Connect Salesforce to Rig

    Sync your Salesforce accounts, contacts, leads, opportunities, cases and users into Rig, so your AI tools can answer pipeline and revenue questions against live CRM data. Salesforce connects server-to-server using the OAuth 2.0 Client Credentials flow, so it keeps working without per-user logins or staff turnover breaking it.

    Before you start

    • You need Salesforce admin access to create the app.
    • Ideally use a dedicated integration user, preferably one with the API Only User permission, with read access to the objects you want Rig to see. The integration runs as that user, so its permissions are exactly what Rig can read.
    • By the end you'll have three values to paste into Rig: an Instance URL, a Consumer Key and a Consumer Secret.

    Step 1: Create an app with the Client Credentials flow

    Connected Apps vs External Client Apps
    Salesforce restricted creating new Connected Apps in Spring '26. New orgs create an External Client App instead. The end result is identical: a Consumer Key and Secret you paste into Rig. Use whichever path your org offers.

    External Client App (recommended)

    1. In Salesforce, go to Setup, type External in Quick Find, and open External Client App Manager. Click New External Client App.
    2. Enter a name (e.g. "Rig"), an API name, and a contact email.
    3. Under API (Enable OAuth Settings), select Enable OAuth.
    4. Callback URL: the Client Credentials flow never uses a redirect, but the field is required. Enter any valid HTTPS URL, e.g. https://login.salesforce.com/services/oauth2/callback.
    5. For OAuth Scopes, add Manage user data via APIs (api).
    6. Under Flow Enablement, enable the Client Credentials Flow and accept the security warning.
    7. Click Create.
    8. Back in External Client App Manager, open the app's actions menu and choose Edit Policies. Under Client Credentials Flow, set Run As to your integration user, then Save.
    9. From the app's actions menu choose Edit Settings, open OAuth Settings, and copy the Consumer Key and Consumer Secret.

    Connected App (legacy / existing apps)

    1. SetupApp ManagerNew Connected App.
    2. Enable OAuth settings, add the Manage user data via APIs (api) scope, tick Enable Client Credentials Flow, and save.
    3. On the app, click ManageEdit Policies, and under Client Credentials Flow set the Run As user.
    4. Back on the app, open Manage Consumer Details and copy the Consumer Key and Consumer Secret.

    Step 2: Grant the integration user object access

    The integration runs as the Run As user, so Rig can only read the objects and fields that user is allowed to see. This step is easy to miss and is the most common reason a connection authenticates but returns nothing.

    ⚠️ Integration users start with no object access
    A user on a Salesforce Integration license (and most minimal profiles) has no access to standard objects by default. If the Run As user can't read an object, Rig shows "Object not accessible to the integration user" and Salesforce returns sObject type 'Account' is not supported (INVALID_TYPE). The fix is always to grant that object via a permission set below.

    1. In Setup, type Permission Sets in Quick Find and open it. Click New to create one (e.g. "Rig Read Access"), or reuse an existing one. Leave the license set to --None-- so it can be assigned to any user.
    2. Open the permission set, go to Object Settings, and for each object you want to sync — Account, Contact, Lead, Opportunity, Case, User — enable Read (and View All if you want every record, not just the user's own).
    3. While you're in each object's settings, make sure the fields you care about are readable — field-level security can hide individual columns even when the object is granted. A missing field shows in Rig as "Field not accessible to the integration user".
    4. Go to Manage AssignmentsAdd Assignment, select your Run As integration user, and save.

    Step 3: Find your instance URL

    In Setup, open My Domain and copy your My Domain URL, for example https://acme.my.salesforce.com. Sandboxes look like https://acme--sandbox.sandbox.my.salesforce.com.

    Step 4: Connect it in Rig

    1. In Rig, open Connections in the left sidebar and go to the Sources step.
    2. Search for Salesforce (it's under CRM, marked OAuth) and click its card.
    3. Instance URL: paste your My Domain URL.
    4. Connected App Consumer Key: paste the Consumer Key.
    5. Connected App Consumer Secret: paste the Consumer Secret.
    6. Click Continue, then Test to pull a small sample, then Sync to run the full pipeline.

    What Rig pulls in

    Salesforce lands in its own salesforce schema, with the standard fields for each object:

    • Accounts, Contacts and Leads
    • Opportunities: stage, amount, close date, forecast category
    • Cases
    • Users

    Good to know

    • Rig reads only what the Run As user can see. Give that user least-privilege, read-only access to the objects you want to sync.
    • Anyone with the Consumer Key and Secret can mint access tokens. Rotate the secret periodically, and immediately if it leaks.
    • Make sure you copy the production My Domain URL (or the matching sandbox URL) for the org whose data you want.
    • You can disconnect Salesforce at any time from ConnectionsSources.

    Was this guide helpful?