Skip to Content
🎉 Scout Docs 2.0 is here!
IntegrationsSalesforce

Salesforce Integration

Connect Scout to Salesforce CRM for data access and automation. Supports OAuth and JWT Bearer Flow for different use cases.

Overview

Scout’s Salesforce integration allows you to interact with your Salesforce CRM directly from Scout, enabling automated data access, SOQL queries, and record management across both Production and Sandbox environments.

Connection Methods

Choose the method that best fits your needs:

MethodBest For
Quick ConnectQuick testing, users without admin access, standard use cases
Custom OAuth AppEnterprise deployments, custom security requirements
JWT Bearer FlowServer-to-server integrations, automated workflows, acting on behalf of specific users

The fastest way to connect — no Salesforce configuration needed.

Step 1: Navigate to Integrations

  1. Go to studio.scoutos.com/integrations 
  2. Find and click the Salesforce integration card

Salesforce integration card

Step 2: Connect with OAuth

  1. Click Connect with OAuth
  2. Select your environment:
    • Production — For live Salesforce instance (login.salesforce.com)
    • Sandbox — For test/development instance (test.salesforce.com)

Step 3: Authorize in Salesforce

  1. Sign in to your Salesforce account (if needed)
  2. Review the requested permissions
  3. Click Allow to grant Scout access
  4. You’ll be redirected back to Scout

Step 4: Verify Connection

Your Salesforce workspace should now appear as connected with:

  • Green status indicator
  • Environment type (Production or Sandbox)
  • Connection date

Custom OAuth App Setup

For enterprise deployments requiring custom credentials.

Prerequisites

Required Salesforce Editions:

  • Available in: Group, Essentials, Professional, Enterprise, Performance, Unlimited, and Developer Editions
  • Works in both Salesforce Classic and Lightning Experience

User Permissions Required: To create a Connected App, you need one of the following:

  • Customize Application AND Modify All Data, OR
  • Customize Application AND Manage Connected Apps

If you don’t have these permissions, contact your Salesforce administrator. You can also sign up for a free Salesforce Developer Edition  which gives you full admin access.

Step 1: Enable Connected App Creation

Before creating your first Connected App, ensure this setting is enabled:

  1. From Setup, enter External Client Apps in Quick Find
  2. Select External Client App Settings
  3. Turn on Allow creation of connected apps

This step is only needed once per Salesforce org. If you’ve created Connected Apps before, this is already enabled.

Step 2: Create Connected App in Salesforce

  1. Log in to Salesforce and click the gear iconSetup
  2. In Quick Find, search for App Manager
  3. Click New Connected App

Step 3: Configure Basic Information

Required Fields:

  • Connected App Name: Scout CRM Integration (or your preferred name)
  • API Name: Auto-populated from the name
  • Contact Email: Your email address

Optional Fields:

  • Logo Image URL: HTTPS URL to your logo
  • Info URL: Web page with more information about your app
  • Description: Up to 256 characters

Step 4: Enable OAuth Settings

  1. Check Enable OAuth Settings

  2. Set Callback URL: https://studio.scoutos.com/oauth/salesforce/success

  3. Add Selected OAuth Scopes:

    • Full access (full)
    • Access the identity URL service (id, profile, email, address, phone)
    • Manage user data via APIs (api)
    • Manage user data via Web browsers (web)
    • Perform requests at any time (refresh_token, offline_access)

  4. Configure Flow Enablement:

    • Check Enable Client Credentials Flow
    • Check Enable Authorization Code and Credentials Flow

  5. Configure Security Settings:

    • Check Require Secret for Web Server Flow
    • Check Require Secret for Refresh Token Flow
    • Check Require Proof Key for Code Exchange (PKCE) extension

  6. Click Save then Continue

Step 5: Copy Credentials

  1. From the Connected App detail page, copy your Consumer Key (Client ID)
  2. Click Click to reveal and copy your Consumer Secret (Client Secret)
  3. Keep these credentials secure

Step 6: Connect to Scout

  1. Navigate to studio.scoutos.com/integrations 
  2. Click the Salesforce card
  3. Click Add Workspace
  4. Check Use custom Salesforce Connected App credentials
  5. Select your environment (Production or Sandbox)
  6. Enter your Client ID and Client Secret
  7. Click Connect with OAuth

Custom OAuth configuration

JWT Bearer Flow Setup (User-Scoped)

For server-to-server integrations using certificate-based authentication. This method allows Scout to authenticate as a specific Salesforce user without interactive login.

Why Use JWT Bearer Flow?

  • No user interaction required — Authentication happens automatically using certificates
  • User-scoped access — Act on behalf of specific Salesforce users with their permissions
  • Enhanced security — Uses cryptographic signing instead of storing user passwords
  • Ideal for automation — Perfect for scheduled jobs and background processes

Prerequisites

Before configuring JWT in Scout, you must complete these steps in Salesforce:

JWT Bearer Flow requires more setup than OAuth, but provides stronger security for automated integrations. Ensure you have Salesforce administrator access before proceeding.

Step 1: Create a Private Key and Self-Signed Certificate

Generate a private key and certificate pair using OpenSSL:

# Generate a private key
openssl genrsa -out server.key 2048
 
# Create a certificate signing request
openssl req -new -key server.key -out server.csr
 
# Generate a self-signed certificate (valid for 365 days)
openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt

Keep server.key secure — you’ll need it for Scout configuration.

