# Salesforce Agentforce Integration

Connect your Salesforce Agentforce environment to Capsule Security for complete visibility into your AI agents, topics, actions, and conversation activity.

## Overview

This integration syncs your Agentforce agents and captures conversation data:

| Category | What Gets Captured |
|  --- | --- |
| **Agents** | Agentforce bots with configuration, status, and metadata |
| **Topics** | Agent skills and topic definitions with instructions |
| **Tools** | Apex actions, Flows, APIs, Prompt Templates, External Services |
| **Data Sources** | Retrievers and knowledge base components |
| **Channels** | Slack and other deployment channels |
| **Conversations** | User messages, agent responses, and tool invocations |


## Prerequisites

Before you begin, ensure you have:

- **Agentforce** enabled with at least one activated agent
- **Data Cloud** enabled (required for Einstein Audit and Feedback Data)
- **Salesforce Administrator** or equivalent permissions
- **Einstein** enabled in your org (required for conversation auditing)


## Step 1: Create a Connected App

Create a Connected App in Salesforce to enable secure OAuth authentication with Capsule.

### Steps

1. Click the **gear icon** in the top-right corner and select **Setup**


1. In the Quick Find box on the left, search for **App Manager**
2. Click **New Connected App** in the top-right corner
3. Configure the basic information:
  - **Connected App Name**: `CapsuleSecurity`
  - **API Name**: `CapsuleSecurity` (auto-populated)
  - **Contact Email**: Enter your admin email address


## Step 2: Configure OAuth Settings

Enable OAuth and configure the required scopes and security settings.

### Steps

1. Scroll down to the **API (Enable OAuth Settings)** section
2. Check **Enable OAuth Settings**
3. Enter the **Callback URL**:

```
https://portal.us-east1.capsulesecurity.io/integrations/callback/AGENTFORCE
```
4. Add the following **Selected OAuth Scopes** (click Add for each):
  - Manage user data via APIs (api)
  - Perform requests at any time (refresh_token, offline_access)
  - Access chatbot services (chatbot_api)
  - Access the Salesforce API Platform (sfap_api)
5. Configure security settings:
  - Check **Require Secret for Web Server Flow**
6. Click **Save** at the bottom of the page
7. Click **Continue** on the confirmation dialog


Your Connected App settings should look like this:

![Connected App OAuth Settings](/assets/salesforce-connected-app-settings.7b83c7ba3b183164be94112616e6258b5c92d6226e6de831bd8cb51a11aa5ab1.9c1bb791.png)

### Why these scopes?

| Scope | Purpose |
|  --- | --- |
| api | Access Salesforce data and metadata |
| refresh_token, offline_access | Maintain persistent connection for scheduled syncs |
| chatbot_api | Access Agentforce conversation and bot data |
| sfap_api | Access the Salesforce API Platform for agent configuration |


## Step 3: Enable Einstein Audit and Feedback (Recommended)

Enable Einstein auditing to capture agent conversations in Capsule. Without this, conversation data may not be available.

### Steps

1. In Setup, search for **Einstein Setup** in the Quick Find box
2. Click **Einstein Setup**
3. Ensure **Einstein** is turned **On**
4. Locate **Einstein Audit and Feedback Data** and toggle it **On**


### Why is this needed?

Einstein Audit and Feedback Data enables conversation logging for Agentforce agents. This allows Capsule to capture:

- User messages and agent responses
- Topic classifications
- Tool invocations and results
- Session metadata


## Step 4: Add Connected App to Your Agent

Link your Connected App to your Agentforce agent to enable API access.

### Steps

1. In Setup, search for **Agentforce Agents** in the Quick Find box
2. Click the name of your agent
3. Click **Open in Builder**
4. In Agentforce Builder, click the **Connections** tab
5. If you see an option to turn on the updated connections experience, click **Turn It On**
6. Select the **Messaging** connection
7. Scroll down to the **External Apps** section
8. Click **Add External App**
9. Select **API** as the connection type
10. Choose your **CapsuleSecurity** connected app from the dropdown
11. Click **Save**


## Step 5: Get Your Consumer Credentials

Retrieve the Consumer Key and Secret from your Connected App.

