top of page

CRM Analytics Dataset Equivalence Post-Installation Instructions

 

We appreciate your interest in the CRM Analytics Dataset Equivalence app, and we hope it provides much value and improves development life for you and your team. Maximum effort was put forth to minimize your setup effort. However, there are still some steps we'll need to ask you to complete that are required by the Salesforce security infrastructure to ensure the safety of your organization's data. If you need any technical assistance, please contact Think North Group, and we'll be happy to help you. Here's what we'll do.

​

  1. Create the authorization protocol needed for you to access your own CRM Analytics data from within your Salesforce instance.

  2. Add the authorization protocol to the permission set and assign it to users. 

  3. Grant access to CRM Analytics assets by creating a Public Group of users. You could grant the users access individually, but using the Public Group should be easier to maintain. 

  4. Instruct each user to authenticate themselves with the authorization protocol created earlier. This ensures that users can only access the CRM Analytics datasets they already have access to through CRM Analytics.

 

Row-level security is also enforced, and access to all rows is needed to check for full equivalence between datasets. Most users are expected to be CRM Analytics Developers, Admins, and Upper Management, who usually already have access to all rows in the datasets they're working with, so this shouldn't cause a change from normal most of the time. But please ensure that users have access to all rows in the datasets they're checking for equivalence.

 

  1. Create Authorization Protocol

    1. Find the URL for Your Org

      1. In Setup, enter "My Domain" in the "Quick Find" box and select "My Domain".

      2. In the "My Domain Details" section, find the "Current My Domain URL", copy the URL, and paste it somewhere temporarily.

    2. Create a Connected App

      1. In Setup, type "App Manager" in the "Quick Find" box and select "App Manager".

      2. Click "New Connected App".

      3. In the "Connected App Name" field, enter "Dataset Equivalence Checker Authorization".

      4. In the API Name field, enter "DatasetEquivalenceCheckerAuthorization".

      5. In the "Contact Email" field, enter the email address of the person who should be notified of any authorization issues. An authorization code that we'll need will be sent to this email address in a later step.

      6. Select the checkbox labeled "Enable OAuth Settings".

      7. In the "Callback URL" field, enter "https://" followed by the URL you copied earlier followed by "/services/authcallback/DatasetEquivalenceCheckerAuth". For example, if your current my domain URL is "orgdomain.my.salesforce.com", enter "https://orgdomain.my.salesforce.com/services/authcallback/DatasetEquivalenceCheckerAuth".

      8. In the "Select OAuth Scopes section, select each of the following scopes and click "Add" for each one, "Access Analytics REST API resources (wave_api)", "Perform requests at any time (refresh_token, offline_access)", and "Manage user data via APIs (api)" (This last permission is only used to authenticate your users once each to allow them to use the connection. User data is not modified during app use).

      9. Ensure the following checkboxes are selected, "Require Secret for Web Server Flow", "Require Secret for Refresh Token Flow", "Enable Client Credentials Flow" (and click "OK" when prompted), and "Enable Authorization Code and Credentials Flow".

      10. Click "Save".

      11. Click "Continue".

      12. The page for the new Connected App should show. In the "API (Enable OAuth Settings)" section, select the button labeled "Manage Consumer Details".

