Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The Salesforce CRM Microsoft 365 Copilot connector allows your organization to index contacts, opportunities, leads, cases, and accounts objects in your Salesforce instance. After you configure the connector and index content from Salesforce, users can search for those items from any Microsoft Search and Microsoft 365 Copilot client.
This article provides information about the configuration steps that Salesforce admins need to complete in order for your organization to deploy the Salesforce CRM connector.
For information about how to deploy the connector, see Deploy the Salesforce CRM connector.
Prerequisites
Before you configure the service, make sure you have:
- A Salesforce account with System Administrator privileges.
- API access enabled for the account.
- Permissions to create and manage connected apps in Salesforce.
- Access to the Microsoft 365 admin center.
Setup checklist
The following checklist lists the steps involved in configuring the environment and setting up the connector prerequisites.
| Task | Role |
|---|---|
| Identify Salesforce instance URL | Salesforce CRM admin |
| Enable API access | Salesforce CRM admin |
| Create connected app | Salesforce CRM admin |
| Configure refresh token policy | Salesforce CRM admin |
| Define identity mapping | Salesforce CRM admin |
| Determine data ingestion filters | Salesforce CRM admin |
Identify the Salesforce instance URL
To connect to your Salesforce instance, you need your organization's Salesforce instance URL.
- In Salesforce, go to Settings > Company Settings > My Domain > My Domain URL.
- The URL format is:
https://<your-organization>.my.salesforce.com. For example:https://contoso.my.salesforce.com
Enable API access
Make sure that the connector account has API access:
- Assign the System Administrator profile, or verify the following permissions for custom profiles:
- Administrative permissions:
- API Enabled
- View Setup and Configuration
- View Roles and Role Hierarchy
- View All Profiles
- View All Users
- Standard object permissions:
- Read and View All for Accounts, Cases, Contacts, Leads, and Opportunities.
- Administrative permissions:
Create a connected app
Set up a connected app for OAuth 2.0 authentication:
- Sign in to Salesforce and go to Setup > Apps > App Manager.
- Select New Connected App.
- In the API section:
- Enable OAuth settings.
- Set the Callback URL:
- For Microsoft 365 Enterprise:
https://gcs.office.com/v1.0/admin/oauth/callback - For Microsoft 365 Government:
https://gcsgcc.office.com/v1.0/admin/oauth/callback
- For Microsoft 365 Enterprise:
- Select required OAuth scopes:
- Access and manage your data (API)
- Perform requests on your behalf at any time (refresh_token, offline_access)
- Uncheck Require PKCE Extension.
- Check Require secret for web server flow.
- Save the app.
Get client ID and secret
- Go to Setup > Apps > App Manager.
- Select the connected app and select Manage Consumer Details.
- Copy the Consumer Key (client ID) and Consumer Secret (client secret).
Configure refresh token policy
To prevent token expiration:
- Go to Apps > App Manager.
- Select your app, and select Manage > Edit Policies.
- Set Refresh token policy to Refresh token is valid until revoked.
Define identity mapping
Your data source can include:
- Microsoft Entra identities (federated users). For more information, see Map Microsoft Entra identities and Configure Salesforce for Single sign-on in Microsoft Entra ID.
- Non-Microsoft Entra identities (native Salesforce users). For more information, see Map non-Microsoft Entra identities.
Determine data to ingest
You can filter indexed Salesforce content by:
- Modified time period: Index items created or modified within a selected rolling time frame.
- SOQL query: Use a WHERE clause to specify entities and conditions. Leave empty to index all content. For more information, see SOQL and SOSL Reference.