Step 2: Create an External Client App with Digital Signatures

  1. In Salesforce Setup, enter App Manager in the Quick Find box

  2. Click New External Client App

  3. Fill in Basic Information:

    • Name: Scout JWT Integration
    • API Name: Auto-populated (e.g., Scout_JWT_Integration)
    • Contact Email: Your email address
    • Distribution State: Local
    • Description: (Optional) Scout integration using JWT Bearer Flow

  4. Expand API (Enable OAuth Settings) and configure:

    • Toggle Enable OAuth on
    • Set Callback URL: Any HTTPS URL (not used for JWT)
    • Add OAuth Scopes:
      • Manage user data via APIs (api)
      • Perform requests at any time (refresh_token, offline_access)
    • Under Flow Enablement check Enable JWT Bearer Flow
    • Upload your server.crt certificate file

  5. Click Create

JWT External Client App setup

Step 3: Pre-authorize Users for the External Client App

JWT Bearer Flow requires users to be pre-authorized:

  1. From Setup, enter External Client App Manager in Quick Find
  2. Find your app (Scout JWT Integration) and click on it
  3. Navigate to the Policies tab and click Edit
  4. Under OAuth Policies:
    • Set Permitted Users to “Admin approved users are pre-authorized”
    • Set IP Relaxation to “Relax IP restrictions”
  5. Under App Policies:
    • Use Select Profiles and/or Select Permission Sets to add the profiles/permission sets for users who will be authenticated via JWT
  6. Click Save

JWT pre-authorization settings

Warning: Only pre-authorized users can authenticate via JWT. If a user isn’t in an approved profile or permission set, authentication will fail.

Step 4: Get Your Consumer Key

  1. From External Client App Manager, find your app
  2. Click on the app name to view details
  3. Navigate to the OAuth Settings tab
  4. Copy the Consumer Key (you’ll need this for Scout)

Step 5: Connect in Scout

  1. Go to studio.scoutos.com/integrations 
  2. Find and click the Salesforce (User Scoped) integration card
  3. Click Add Workspace
  4. You’ll see a prerequisites checklist — ensure all items are complete
  5. Enter your credentials:
    • Client ID / Consumer Key — Paste the Consumer Key from your Salesforce External Client App
    • JWT Private Key (PEM format) — Paste the contents of your server.key file (must include -----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY----- headers)
    • Environment — Select Sandbox or Production
  6. Click Create Connection
  7. Verify your workspace appears as connected with a green status indicator

JWT connection in Scout

JWT Troubleshooting

IssueSolution
”Invalid JWT token”Verify the private key matches the certificate uploaded to Salesforce; Ensure the private key is in PEM format with correct headers
”User not pre-authorized”Add the user’s profile or permission set to the External Client App’s approved list
”Certificate expired”Generate a new certificate and private key; Upload new certificate to Salesforce; Update private key in Scout
”Invalid client identifier”Verify you’re using the correct Consumer Key; Ensure the External Client App is active

JWT Security Best Practices

  • Protect your private key — Never share or expose your private key
  • Rotate certificates periodically — Generate new certificates before expiration (typically annually)
  • Use minimal permissions — Only pre-authorize users/profiles that need JWT access
  • Separate by environment — Use different External Client Apps for Sandbox and Production
  • Monitor usage — Review External Client App usage logs in Salesforce Setup

Verify the Connection

Test your Salesforce integration with an AI agent:

  1. Navigate to any agent’s settings
  2. Go to the Tools tab
  3. Toggle Salesforce to enable it

Test with queries:

  • “List the last 5 accounts from Salesforce”
  • “Search for contacts with email containing ‘@example.com’”
  • “Get details for opportunity with ID 006XXXXXXXXXXXXXXX”

Available Capabilities

The Salesforce integration provides comprehensive CRM access:

Data Querying

  • Execute custom SOQL queries
  • SOSL search across multiple objects
  • List available Salesforce objects
  • Get object field metadata

Record Management

  • Get specific records by ID
  • Create new records in any object
  • Update existing record fields
  • Delete records from Salesforce

Advanced Operations

  • Direct REST API calls to any endpoint
  • Bulk operations for large data sets
  • Relationship queries across objects

Troubleshooting

IssueSolution
”You don’t have permission to create Connected Apps”Contact your Salesforce administrator or sign up for a free Developer Edition 
”Invalid client credentials”Verify you copied both Consumer Key and Consumer Secret correctly
”Redirect URI mismatch”Ensure Callback URL is exactly: https://studio.scoutos.com/oauth/salesforce/success
”User hasn’t approved this app”Sign in to Salesforce with an authorized user; Check if Connected App is approved for the user profile
”Authentication failure”Verify you selected the correct environment (Production vs Sandbox)
“Token expired”Navigate to Salesforce integration in Scout and click Reconnect
”Insufficient privileges”Ensure the authorizing user has appropriate permissions; Check object-level and field-level security
”API limit exceeded”Monitor API usage in Salesforce Setup → System Overview; Implement query optimization

Next Steps

Built with ❤️ by Scout OS

Last updated on
CRM (Salesforce and HubSpot)HubSpot