Installing the Fenergo CLM for Salesforce App

This overview provides a step-by-step guide for integrating the Fenergo Salesforce application, including installation, configuration, and user setup.

Prerequisites

1. Submit a SaaS Service Request to the Forge team: https://fenergosupport.atlassian.net/servicedesk/customer/portal/23

   Request the following for your Salesforce (SF) environment:

   • Client ID/Secret
   • MTLS Client ID
   • Certificate (.jks file) and password

   Each SF environment will require its own unique Client ID, MTLS Client ID, and certificate.

2. Enable webhooks on your tenant.

Installation

Once you've received all the required details, proceed with the Salesforce integration steps below.

1. Install the Fenergo SaaS application using the provided install link

2. Reach out to a Fenergo representative to receive the password for the following:

   

3. Select All

   

Configure Authentication

1. Select your user profile and Settings.

2. In the left-hand pane, under My Personal Information, click on Advanced User Details. Scroll down to Permissions Set Assignments and click Edit Assignments and assign the following to your account:

   

   info

   Each user will require the standard Fenergo SaaS permission to use the Salesforce application.

   Salesforce App Permissions

   • FenX Admin: This controls access to Fenergo SaaS configuration area
   • FenX Standard: This is the basic permission that all users need to use the Salesforce for Fenergo app.
   • FenX Webhook: The site guest user requires this permission for webhooks to work

   The following permissions are not required and can be ignored by clients:

   • FenX Logger Admin
   • FenX Logger End User
   • FenX Logger Log Creator
   • FenX Log Viewer

3. Click the gear on the top right and select "Setup".

4. In the left-hand pane, search for Auth Providers and select "Auth. Providers".

5. In the centre page, click "New" to create a new provider.

   

6. In the dropdown, select "Open Connect ID" and enter the following values:

   • Name - Production
   • URL Suffix - Production
   • Consumer Key - sfdc-***********
   • Consumer Secret - ********************************************
   • Auth Endpoint URL - https://identity.$DOMAIN$.com/connect/authorize
   • Token Endpoint URL - https://identity.$DOMAIN$.com/connect/token
   • User Endpoint URL - https://identity.$DOMAIN$.com/connect/userinfo
   • Uncheck Use Proof Key for Code Exchange (PKCE) Extension
   • Token Issuer - https://identity.$DOMAIN$.com
   • Default Scopes - offline_access openid profile tenant Fenergo.Nebula roles refresh_token
   tip

   The Fenergo $DOMAIN$ can be found by navigating to your Fenergo login page.
   For the default EMEA tenant, no domain name is required as this will be: https://identity.fenergox.com/Account/Login.

   For other tenants, such as emea1b, the login URL will follow this format:
   https://identity.$DOMAIN$.fenergox.com/Account/Login (e.g., https://identity.emea1b.fenergox.com/Account/Login).

   Therefore my domain is emea1b.

   

7. Once you have entered the above details, click Save.

8. Fenergo requires callback URL that was created once saved which is listed under "Salesforce Configuration" on the bottom of the page. (Please note that this needs to be updated on the Fenergo side prior to continuing).

   

9. Go back to settings and search for "Named Credentials" and click on it.

10. Go to Setup, search for Named Credentials and click on it

    • Open External Credential Tab
    • Click on New, fill in with the following data:
      • Label: Production
      • Name: Production
      • Authentication Protocol: OAuth 2.0
      • Authentication Flow Type: Browser Flow
      • Scopes: offline_access openid profile tenant Fenergo.Nebula roles refresh_token
      • Authentication Provider: Production

11. Open the external credential just created

    • Scroll down to the Principals sections and click New
      • Parameter Name: fenx
      • Sequence Number: Do not change this
      • Identity Type: Per User Principal
      • Scope: offline_access openid profile tenant Fenergo.Nebula roles refresh_token
      • Click Save

Set Up Named Credentials

1. Create Named Credentials

   • Go to Setup, search for "Named Credentials" and click on it
   • Open Named Credentials Tab

2. Click on New, fill in with the following data:

   • Label: Production
   • Name: Production
   • Url: (depends on the environment, example: https://api.$DOMAIN$.fenergox.com) See step 6 from the Configure Authentication section for more detail on how to identify your domain.
   • Enable for Callouts: checked
   • External Credential: Production
   • Allowed Namespaces for Callouts: fenx

3. Create Permission Set and assign to users

   • Go to Setup, search for "Permission Sets" and click on it

   • Click on New and add the following data:

     • Label: FenxConnection
     • API Name: FenxConnection

   • In the FenxConnection Permission Set, Open Object Settings

     • Open User External Credentials
     • Ensure the following options are enabled and Save
       • Read
       • Create
       • Edit
       • Delete

4. Navigate to FenxConnection Permissions Set and Open External Credential Principal access

   • Click Edit
   • Under the available external credential principals, select the principal for Production fenx external credential and move it to the Enabled principals column
   • Save

5. Navigate to FenxConnection Permissions Set and Open External Credential Principal access and Assign the FenxConnection permissions set to all users that will work with the Fenx App.

