Prerequisites
Salesforce org and API access
- A Salesforce org (Production or Sandbox) with API access (for example, Enterprise Edition or another edition with the API add‑on enabled).
- Admin access in Salesforce to create and configure an integration user and any required Connected App or OAuth policies (if your org enforces API access control).
Integration user (service account)
Glean strongly recommends a dedicated integration user that is not tied to a specific employee account so that connector access is stable over time. The following Profiles are supported:- System Administrator profile: Integration user has the System Administrator profile (or a similar full‑admin profile) with read access to the objects you intend to index and access to required metadata APIs.
- Custom non‑admininstrator profile: Integration user has a custom profile and/or permission set with a defined minimum set of Administrative Permissions and Object Permissions. This approach requires more configuration and careful testing but can reduce blast radius if the account is compromised.
Required Salesforce permissions (high‑level)
The exact list of permissions depends on which objects and features you index, but typical requirements include:- Administrative permissions such as:
- API Enabled
- View Setup and Configuration
- View Roles and Role Hierarchy
- View All Users
- View All Profiles
- View Data Categories in Setup (for Knowledge)
- View All Data (often required to read share records comprehensively)
- Query All Files (for Salesforce Files indexing)
- Chatter Internal User (for Chatter indexing)
- Standard object permissions (Read and usually View All) for core objects you plan to index (e.g., Account, Case, Contact, Lead, Opportunity, Task, Knowledge article types).
-
Allow the Glean connected app under
- Use Any API Client, or
- Approve Uninstalled Connected Apps (depending on your org’s policy).
Add the administrative permissions
To add the permissions, do the following:- Login to Salesforce. Navigate to Setup on the top right. On the left hand side, under Administration (Administer for Salesforce Classic), go to Users (Manage Users for Salesforce Classic) and then Profiles.
- Select an existing Profile that will be used for the integration and hit Edit, or create a New Profile.
-
Under Custom App Settings, if you plan on indexing the following objects, ensure that the following settings are checked.
Content Permission setting Discussion Forums Community (Standard__Community): Visible Discussion Forums and Chatter Salesforce Chatter (Standard__Chatter): Visible -
Under Administrative Permissions, ensure that the following permissions are checked (any unset permission may lead to integration issues):
Permission setting Objective API Enabled Allows access to Salesforce API to ingest data View Roles and Role Hierarchy Captures document permissions for any object (users, permission sets, etc.) with an associated Role View Setup and Configuration Captures organization-level document permissioning View Data Categories in Setup Captures organization and access control in Salesforce Knowledge and Discussion Forums (Chatter) View All Profiles Captures document permissions for any object (users, permission sets, etc.) with associated Profiles View All Users Captures users to understand document permissions for each individual View Reports in Public Folders Captures public access reports View Dashboards in Public Folders Captures public access dashboards Chatter Internal User Captures discussion forums, chatter, and other feed-related items View All Data Allows the ability to directly query for all tasks and feed-related items
- Use Any API Client permission: If API Access Control is enabled.
- Approve Uninstalled Connected Apps: If API Access Control is not enabled.
- Under General User Permissions, ensure that:
- Access Activities is checked. This is required to crawl tasks within Salesforce instance.
- Allow View Knowledge is checked. This is used to crawl all supported knowledge bases within the Salesforce instance.
- Under Standard Object Permissions, ensure that we have both Read and View All permissions to the following objects:
- Accounts
- Campaigns
- Cases
- Contacts
- Leads
- Opportunities
- Save the Profile. Finally, back on the left hand side, select Users, and create a new user with the associated Profile from the previous steps. Ensure that Knowledge User and Service Cloud User are both checked before hitting Save.
- You are now ready to authorize access on the main page with the newly created user.
Network and security prerequisites
Glean connects to Salesforce via HTTPS over the public internet; in environments with outbound network restrictions, ensure that your network allows outbound traffic from your Glean egress IPs to Salesforce endpoints (e.g.,https://*.salesforce.com).
