Skip to main content

Setting Up The CTI Adapter Using Guided Setup

In order to navigate to the Guided Setup feature, perform the following steps (NOTE: If you are not an admin user then you must first add yourself to the AC_Administrator permission set, see here for more details):

  1. Navigate to the Setup section in your Salesforce instance.

  2. Search for Visualforce Pages, and select AC_GuidedSetup.

  3. Select Preview.

Guided Setup Prerequisites

The below sections are linked to from the Guided Setup feature. Only perform the below steps when the Guided Setup feature links to them.

Create Named Credential

See here for instructions on setting up the Named Credential.

Create Connected App

The Lambda function access Salesforce using the Salesforce REST API. To get access to the environment, a Connected App must be configured with OAuth settings enabled.

  1. Log in to Salesforce

  2. Navigate to Setup > Create > Apps

  1. Click on the "New" button for the Connected Apps at the bottom of the page

  2. In the following form, fill out the Connected App Name, API Name and Contact Email with values of your choice. We recommend "Amazon Connect Integration" as the Connected App Name and the default value for the API name.

  1. Select the checkbox next to "Enable OAuth Settings" as shown below.
  1. Set the Callback URL to your domain url. Find the domain at Setup -> My Domain.
  1. Ensure Selected OAuth Scopes has the following values selected:

a. Access the identity URL service (id, profile, email, address, phone)

b. Manage user data via APIs (api)

  1. Select the checkbox "Require Secret for Web Server Flow", and the checkbox "Require Secret For Refresh Token Flow"
  1. Click "Save" at the bottom of the screen.

  2. Click "Continue" on the next screen

  1. Once the app has been created, on the app's detail screen, please copy the "Consumer Key" value to your installation notes
  1. Select "Click to reveal" next to Consumer Secret and record this value to "Consumer Secret" in your installation notes.

  2. Click "Manage" at the top of the page

  1. On the page that appears, click "Edit Policies"

  2. Set "Permitted Users" to "Admin approved users are pre-authorizes"

  1. Click "OK" on the pop-up dialog:
  1. Set "IP Relaxation" to "Relax IP restrictions"
  1. Click "Save"

Guided Setup Additional Instructions

The below sections are linked to from the Guided Setup feature. Only perform the below steps when the Guided Setup feature links to them.

Retrieve Amazon Connect Instance Url

  1. Navigate to the Amazon Connect Console

  2. Select your Instance Alias

  3. On the Overview page for your instance, copy the Login URL (if your Amazon Connect instance uses the https://(instancename) domain, then remove everything after ".com"):

Add users to the Call Center

  1. Log in into your Salesforce org and go to Setup

  2. In the Quick Find field, enter Call Center, then select Call Centers from the result list

  1. If you see the Say Hello to Salesforce Call Center page, select Continue

  2. Select AC Lightning Adapter

  1. On the AC Lightning Adapter detail page, select Edit

  2. On the AC Lightning Adapter: Manage Users page, select Add More Users.

  3. Set filters (if desired) and then choose Find.

  4. Select the checkbox next to the user to add, then choose Add to Call Center.

  1. Repeat the steps to add more users.

Add users to a Permission Set

All users must be assigned the required permission set to access Salesforce metadata. The Amazon Connect CTI Adapter includes Permission Sets-- one for agents, one for managers, one for administrators, and a few for specific features, that grant users the appropriate access for their role. More information on assigning user permissions can be found in the Salesforce help documentation.

  1. Log in into your Salesforce Org.

  2. Navigate to Setup > Manage Users > Permission Sets.

  1. Choose AC_Manager.
  1. Choose Manage Assignments.

  2. Choose Add Assignments.

  3. Select the users to assign the permissions, then choose Assign. More information on assigning user permissions can be found at:




Create the Softphone Layout

Next, we need to create a softphone layout for the solution.

  1. In the Quick Find box, type Softphone Layouts, then choose Softphone Layouts.

  2. Choose New.

  1. Enter a name for the layout, such as AmazonConnectDefault, then select the Is Default Layout checkbox.
  1. Expand "Display these objects" and select objects that CTI Connector should be able to search, for a screen-pop query. In this example, besides default selection, I'm adding "Case", as I want to search and screen-pop by CaseID.
  1. If necessary, configure the search behavior in the case that one or multiple records are found upon CTI search.
  1. In this example, keep the default configuration, then choose Save.

Retrieve the Salesforce API Version

  1. Log in into your Salesforce org and go to Setup

  2. In the Quick Find field, type apex, then select Apex Classes from the results

  1. Select New
  1. Select the Version Settings tab
  1. Note the API version in your notepad. The pattern of this value is vXX.X.

