This article provides an overview of Ironclad's Salesforce integration. This includes how to create a service Salesforce account and connect both your service and individual logins to Ironclad.
Note: This article is intended for users setting up the Ironclad Salesforce Integration for the first time or for those doing a fresh install of the Ironclad Managed Package.
Ironclad's Salesforce Integration consists of three features:
1. Workflow Launch allows an Ironclad user to create a contract by filling Ironclad launch forms with data pulled from Salesforce, either to launch a workflow or update it if information in Salesforce changes. Workflow Launch can also be leveraged by building a button in Salesforce to redirect users to Ironclad with the launch form pre-filled. Workflow Launch can pull from standard or custom objects.
2. Workflow Sync provides visibility into the progress of a workflow in Ironclad directly in Salesforce using the Ironclad Workflow object. Workflow Sync requires the installation of the Ironclad Managed Package.
3. Record Sync pushes completed contracts from Ironclad (including the associated metadata and, if desired, the signed PDF) to a Contract object in Salesforce. If applicable, Record Sync can also update existing Salesforce objects, such as fields on an Opportunity, or create new Salesforce objects, such as a new Contact with the signer's name, title, and email.
Note: Version 2.1 and below of our Salesforce integration are fully compatible with both Salesforce Classic and Salesforce Lightning. Versions 2.4 and above are fully compatible with Salesforce Lightning and have limited feature availability with Salesforce Classic; we strongly recommend using Salesforce Lightning.
Salesforce Classic and Lightning Compatibility
Version 2.1 and below of our Salesforce integration are fully compatible with both Salesforce Classic and Salesforce Lightning.
Versions 2.4 and above are fully compatible with Salesforce Lightning and have limited feature availability with Salesforce Classic; we strongly recommend using Salesforce Lightning.
The following features are supported in Salesforce Lightning and have modified functionality in Salesforce Classic:
- Embedded Launch: In Salesforce Lightning, you can launch a workflow directly from Salesforce. In Salesforce Classic, a button will redirect you to a Launch Form in Ironclad. You will have to leave Salesforce to start a workflow.
- Approval: In Salesforce Lightning, you can complete approvals directly in Salesforce. In Salesforce Classic, the Ironclad Approval object is visible and the status can be pulled, but approvals cannot be completed in Salesforce. You must complete approvals in Ironclad instead.
- Messaging: In Salesforce Lightning, you can collaborate with others using the Activity Feed, comments, and emails all directly housed in Salesforce. In Salesforce Classic, all collaboration must be done in Ironclad.
- Preview/Upload Document: In Salesforce Lightning, you can preview and upload documents directly in Salesforce. In Salesforce Classic, you must complete your previews and uploads in Ironclad.
To integrate your Salesforce instance with Ironclad, you need the following:
- Administrator privileges in Ironclad. If you don't see Company Settings, you may not be an administrator. For admin privileges, contact a member of your legal team who is responsible for your Ironclad deployment.
- One of the following Salesforce editions:
- A Salesforce account to link to Ironclad
- An Ironclad Authorization Token to Salesforce
There are two types of Salesforce accounts: service accounts and individual user accounts. Both account types must be connected between Ironclad and Salesforce, but they serve different purposes. After you install the Ironclad Managed Package, you must connect these accounts to Ironclad.
Individual Salesforce Account
Individual users, such as Jane.Doe@yourcompany.com, are business users who log in to both Ironclad and Salesforce. Each user must connect their own Salesforce account to their Ironclad account to be able to use Workflow Launch. This means that Ironclad can respect the user’s Salesforce access permissions, such as only launch contracts for the Opportunity objects they are allowed to access. For example, Pull from Salesforce in a new Ironclad workflow launch form fails if the user does not have permission to see that Salesforce object’s data. You can manage connections to individual Salesforce accounts from the Personal Profile page in Ironclad.
Service Salesforce Account
Your service Salesforce account is connected to manage the overall Ironclad integration, especially for automated updates done by the integration, such as create/write to the Ironclad Workflow object for Workflow Sync and create/write/read/edit to the Ironclad Contract object for Record Sync. You can manage the connection to your service Salesforce account from the Company Settings page in Ironclad. This page is only visible to Ironclad admins.
Before continuing with the Ironclad integration process, you must provision a new Salesforce user account. We highly recommend using a generic account, such as email@example.com, to create this Salesforce service account, instead of an individual named user license.
At the time of package installation, the service account must have System Administrator permissions in order to install the package. After the integration is set up, the service account does not need System Admin privileges in Salesforce; however it does need create/read/write/delete permissions on all objects that are used by the integration, such as Account, Opportunity, Quote, Ironclad Contract, etc.
Make sure the service account has the following properties:
- API Enabled (found in User Profile > System Permissions)
- Field Level Security read/write and on any field mapped in Workflow Launch configuration, such as Counterparty Name Counterparty Signer Name, Counterparty Signer Email
- Record sharing to all qualifying Salesforce records used in the integration
- Download AppExchange Packages permission enabled (found in your Profile settings)
To avoid accidentally connecting to your personal Salesforce account, we recommend doing this in an incognito window in your browser. For more information, refer to salesforce's documentation.
- Log in to your service Salesforce account.
- Navigate to Ironclad’s AppExchange listing.
- We highly recommend that you Install for All Users to make sure that there are no permissions issues.
You must connect the service Salesforce account AND each individual Ironclad user to your company’s Salesforce instance from the Ironclad.
Link Service Salesforce Account
- To avoid accidentally connecting to your personal Salesforce account, we recommend doing this in an incognito window in your browser.
- Log into your Ironclad account. Click on your profile icon located in the top right corner. Navigate to Company Settings > Integrations > Salesforce. If Salesforce says Disabled instead of Explore, submit a request with our Support Team or contact your Customer Success Representative.
- Click Link Account.
- Log into your service Salesforce account. Click Allow.
Link Individual Ironclad Account to Salesforce
- Log into your Ironclad account. Click on your profile icon located in the top right corner. Navigate to Personal Profile > Connected App > Explore Salesforce.
- Click Link Account.
- Log into your individual Salesforce account. Click Allow.
Ironclad uses OAuth authentication when integrating with Salesforce. The service account is used to connect the two instances and create/write/read/edit objects in Salesforce. An individual’s account is used to read from the objects they have access to in Salesforce. Because Ironclad authenticates with OAuth, you can revoke access from Ironclad whenever necessary.
Ironclad sends data directly between servers via the Salesforce API, rather than having the browsers communicate across domains. The only data that is transferred across domains in the browser are Salesforce Object IDs. When you have an Ironclad launch button in Salesforce, it is a URL that contains the Salesforce Object ID (the launch target). Ironclad takes that Object ID and asks Salesforce for the relevant fields via the API using server-to-server communication.