Documentationbreadcrumb arrow Pluginsbreadcrumb arrow Salesforce data sourcebreadcrumb arrow Configure the Salesforce data source

Configure the Salesforce data source

This document explains configuration options for Salesforce data source in Grafana.

Before you begin

Before you can configure the Salesforce data source, ensure you have the following:

Connected App settings

Grafana supports two authentication methods with the Salesforce data source: Credentials or JWT.

The following must be set in the Connected App prior to configuring the Salesforce datasource.

Note

The Salesforce plugin currently uses the OAuth 2.0 Username-Password Flow. The required callback URL in the Connected App is not utilized, so you can set it to any valid URL.

Credentials-based Connected App settings

If you are using the Credentials authentication method, you must set the following:

  • Enable OAuth settings - Click to enable OAuth.
  • Callback URL - Required in Salesforce but not used by the Grafana Salesforce plugin. You can use any valid URL.
  • Selected OAuth Scopes (minimum requirements) - Select the following scope:
    • Access and manage your data (api)
  • Require Secret for Refresh Token Flow - Can be enabled or disabled.

JWT-based Connected App settings

If you use JWT authentication, you must set the following:

  • Enable OAuth settings - Click to enable OAuth.
  • Callback URL - Enter sfdc://oauth/jwt/success
  • Select Enable Use digital signatures and upload the digital certificate.
  • Selected OAuth Scopes (minimum requirements) - Select the following scopes:
    • Access and manage your data (api)
    • Perform requests on your behalf at any time
  • Require Secret for Refresh Token Flow - Can be enabled or disabled.

Add the Salesforce data source

For general information on installing and managing plugins and data sources in Grafana refer to the following documents:

To install the Salesforce data source plugin, refer to Grafana’s Salesforce installation page.

Note

You must install the Salesforce data source plugin prior to adding and configuring the Salesforce data source. The plugin connects you to the data source.

Once you have installed the Salesforce plugin, complete the following steps to add the Salesforce data source:

  1. Click Connections in the left-side menu.
  2. Enter Salesforce in the search bar.
  3. Select the Salesforce data source tile.
  4. Click Add new data source in the upper right.
  5. You are taken to the Settings tab where you will set up your Salesforce configuration.

Salesforce configuration options

Following is a list of configuration options for Salesforce.

The first option is to give the connection a name:

  • Name - The name for your data source. This is how you refer to the data source in queries and panels. Examples: Salesforce_Sales_Prod1, SF-Prod-East1.
  • Default - Toggle to select the default name in dashboard panels. This will set it as the default data source when you access a dashboard panel.

Connection settings

Grafana supports two authentication methods with the Salesforce data source: Credentials or JWT.

Credentials-based authentication

Following are configuration options for Credentials-based authentication:

  • User name - The user name for the Salesforce account used to connect to Salesforce. Examples: salesforce_admin@abccompany.com.
  • Password - The password used to connect to Salesforce.
  • Security token - Add the security token.
  • Consumer key - The consumer key used to connect to Salesforce. You obtain this from your Connected App.
  • Consumer secret - The consumer secret used to connect to Salesforce. You obtain this from your Connected App.

JWT-based authentication

Refer to Salesforce’s document Configure a Connected App to Issue JWT-Based Access Tokens to use JWT-based access tokens to authenticate to your Salesforce Connected App.

Add the following under Connected App Digital Signature:

Add the following under Connected App Credentials:

  • User name - - User name - The user name for the Salesforce account used to connect to Salesforce. Examples: salesforce_admin@abccompany.com.
  • Consumer key - The consumer key used to connect to Salesforce.

Optional settings

  • Environment - Click the drop-down to select your environment.

  • Private data source connect - Only for Grafana Cloud users. Private data source connect, or PDC, allows you to establish a private, secured connection between a Grafana Cloud instance, or stack, and data sources secured within a private network. Click the drop-down to locate the URL for PDC. For more information regarding Grafana PDC refer to Private data source connect (PDC).

Once you have added your connection settings, click Test to test the data source connection.

Configure the data source with provisioning

Configure the Salesforce data source using Grafana’s provisioning system by defining settings in YAML files. For details on the provisioning system and configuration options, refer to Provisioning Grafana.

The following example is for provisioning the Salesforce data source:

YAML 
apiVersion: 1
datasources:
  - name: Salesforce - user password authentication
    type: grafana-salesforce-datasource
    jsonData:
      authType: user
      user: user name
    secureJsonData:
      password: password
      securityToken: securityToken
      clientID: consumer key
      clientSecret: consumer secret
  - name: Salesforce - jwt authentication
    type: grafana-salesforce-datasource
    jsonData:
      authType: jwt
      user: user name
    secureJsonData:
      clientID: consumer key
      cert: |
        -----BEGIN CERTIFICATE-----
        xxxxxxxxxxxxxxxxxxxxxxxxxxx
        -----END CERTIFICATE-----
      privateKey: |
        -----BEGIN PRIVATE KEY-----
        xxxxxxxxxxxxxxxxxxxxxxxxxxx
        -----END PRIVATE KEY-----

To provision a sandbox environment, update the jsonData setting with the sandbox property:

YAML 
jsonData:
  sandbox: true

Configure the data source with Terraform

You can configure the Salesforce data source as code using the Grafana Terraform provider. This approach enables version-controlled, reproducible data source configurations across environments.

The following examples demonstrate configurations for Credentials-based and JWT-based authentication.

Credentials-based authentication

terraform 
terraform {
  required_providers {
    grafana = {
      source  = "grafana/grafana"
      version = "~> 3.0"
    }
  }
}

provider "grafana" {
  url  = var.grafana_url
  auth = var.grafana_auth
}

resource "grafana_data_source" "salesforce_credentials" {
  type = "grafana-salesforce-datasource"
  name = "Salesforce"

  json_data_encoded = jsonencode({
    authType = "user"
    user     = var.salesforce_username
  })

  secure_json_data_encoded = jsonencode({
    password      = var.salesforce_password
    securityToken = var.salesforce_security_token
    clientID      = var.salesforce_consumer_key
    clientSecret  = var.salesforce_consumer_secret
  })
}

JWT-based authentication

terraform 
resource "grafana_data_source" "salesforce_jwt" {
  type = "grafana-salesforce-datasource"
  name = "Salesforce JWT"

  json_data_encoded = jsonencode({
    authType = "jwt"
    user     = var.salesforce_username
  })

  secure_json_data_encoded = jsonencode({
    clientID   = var.salesforce_consumer_key
    cert       = var.salesforce_certificate
    privateKey = var.salesforce_private_key
  })
}

Sandbox environment

To configure a sandbox environment, add the sandbox property to json_data_encoded:

terraform 
resource "grafana_data_source" "salesforce_sandbox" {
  type = "grafana-salesforce-datasource"
  name = "Salesforce Sandbox"

  json_data_encoded = jsonencode({
    authType = "user"
    user     = var.salesforce_username
    sandbox  = true
  })

  secure_json_data_encoded = jsonencode({
    password      = var.salesforce_password
    securityToken = var.salesforce_security_token
    clientID      = var.salesforce_consumer_key
    clientSecret  = var.salesforce_consumer_secret
  })
}

For more information about the Grafana Terraform provider, refer to the Grafana provider documentation.