropzone connector owner.

Step 2: Review and deploy

Once you have entered the required information, click “Review and create”.

A validation step will run, and once it is complete, click “Create” to begin the deployment.

Once deployment is complete, move onto the next step.

Step 3: Configure Webhook URL in SendSafely

On the Deployment screen, click “Outputs” on the left-hand sidebar, to view the function URL that was output as part of the deployment process.

Copy the function URL to the clipboard.

Log in to your SendSafely portal as either the Dropzone owner or as a SendSafely Admin and navigate to the Dropzone profile. Under Notification Settings, select the "Use a Webhook for notifications" option and paste in the WebhookUrl. 

You should also make sure that the "Form Input Label" value is set to something intuitive like "Ticket ID". 

Step 4: Test the Connector (Final Step)

Once you complete the steps above, you should be able to browse to the Dropzone URL and update any valid ticket. If you have not already done so, we recommend that you create a Salesforce macro for inserting Dropzone links into your tickets (refer to the "Creating a Macro to Salesforce for Inserting the Dropzone Link" section of the Appendix below). 

Note: Updating Key Vault secrets

Access to Key Vault is achieved via Managed Identities and role-based access control. 

This means that you cannot, by default, manually edit secrets stored in Key Vault, via the Azure Portal, following the deployment steps above. 

If you need to edit secrets in Key Vault after deployment, you will first need to add yourself as as Key Vault Administer: 

• Go to Key Vault resource, and select Access Control (IAM) from sideblade
• Select Add  and "Role Assignment" - Select "Key Vault Administrator" and select "Next" 
• On the "Add role assignment" page, assign access to "User, group, or service principal" and click Select members
• Select your user account from the sideblade that opens.
• Then click 'Review + assign' to complete the process. 

Once the above steps are complete, you will now be able to manually edit secrets in Key Vault, by:

• Navigating to relevant Key Vault
• Selecting `Objects > Secrets` from the side-blade.