### Steps

1. Click the **gear icon** in the top-right corner and select **Setup**
2. In the Quick Find box, search for **App Manager**
3. Find **CapsuleSecurity** in the list
4. Click the **dropdown arrow** on the right side of the row and select **View**


1. Scroll down to the **API (Enable OAuth Settings)** section
2. Next to **Consumer Key and Secret**, click **Manage Consumer Details**
3. You may need to verify your identity (Salesforce will send a verification code)
4. Copy the **Consumer Key** and **Consumer Secret**


### Security notes

- Store these credentials securely
- Never share them in emails, chat, or code repositories
- The Consumer Secret is only shown once—copy it immediately


## Step 6: Configure the Integration in Capsule

Connect your Salesforce org to Capsule using the credentials from Step 5.

### Steps

1. Log in to the **Capsule Security** portal
2. Click **Integrations** in the left sidebar
3. Find the **Salesforce Agentforce** card and click **Set up Integration**


1. Enter your credentials:
  - **Consumer Key**: Paste from Step 5
  - **Consumer Secret**: Paste from Step 5
2. Click **Connect**
3. You will be redirected to Salesforce to authorize the connection
4. Review the permissions and click **Allow**
5. You will be redirected back to Capsule upon successful connection


### After setup

- Initial sync begins automatically
- First sync may take several minutes depending on data volume
- View synced agents in **Inventory → Agents**
- View conversations in **Observability → Filter Activity Type - Session**


## What Gets Captured

Capsule captures the following data from your Agentforce environment:

| Entity Type | Category | Description |
|  --- | --- | --- |
| **Agentforce Agents** | Model Agent | Bot configuration, status, languages, tone settings |
| **Topics** | Topic | Agent skills with instructions and guidance |
| **Apex Actions** | Tool | Custom Apex code invoked by agents |
| **Flow Actions** | Tool | Salesforce Flow automations triggered by agents |
| **API Actions** | Tool | REST API endpoints called by agents |
| **Prompt Templates** | Tool | Templates for generating agent responses |
| **Retrievers** | Data Source | Knowledge base and data retrieval components |
| **External Services** | Tool | External service integrations |
| **Predictive Models** | Tool | ML models used for predictions |
| **Slack Channels** | Access Channel | Slack deployment integrations |


### Conversation data captured

When Einstein Audit is enabled, Capsule also captures:

- **User messages** — Input from users interacting with agents
- **Agent responses** — Generated responses from Agentforce
- **Topic classifications** — How the agent categorized the conversation
- **Tool invocations** — Actions and tools executed during the conversation
- **Session metadata** — Timestamps, session IDs, and channel information


## Verification

After setup, verify that data is syncing correctly.

### Check agents

1. In Capsule, navigate to **Inventory → Agents**
2. Look for your Agentforce agents in the list
3. Click on an agent to view its topics and tools


### Check conversations

1. Navigate to **Observability**
2. Filter by **Activity Type → Session**
3. Look for recent Agentforce conversations
4. Click on a session to view the full conversation transcript


## Troubleshooting

### Connected App not appearing in agent connections

- Ensure the Connected App is saved and activated
- Wait a few minutes for Salesforce to propagate the changes
- Verify you have the correct OAuth scopes configured


### No conversations appearing in Capsule

- Verify Einstein Audit and Feedback Data is enabled
- Check that your agent is activated and has handled conversations
- Initial sync may take several minutes


### OAuth authorization fails

- Verify the Callback URL matches exactly: `https://portal.us-east1.capsulesecurity.io/integrations/callback/AGENTFORCE`
- Ensure all required OAuth scopes are selected
- Check that Client Credentials Flow is enabled


### Agent not syncing

- Verify the agent is **Activated** in Agentforce
- Check that the Connected App is linked to the agent (Step 4)
- Ensure your Salesforce user has permission to access the agent


## Support

For help with this integration:

- **Email**: support@capsule.security
- **Include**: Your Salesforce Org ID, integration status, and any error messages


For Salesforce Agentforce issues:

- **Salesforce Help**: [help.salesforce.com](https://help.salesforce.com)
- **Agentforce Documentation**: [developer.salesforce.com/docs/einstein/genai](https://developer.salesforce.com/docs/einstein/genai)