Access RequirementsLive Agent Chat Access

Salesforce Access Requirements

View as Markdown

As Moveworks has integrated with Salesforce Enhanced Messaging (Messaging for In-App and Web), we would need the following details to connect our services with your Salesforce instance for enabling Agent<>User conversations within your Moveworks Assistant.

The fields described on this page are part of the Salesforce built-in connector and are only required if you want to set up the Live Agent handoff flow. If you are using the Salesforce connector solely for ticketing or user ingestion, these fields are not needed.

Overview

Moveworks authenticates to Salesforce Messaging using a signed JWT (RS256) that is exchanged for an access token. That access token is then used for all Messaging API calls and to open the real-time Server-Sent Events (SSE) stream that delivers agent replies and conversation updates.

To enable this, you will need to:

  1. Set up a Messaging for In-App and Web (Embedded Service) deployment of type API.
  2. Configure User Verification (Messaging Identity) with a public key, and provide Moveworks the matching private key.
  3. Define the routing attributes Salesforce will use to route chats to the correct queue.
  4. Provide the resulting values to configure the Salesforce built-in connector in Moveworks Setup.

1. Salesforce Setup

Embedded Service (Messaging) deployment

Create a Messaging for In-App and Web deployment of type API in your Salesforce org. This produces:

  • The Embedded Service Developer Name (esDeveloperName) — the Developer Name of your messaging deployment.
  • A messaging channel bound to the deployment.

User Verification (Messaging Identity)

Configure User Verification for the messaging deployment with a public key (JWK). This is how Salesforce validates the JWT that Moveworks signs. From this configuration you will obtain:

  • The Key ID — the identifier of the public key configured in Salesforce. This is sent in the kid claim of the JWT.
  • The Issuer — the issuer value configured for the messaging identity. This is sent in the iss claim of the JWT.

Generate an RSA key pair: register the public key in Salesforce against the Key ID above, and share the corresponding private key with Moveworks (it is used to sign the JWT).

Routing attributes & Omni-Channel

Define the routing attribute field names (for example, a user identifier and an issue topic) and configure your Omni-Channel queues and routing rules to route chats based on these attributes. Agents must be Omni-Channel enabled and set to Available for Chats to receive requests.

2. Configure the Connector in Moveworks Setup

Within Moveworks Setup, go to Core Platform > Connectors > Built-in Connectors, select the Salesforce connector, and provide the following Live Agent fields:

  • Org ID — your Salesforce Org ID (starts with 00D).
  • Private Key — the RSA private key used to sign the JWT. It must correspond to the public key configured in Salesforce. (Upload as a file under 10 KB.)
  • Embedded Service Developer Name — the esDeveloperName of your Messaging deployment.
  • Key ID — the identifier of the public key configured in Salesforce, sent in the kid claim.
  • Issuer — the issuer value configured for the messaging identity, sent in the iss claim.

3. Share additional required details

Share the following with your Moveworks Implementation / Customer Success team so we can finalize the configuration:

  1. The routing attribute field names (for example, the user identifier and issue topic field names) and the list of topics to present to users.
  2. The queue / routing rules that should handle the Live Agent requests.

Once these are in place, your Salesforce connector is ready to be configured for the Live Agent handoff flow. See Live Agent - Salesforce for the end-user experience.