      13. Enter the verification code that's sent to the email address you entered earlier for notifications. 

      14. Copy and paste the "Consumer Key" and Consumer Secret" temporarily for use in a later step.

      15. Click "Cancel".

      16. Click "Switch to Lightning Experience" and navigate back to Setup.

    3. Create Auth. Provider

      1. In Setup, type "Auth. Providers" in the "Quick Find" box and select "Auth. Providers".

      2. Click "New".

      3. In the "Provider Type" picklist, select "Salesforce".

      4. In the "Name" field, enter "Dataset Equivalence Checker Auth".

      5. In the URL Suffix field, enter "DatasetEquivalenceCheckerAuth".

      6. In the "Consumer Key" field, enter the consumer key you copied earlier.

      7. In the "Consumer Secret" field, enter the consumer secret you copied earlier.

      8. Click "Save".

    4. Create Named and External Credentials

      1. In Setup, enter "Named Credentials" in the "Quick Find" box and select "Named Credentials".

      2. Select "External Credentials".

      3. Click "New".

      4. In the "Label" field, enter "Dataset Equivalence Checker Auth Ext".

      5. In the "Name" field, enter "DatasetEquivalenceCheckerAuthExt".

      6. In the "Authentication Protocol" picklist, select "OAuth 2.0".

      7. In the "Authentication Flow Type" field, ensure that "Browser Flow" is selected.

      8. In the "Scope" field, enter "api wave_api refresh_token".

      9. In the "Authentication Provider" field, select "Dataset Equivalence Checker Auth".

      10. Click "Save".

      11. The new External Credential page should show. In the "Principals" section, click "New".

      12. In the "Parameter Name" section, enter "TNG__DatasetEquivalenceCheckerUser".

      13. In the Identity Type picklist, select "Per User Principal".

      14. Keep the rest as defaults and click "Save".

      15. Navigate back to the "Named Credentials" screen by clicking "Named Credentials".

      16. Select "Named Credentials".

      17. Click "New".

      18. In the "Label" field, enter "Dataset Equivalence Checker Auth".

      19. In the "Name" field, enter "DatasetEquivalenceCheckerAuth".

      20. In the URL field, enter "https://" followed by the My Domain URL you copied earlier. For example, if your current My Domain URL is "orgdomain.my.salesforce.com", enter "https://orgdomain.my.salesforce.com".

      21. Ensure the "Enabled for Callouts" button is selected.

      22. In the "Authentication" section, in the "External Credential" picklist, select "Dataset Equivalence Checker Auth Ext".

      23. In the "Callout Options" section, ensure the following checkboxes are selected, "Generate Authorization Header", "Allow Formulas in HTTP Header", and "Allow Formulas in HTTP Body".

      24. In the "Managed Package Access" section, in the "Allowed Namespaces for Callouts" field, enter "TNG".

      25. Click "Save".

  2. Add Authentication Protocol Components to Permission Set & Assign It to Users

    1. Add Authorization Protocol to Permission Set

      1. In Setup, enter "Permission Sets" in the "Quick Find" box and select "Permission Sets".

      2. Next to the "Dataset Equivalence Checker User Permission Set" permission set, click "Clone".

      3. In the "Label" field, enter "Dataset Equivalence Checker User".

      4. In the "API Name" field, enter "DatasetEquivalenceCheckerUser".

      5. Select the "Dataset Equivalence Checker User" permission set.

      6. In the "Apps" section, select "Assigned Connected Apps".

      7. Click "Edit".

      8. In the "Installed Connected Apps" section, select "Dataset Equivalence Checker Authorization" and click "Add".

      9. Click "Save".

      10. Next to "Assigned Connected Apps", in the drop-down menu, select "External Credential Principal Access".

      11. In the "Available External Credential Principals" section, select "DatasetEquivalenceCheckerAuthExt - TNG__DatasetEquivalenceCheckerUser" and click "Add".

      12. Click "Save".

    2. Assign Permission Sets to Users

      1. In Setup, enter "Permission Sets" in the "Quick Find" box and select "Permission Sets".

      2. Select the "Dataset Equivalence Checker User" permission set.

      3. Click "Manage Assignments".

      4. Click "Add Assignments" 

      5. Select the users to assign the permission set to.

      6. Click "Next".

      7. Optionally, set an expiration date.

      8. Click "Assign".

      9. Click "Done". 

  3. Grant access to CRM Analytics Assets

    1. Create a Public Group (Optional but Recommended)

      1. In Setup, type "Public Groups" in the "Quick Find" and select "Public Groups".

      2. Click "New"

      3. In the "Label" field, enter "Dataset Equivalence Checker Users".

      4. In the "Group Name" field, enter "DatasetEquivalenceCheckerUsers".

      5. In the "Search" picklist, select "Users".

      6. Add any users from the "Available Members" list and click "Add" for each of them.

      7. Click "Save".

    2. Grant Access to CRM Analytics Dashboards used in the app.

      1. Click the App Launcher and select "Analytics Studio".

      2. In the search box, enter "Dataset Equivalence Checker" and select the app named "Dataset Equivalence Checker".

      3. Click the share icon. 

        1. If you created a Public Group:

          1. In the bottom-left picklist, select "Group".

          2. In the search box, enter "Dataset Equivalence Checker Users" and select the Public Group called "Dataset Equivalence Checker Users".

          3. Ensure the "Viewer" level of access is selected. (No higher level of access should ever be granted.)

          4. Click "Add".

        2. If you did not create a Public Group:

          1. In the bottom-left picklist, select "User"

          2. For each user, type their name, select them, ensure the "Viewer" level of access is selected (no higher level of access should ever be granted), and click "Add".

      4. Click "Save" and exit the window.

  4. Instructions for each user to authenticate the authorization method. They only need to do this once.

    1. Click your Avatar icon in the top-right corner of the Salesforce page and click "Settings".

    2. In the left sidebar, click "External Credentials".

    3. In the "Dataset Equivalence Checker Auth" tile, click "Allow Access".

    4. Enter your Salesforce login credentials.

    5. Click "Allow".

 

Each user can now access the app from the app launcher.

 

Enjoy!

bottom of page