For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Logo
DeveloperAcademyCommunityStatus
  • Service Management
    • Overview
    • Concierge & Ticketing Capabilities Overview
    • Forms
    • Forms - Integration Specific Guides
    • Live Agent Chat / Handoff
    • Triage
    • Approval Mirroring
    • Ticket Interception
    • Generic Ticketing Integration: Ticket Gateway
  • Administration
    • MyMoveworks
    • Organization Information
    • Roles and Permissions
    • MyMoveworks SSO
  • Moveworks Setup
    • Accessing Moveworks Setup
    • First-Time Login via Magic Link
    • Moveworks Setup Modules
    • Moveworks Setup: Module How To Guides
    • Plugin Management
    • Monitor Alerts
    • Audit Logs
    • DSL Fields Defaults
    • Data Crawling View
    • API Playground
    • Setup Homepage
    • Troubleshooting Hub
    • Security and Privacy Settings
    • Configuration Delete
    • Advanced Config Editor
    • Identity configuration
    • Onboarding Stage
  • Security
    • Security
    • Hyperlink & Button Expiry
    • Attachment Handling
    • Moveworks Subprocessors
  • Provision Management
    • Overview
    • Access Software
    • Access Groups
    • Access Account
  • Access Requirements
    • Overview
    • Update Set Modules
    • Ticketing Systems & ITSMs Access
      • ServiceNow Access Requirements
      • ServiceNow for HR Access Requirements
      • Jira Service Desk Permission (On-Prem) Access Requirements
      • Moveworks Jira Application (for Jira Cloud)
      • Jira Service Management (Cloud) - Access Requirements
      • Zendesk Access Requirements
      • Freshservice Access Requirements
      • Freshdesk Access Requirements
      • Salesforce Access Requirements
      • BMC Remedy/Helix Access Requirements
      • BMC Remedyforce Access Requirements
      • Cherwell Access Requirements
      • Ivanti Service Manager Access Requirements
      • ManageEngine (Cloud) Access Requirements
      • ManageEngine (On-Prem) Access Requirements
      • SolarWinds Samange Access Requirements
      • Sysaid Access Requirements
    • Identity and Access Management Systems Access
    • Multi-Factor Authentication (MFA) Systems Access
    • Knowledge Access Requirements
    • Email Distribution List Systems Access
    • Facilities Management Access
    • Live Agent Chat Access
    • HR Information System Access
    • Expense Management Access
    • Calendar Management Access
  • Core Platform
    • User Identity
    • Moveworks On-Prem Agent
    • Approvals Engine
    • Entity Catalog
    • Configuration Languages
    • Moveworks Data Objects
    • SIEM
  • Employee Experience Insights
    • Overview
    • Breaking Down the Dashboard
    • Understanding Industry Benchmarks
    • Apps & Services
    • Impact Module
    • EXI Common Use Cases
    • Configure EXI
    • Ticket Backpolling
  • Knowledge Studio
    • Overview
    • Knowledge Studio Configuration
    • AI Powered Recommendations
    • Inspecting & Verifying Sources
    • Publishing Articles
    • Creating Knowledge Articles
    • Resolving IT Tickets Guidance
DeveloperAcademyCommunityStatus
On this page
  • Why do we need access to your Service Cloud Instance ?
  • Access Requirements
  • Authentication
  • Setup Overview
  • Setting up JWT Bearer Flow (server-server)
  • Process Walkthrough
Access RequirementsTicketing Systems & ITSMs Access

Salesforce Access Requirements

||View as Markdown|
Was this page helpful?
Edit this page
Previous

BMC Remedy/Helix Access Requirements

Next
Built with

Why do we need access to your Service Cloud Instance ?

The client created in your Service Cloud instance will perform create, update operations on behalf of end users as well as notify end users on Case related updates.

The Moveworks Service interacts with your Salesforce platform so that the bot can:

  • Monitor tickets for autonomous resolution
  • Identify end users/employees
  • Create tickets for issues that require an agent’s attention
  • Reach out to an employee when a Salesforce ticket needs the employee’s attention (via ticket comments)
  • Load Salesforce Knowledge articles so the bot can serve them to employees

Access Requirements

The Moveworks Connected App and dedicated service account in Salesforce allows the Moveworks service to read and update tickets, read users, and KB articles.

Read only access is needed for the following objects in your Salesforce environment:

  • Contact
  • Knowledge__kav (if applicable)

Read/write access is needed for the following objects in your Salesforce environment:

  • Case
  • CaseComment

Authentication

This integration leverages a server-to-server integration using OAuth 2.0 JWT Bearer Flow. A private key/certificate pair will be created. The private key will be encrypted within the Moveworks backend, to sign the JWT claim generated by Moveworks. The certificate file will be uploaded to the Salesforce Connected App in order to file will be uploaded to Salesforce to validate the signed JWT assertions.

Setup Overview

After setup is complete, you will need the following information to create the connector in Moveworks Setup

  • Consumer Key
  • Consumer Secret
  • Service Account Email
  • Service Account Password
  • Service Account First name and Last name
  • Private Key (.key file)

Setting up JWT Bearer Flow (server-server)

Process Walkthrough

  1. Create an RSA x509 private key/certification pair
    openssl req -x509 -sha256 -nodes -days 36500 -newkey rsa:2048 -keyout salesforce.key -out salesforce.crt
    The private key (.key) will be used to sign the JWT claim generated by Moveworks. The certificate (.crt) will be uploaded to Salesforce to validate the signed JWT assertions.
  2. Create Connected App in Salesforce
    1. Under Setup > App Manager and click New Connected App
    2. Fill basic info: {Connected App Name: Moveworks_Server, API Name: Moveworks_Server, Contact Email: support@moveworks.ai}
    3. Select enable oAuth settings under API (Enable oAuth Settings) & add {Callback URL: https://login.salesforce.com/}
    4. Check Use digital signatures. Upload the salesforce.crt that was generated in step 1.
    5. Add oAuth scopes to: 
      1. api
      2. refresh_token, offline_access
    6. Click Save & Note down the Consumer Key and the Consumer Secret
    7. After saving, click Manage> Edit Policies
      1. In the OAuth policies section, change Permitted Users to Admin approved users are pre-authorized
      2. In the Session policies section, change Timeout Value to 24 hours
      3. Click Save
  3. Create a Permission Set to interact with the Connected App
    1. Navigate to Users > Permission Sets and click on New
    2. Add moveworks_connected_app as the Label & Api Names & click Save
    3. Now click on the moveworks_connected_app Permission Set and click Assigned Connected Apps
    4. Click Edit and add Moveworks_Server to list of Enabled Connected Apps & click Save
  4. Create New Service Account (if it doesn’t exist)
    1. Navigate to Users > Users and click on New User
    2. Enter the following information & click Save:
      1. Last Name: Moveworks
      2. Alias: moveworks
      3. Email, Username & Nickname: moveworks@{{customer-domain}}.com
      4. Setup role as Admin (or whatever the customer allows)
  5. Assign our service user the connected app
    1. Navigate to Users > Users & click on our service user account that was just created.
    2. Click on Permission Set Assignment and then Edit Assignments
    3. Now add moveworks_connected_app to list of Enabled Permission Sets & click Save
  6. Edit policies to set admin approved users to preauthorize
    1. Navigate to the connected app and click on Edit policies
    2. Set permitted users to Admin approved users are pre-authorized