Glean permissions
To configure the Salesforce connector, you must be a Glean org admin (or hold an equivalent role authorized to manage data sources and actions in the Glean Admin console).Set up the Salesforce connector
This section describes the recommended setup path. It assumes you have already identified or created your integration user in Salesforce.Step 1: Create or select the Salesforce integration user
- In Salesforce, go to Setup → Users → Users and create a new user (or select an existing dedicated integration user).
- Assign the System Administrator profile, or a Custom non‑admininstrator profile that meets the Required Salesforce permissions listed above.
- Verify that:
- The user can log in successfully.
- The user can access representative records for each object you plan to index (e.g., Accounts, Cases, Knowledge articles) via the Salesforce UI or SOQL queries.
Step 2: Configure Connected App / OAuth policies (if required)
If your org uses API Access Control or requires explicit approval of connected apps, you may need to configure the Glean app or a Salesforce connected app so that the integration user can authorize Glean:- Confirm whether your org allows “uninstalled connected apps” or requires installing an AppExchange app for Glean.
- Ensure the integration user is allowed to authorize the app and that any IP restrictions or MFA rules are compatible with connector usage.
Step 3: Add Salesforce as a data source in Glean Admin
- In Glean, go to Admin → Data sources and select Add data source.
- Choose Salesforce from the list of native connectors.
- Configure the connection:
- Name – a descriptive name, e.g.,
Salesforce – Production. - Icon – optional icon to represent Salesforce results.
- Custom login domain – if you use a My Domain or sandbox (e.g.,
myorg--sandbox.my.salesforce.com), enable and provide the domain if prompted.
- Name – a descriptive name, e.g.,
- Click Authorize and sign in as the integration user in the Salesforce login window. Approve requested scopes when prompted.
- After successful authorization, save the data source. You can start a crawl immediately or return later to configure objects before starting the initial sync.
Step 4: Choose your initial object scope
After authorization, go to the Objects (or Setup → Objects) tab for the Salesforce data source in Glean Admin.
- Accounts
- Contacts
- Opportunities
- Cases
- Knowledge
Step 5: Start the initial crawl
- From the Salesforce data source page, click Crawl now (or equivalent action) to begin the initial full crawl.
- Monitor crawl status and progress:
- The data source should move from Activating to Active after a successful initial crawl.
- Object‑level progress and document counts are visible in the Admin UI for the connector.
- For large orgs, the initial crawl may take hours or longer, depending on the number of objects, records, and fields, and on your Salesforce API limits.
Step 6: Validate results
After the first crawl completes:- Functional checks
- Search in Glean for a known Account name, Case number, or Opportunity to confirm those records appear as Salesforce results.
- Verify that key fields (title, owner, status) look correct in result snippets.
- Permission checks
- Using two test users with different Salesforce access, verify that:
- The user who can see a record in Salesforce also sees it in Glean.
- A user who cannot see a private opportunity or case in Salesforce does not see it in Glean.
- Using two test users with different Salesforce access, verify that:
- Files and Knowledge
- If you have enabled file indexing, confirm that representative files appear and that their content is searchable (subject to file‑type and size limits).
- For Knowledge, verify that published (and optionally draft) articles appear as expected.
Configure object coverage and fields
Adding and configuring standard and custom objects
In the Objects tab of the Salesforce data source, you can:- Enable or disable standard objects such as Account, Opportunity, Case, Knowledge, etc.
- Add additional standard or custom objects by entering their object API names and configuring field mappings for each.
- Title field – field used as the document title (e.g.,
Name). - Owner - for example,
OwnerId.
Custom properties, facets, and filters
You can declare additional fields as:- Indexable – their contents are full‑text searchable in Glean.
- Facets/filters – exposed as filterable properties in Glean Search.
emailpicklistmultipickliststringbooleancombobox
Inclusion and exclusion rules
Glean supports inclusion (green‑listing) and exclusion (red‑listing) at multiple levels:- Object‑level inclusion – choose which objects to index (e.g., index Accounts and Cases but not certain HR‑related custom objects).
- Record‑level filters – for some objects, you can apply conditions (e.g., only open Cases or certain record types), using fields that are eligible as filters.
- Field‑level exclusion – highly sensitive fields can be excluded/red‑listed so they are never indexed, even if records are indexed; this is an important mitigation given the lack of FLS enforcement at query time.