This topic provides an overview of Ironclad's Salesforce integration. This includes how to create a service Salesforce account and connect both your service and individual logins to Ironclad.
Note: This article is intended for users setting up the Ironclad Salesforce Integration for the first time or for those doing a fresh install of the Ironclad Managed Package.
- If you are looking for documentation on package versions 2.1 and below, refer to Salesforce Integration Overview (Legacy).
- If you want to upgrade from a version below 2.2 to a version above 2.16, refer to Upgrade the Ironclad Salesforce Integration.
- If you installed an early-access package (between version 2.4 and 2.12) and are now switching to the official release package (2.16+), refer to Upgrade Early Access Package to Official Release.
- Ironclad’s Salesforce Integration Features
- Account Requirements
- Salesforce Individual and Service Accounts
- Create a Salesforce Service Account
- Install the Ironclad Managed Package
- Connect Salesforce Logins to Ironclad
- Authentication Method
- Data Transfer Methodology
Ironclad’s Salesforce Integration Features
Ironclad's Salesforce Integration consists of three features:
1. Workflow Launch allows an Ironclad user to create a contract by filling Ironclad launch forms with data pulled from Salesforce, either to launch a workflow or update it if information in Salesforce changes. Workflow Launch can also be leveraged by building a button in Salesforce to redirect users to Ironclad with the launch form pre-filled. Workflow Launch can pull from standard or custom objects.
2. Workflow Sync provides visibility into the progress of a workflow in Ironclad directly in Salesforce using the Ironclad Workflow object. Workflow Sync requires the installation of the Ironclad Managed Package.
3. Record Sync pushes completed contracts from Ironclad (including the associated metadata and, if desired, the signed PDF) to a Contract object in Salesforce. If applicable, Record Sync can also update existing Salesforce objects, such as fields on an Opportunity, or create new Salesforce objects, such as a new Contact with the signer's name, title, and email.
Note: Version 2.1 and below of our Salesforce integration are fully compatible with both Salesforce Classic and Salesforce Lightning. Versions 2.4 and above are fully compatible with Salesforce Lightning and have limited feature availability with Salesforce Classic; we strongly recommend using Salesforce Lightning.
To integrate your Salesforce instance with Ironclad, you need the following:
- Administrator privileges in Ironclad. If you don't see Company Settings, you may not be an administrator. For admin privileges, contact a member of your legal team who is responsible for your Ironclad deployment.
- One of the following Salesforce editions:
- A Salesforce account to link to Ironclad
Salesforce Individual and Service Accounts
There are two types of Salesforce accounts: service accounts and individual user accounts. Both account types must be connected between Ironclad and Salesforce, but they serve different purposes. After you install the Ironclad Managed Package, you must connect these accounts to Ironclad.
Individual Salesforce Account
Individual users, such as Jane.Doe@yourcompany.com, are business users who log in to both Ironclad and Salesforce. Each user must connect their own Salesforce account to their Ironclad account to be able to use Workflow Launch. This means that Ironclad can respect the user’s Salesforce access permissions, such as only launch contracts for the Opportunity objects they are allowed to access. For example, Pull from Salesforce in a new Ironclad workflow launch form fails if the user does not have permission to see that Salesforce object’s data. You can manage connections to individual Salesforce accounts from the Personal Profile page in Ironclad.
Service Salesforce Account
Your service Salesforce account is connected to manage the overall Ironclad integration, especially for automated updates done by the integration, such as create/write to the Ironclad Workflow object for Workflow Sync and create/write/read/edit to the Ironclad Contract object for Record Sync. You can manage the connection to your service Salesforce account from the Company Settings page in Ironclad. This page is only visible to Ironclad admins.
Create a Salesforce Service Account
Before continuing with the Ironclad integration process, you must provision a new Salesforce user account. We highly recommend using a generic account, such as firstname.lastname@example.org, to create this Salesforce service account, instead of an individual named user license.
At the time of package installation, the service account must have System Administrator permissions in order to install the package. After the integration is set up, the service account does not need System Admin privileges in Salesforce; however it does need create/read/write/create permissions on all objects that are used by the integration, such as Account, Opportunity, Quote, Ironclad Contract, etc.
Make sure the service account has the following properties:
- API Enabled (found in User Profile > System Permissions)
- Field Level Security read/write and on any field mapped in Workflow Launch configuration, such as Counterparty Name Counterparty Signer Name, Counterparty Signer Email
- Record sharing to all qualifying Salesforce records used in the integration
- Download AppExchange Packages permission enabled (found in your Profile settings)
Install the Ironclad Managed Package
To avoid accidentally connecting to your personal Salesforce account, we recommend doing this in an incognito window in your browser. For more information, refer to salesforce's documentation.
- Log in to your service Salesforce account.
- Navigate to Ironclad’s AppExchange listing.
- We highly recommend that you Install for All Users to make sure that there are no permissions issues.
Connect Salesforce Logins to Ironclad
You must connect the service Salesforce account AND each individual Ironclad user to your company’s Salesforce instance from the Ironclad.
Link Service Salesforce Account
- To avoid accidentally connecting to your personal Salesforce account, we recommend doing this in an incognito window in your browser.
- Log into your Ironclad account. Click on your name located in the top right corner. Navigate to Company Settings > Integrations > Salesforce. If Salesforce says Disabled instead of Explore, email Support at email@example.com or contact your Customer Success Representative.
- Click Link Account.
- Log into your service Salesforce account. Click Allow.
Link Individual Ironclad Account to Salesforce
- Log into your Ironclad account. Click on your name located in the top right corner. Navigate to Company Settings > Integrations > Salesforce.
- Click Link Account.
- Log into your individual Salesforce account. Click Allow.
Ironclad uses OAuth authentication when integrating with Salesforce. The service account is used to connect the two instances and create/write/read/edit objects in Salesforce. An individual’s account is used to read from the objects they have access to in Salesforce. Because Ironclad authenticates with OAuth, you can revoke access from Ironclad whenever necessary.
Data Transfer Methodology
Ironclad sends data directly between servers via the Salesforce API, rather than having the browsers communicate across domains. The only data that is transferred across domains in the browser are Salesforce Object IDs. When you have an Ironclad launch button in Salesforce, it is a URL that contains the Salesforce Object ID (the launch target). Ironclad takes that Object ID and asks Salesforce for the relevant fields via the API using server-to-server communication.