   • In FenxConnection, click on Manage Assignments
   • Click on Add Assignment
   • Select the Users you want to assign
   • Click Next and then Click Assign

   Users will be assigned the permission now.

6. Go back to settings and search for "Named Credentials" and click on it. Go to Setup, search for Named Credentials and click on it

   • Open Named Credentials Tab

   • Click on New, fill in with the following data:

   • Label: Comments

   • Name: Comments

   • Url: (depends on the environment, example: https://comments.$DOMAIN$.fenergox.com. See step 6 from the Configure Authentication section for more detail on how to identify your domain.

   • Enable for Callouts: checked

   • External Credential: Production

   • Allowed Namespaces for Callouts: fenx

7. On the top right, select the Profile icon and select Settings (NB: This needs to be done on a user basis)

8. On the left-hand pane, select External Credentials

   • Trigger the authentication flow for both Production and Comments
   • Click "YES, ALLOW" on the following screen on Fen-X which will redirect back to Salesforce.

   

Configure FenX Environment

1. Navigate to Setup > Custom Metadata > Fen X Configuration. Update the following by clicking on the Edit Button on the left of the respective label:

   • Certificate Name: fenxprodcert

   

   • Is Pointing To Fenx Production: true
   • MTLS Client Id: mtls-*****************
   • Names Credential Api Name: Production
   • TenantId: ***********************************************
   • MtlsUrl: https://api-mtls.$DOMAIN$.fenergox.com Update the URL here to include your domain. See step 9 for more detail on how to find your domain.

   For more information on this please visit Data Model Mapping and Sync section of the Salesforce Functional User Guide

2. Navigate to Setup > Remote Site Settings > Production virus scan and select "Edit". Update the remote site URL to the following: https://s3.$INSERTAWSREGION$.amazonaws.com

   tip

   Please reach out to Project team if you are unsure of the AWS region. Examples are as follow up not exhaustive and Fenergo may add additional regions over time.

   • APAC: ap-southeast-2
   • CAN: ca-central-1
   • EMEA: eu-west-1
   • NAR: us-east-2

   

3. Update the remote site URL on both ExternalDataReceptorCallbackProduction & MTLSTokenProduction.

   

4. Within Setup, search for Identity Provider in the left-hand pane and select "Identity Provider", then click on "Enable Identity Provider". (You may need to click it twice).

   

5. The following will be displayed. Here, you will click Save.

   tip

   This step can be skipped if an Identity Provider is already set up by the client.

   

6. Search for "Certificate and Key Management" in the left-hand pane and select it. Then click the button "Import from Keystore".

   

7. JKS file will be provided by the Project Team.

   

8. From the top menu, select "Fenx Configuration".

   

9. Enable the Site Domain.

   

10. Verify the name of your Org and Register:

    

11. Once registered, return to the config screen and click on "Create".

    

12. Once this completes, enter the Secret Key value to register the webhook.

    danger

    Webhook configuration once created should not be deleted. This is a one-time setup and cannot be recreated in the SF app.

Complete the Setup

1. Once completed, you will need to browse to the account page. (If no accounts are visible please click "New" and create an account).

   

2. Once on the page, click on the gear icon and "Edit Page".

   

3. In the left-hand pane, search for Fen-X and drag the items to the page.

   

4. Click Save and select Assign as Org Default.

   tip

   Only assign as Org Default if this is required to be default accross the whole Salesforce Org.

   

   Error 401

   If you receive an error 401: unauthorised message, follow steps 7-8 from the Set Up Named Credentials section.

Optional Configuration

Incease Document File Size:

1. Update the customer metadata file Increase file upload limit to increase the file size from false to true.

2. To enable this, the configurator needs to set one configuration in their Salesforce Org:

   • Add a Trusted URL pointing to the antivirus scan URL.
   • Find the URL in the remote site settings under ProductionVirusScan.
   • Copy this URL and paste it as a new Trusted URL.
   • Before saving, check the box labeled connect-src.

   The file size upload limit is extended to 200mb.