Setting up the Salesforce API User

The Lambda functions authenticate with Salesforce via user credentials. It is a common practice to create an API user account for this purpose.

  1. Log in to Salesforce

  2. Navigate to Setup > Manage Users > Profiles

  3. Click "New Profile"

  4. Enter the Profile Name (i.e. "API Only")

  5. Select the existing profile to clone (The integration user\'s access to just those objects required for the integration)

NOTE: You\'re advised to use a full Salesforce License for the user to be able to set the below permissions and have full access to avoid any other errors.

  1. Click "Save". A New Profile is created:
  1. Once the new profile page opens, select the System Permissions button
  1. If the Lightning Experience User checkbox is selected, clear it
  1. Save the system permissions, then go back to Profile Overview

  2. Select the Password Policies link, click edit

  1. Set User password expire in to Never expires NOTE: Failure to this may lead to production outages.
  1. Select Save

  2. Navigate to Setup > Manage Apps > Connected Apps

  3. Select the app you have created in the previous step (i.e. Amazon Connect Integration)

  1. Click "Manage Profiles"
  1. Ensure the "API Only" profile is selected:
  1. Click "Save" at the bottom of the page

  2. Navigate to Setup > Manage Users > Users

  3. Click "New User"

  1. Set necessary fields: Last Name, Alias, Email, Username, Nickname
  1. On the right-hand side, set the User License and Profile
  1. Click "Save"

  2. In Quick Find, search for "Permission Sets". Select the AC_Administrator permission set.

  1. Select Manage Assignments. Add the apiuser you just created to the permission set.

  2. A confirmation email will be sent, with an activation link. Click the link to activate your user.

Change (set) a password for apiuser (Considered a strong that contains at least 20 random characters):

  1. Click "Change Password"

  2. Access the apiuser personal settings by selecting the username in the top right corner, then "My Settings".

  1. Type "Security Token" in the Quick Find box and click "Reset My Security Token".
  1. Your security token will be emailed to you
  1. Copy the security token from the email in to your installation notes for the "Access Token" value.

Allowing the API user to authenticate using password

The api user created above authenticates using username-password flow in Salesforce. This flow needs to be unblocked and to do that, go to Setup and in the Quick Find box, search for OAuth and OpenID Connect Settings. After that, make sure that the toggles for Allow OAuth Username-Password Flows and Allow OAuth User-Agent Flows are turned ON, as shown in below image.

Setting up the SecretsManager Secret

To ensure that your Salesforce credentials are secure, the Lambdas require that the credentials are stored in AWS Secrets Manager. AWS Secrets Manager is a highly secure service that helps you store and retrieve secrets.

  1. In a new browser tab, login to the AWS console

  2. Make sure you are in the same region as your Amazon Connect instance. You can set the region by expanding the region selector in the upper right and choosing the region

  1. Navigate to the Secrets Manager console

  2. Select Secrets

  3. Select Store a new secret

  4. Select Other types of secrets

  5. Make sure Secret key/value is selected

  6. Enter key value pairs that match the following:

    a. Key: Password, Value: the password for the API user that you configured in the previous section

    b. Key: ConsumerKey, Value: the Consumer Key for the Connected App you created in the previous section

    c. Key: ConsumerSecret, Value: the Consumer Secret for the Connected App you created in the previous section

    d. Key: AccessToken, Value: this is the access token for the API user that you configured in the previous section

  7. For the encryption key, click Add new key

  8. Select Create Key

  9. Make sure key type is set to symmetric

  10. Give your key an alias, like SalesforceCredentialsSecretsManagerKey

  11. Click Next

  12. Select administrators you want to have access permission to change the key policy. Make sure you are being as restrictive as possible

  13. Click Next

  14. Select the users and roles you want to have access to the Salesforce credentials in Secrets Manager. Make sure you are being as restrictive as possible

  15. Click Next

  16. Click Finish

  17. Click on the managed key that you just created (which is SalesforceCredentialsSecretsManagerKey in this case).

  18. Note down the ARN. This is SalesforceCredentialsKMSKeyARN that will be used later when installing the Amazon Connect Salesforce Lambda package.

  19. Navigate back to the Secrets Manager setup tab

  20. Select the key you just created

  1. Click Next

  2. Give your secret a name, like SalesforceCredentials

  3. Click Next

  4. Make sure automatic rotation is disabled.

  5. Click Next

  6. Click Store

  7. Select the secret you just created, and copy the Secret ARN