Dex
← All integrations
Salesforce logo
CRM

Salesforce

Manage Salesforce users, permissions, profiles, and data with natural-language requests.

Dex connects to Salesforce through a Connected App (OAuth 2.0 username-password flow) and targets REST API v63.0. Admins can create, freeze, reactivate, and reprofile users, assign and revoke permission sets, reset passwords, and run arbitrary SOQL queries for account/asset/opportunity data — with approvals and audit logging on every write.

Book a Demo

What Dex does with Salesforce

Dex handles both admin workflows and employee self-service — all policy-guardrailed and audit-logged.

A

For admins (CoAdmin)

  • Search users by name or email with SOQL (returns Id, Profile, Role, IsActive, LastLoginDate)
  • Create new Salesforce users with required identity fields (Username, Email, ProfileId, LocaleSidKey, TimeZoneSidKey, etc.)
  • Freeze / deactivate users by flipping IsActive to false — instantly revokes login
  • Reactivate previously frozen users
  • Update user details: title, department, manager, profile, role
  • Trigger a password reset email to any user via DELETE on /sobjects/User/{id}/password
  • List and assign permission sets; remove existing permission set assignments
  • Change a user's Profile (hard permission change) after looking up the target ProfileId
  • Run arbitrary SOQL queries for reporting — accounts by industry, pipeline by rep, assets by customer
  • Look up and enrich Account and Asset records with custom fields, relationship fields (Owner.Name, Parent.Industry)
E

For employees (self-service)

  • Look up your own Salesforce profile, permission sets, and last-login
  • Request a password reset for yourself
  • Query accounts or opportunities you own ("show me my accounts with > $100k ARR")

Just ask Dex

Your team types a request in plain language. Dex investigates, plans, and executes — with the right guardrails.

Admin prompts

  • >Freeze the Salesforce user for marco@acme.com — he's out on leave for 3 months
  • >Create a Salesforce user for jenna.rossi@acme.com with the "Standard User" profile in US/Eastern
  • >Assign the "Sales Cloud Einstein" permission set to everyone on the North America sales team
  • >Show me every inactive user who last logged in before Jan 1 2025 — we want to delete their licences
  • >Reset the password for dan@acme.com and send him the reset link
  • >Change ari@acme.com's profile from "Standard User" to "Sales Manager" and add him to the RevOps role
  • >Run SOQL: SELECT Name, Industry, AnnualRevenue FROM Account WHERE BillingCountry = 'Germany' ORDER BY AnnualRevenue DESC LIMIT 50
  • >Which users still have the "System Administrator" profile? List name, email, and last login
  • >Find the Acme Industries account and include billing address, owner name, and all associated assets

Employee prompts

  • >What permission sets am I assigned?
  • >Send me a Salesforce password reset link
  • >Show my top 10 open opportunities by amount

Policy actions

Every action Dex can take on Salesforce is declared, scoped, and guardrailed. Admins control which apply, who approves them, and whether they're limited to self-service.

ActionWhat it does
salesforce_query_usersSearch and list Salesforce users via SOQL
salesforce_create_userCreate a new Salesforce user
salesforce_update_userUpdate user fields (title, department, manager, profile)
salesforce_deactivate_userFreeze a Salesforce user (set IsActive=false) to revoke login
salesforce_reactivate_userReactivate a frozen user (set IsActive=true)
salesforce_reset_passwordTrigger a password reset email to the user
salesforce_assign_permission_setAssign a permission set to a user
salesforce_remove_permission_setRemove a permission set assignment from a user
salesforce_change_profileChange a user's Profile (hard permission shift)
salesforce_run_soqlRun ad-hoc SOQL queries for reporting and data lookups
salesforce_read_accountRead Account and Asset records with custom/relationship fields

How to configure Salesforce

Onboarding takes minutes. Dex validates your credentials before saving them.

Setup steps

  1. 1
    SysAid pre-configures the Salesforce Connected App client ID and secret globally — admins do not set these per-tenant.
  2. 2
    The admin enables Salesforce from the Dex app catalog and opens the credentials form.
  3. 3
    In the admin's own Salesforce org, make sure the Connected App is approved (or whitelist SysAid's Connected App if not yet installed) and create/locate an integration user with API-enabled permissions.
  4. 4
    Enter the Salesforce username, password, security token, consumer key, consumer secret, and login URL (https://login.salesforce.com for prod, https://test.salesforce.com for sandbox) in Dex.
  5. 5
    Dex performs the OAuth 2.0 username-password token exchange, resolves the org's instance URL automatically, and validates by calling /services/data/v63.0/sobjects/User.
  6. 6
    Once validated, Dex stores the credentials encrypted and refreshes tokens as needed. Every write action respects the integration user's profile + permission sets.
Vendor documentation ↗

Credentials required

username
Salesforce username of the integration user (format: user@company.com or user@company.com.sandboxname)
password
Password for the integration user — store securely; Dex encrypts at rest
securityToken
Salesforce security token (emailed by SFDC when you reset it from Personal Settings → Reset My Security Token); required unless IP is whitelisted
consumerKey
Consumer Key (Client ID) from the Connected App in Salesforce Setup → App Manager
consumerSecret
Consumer Secret (Client Secret) from the same Connected App
loginUrl
https://login.salesforce.com for production or https://test.salesforce.com for sandbox orgs

Requirements

  • Salesforce org with API access (Enterprise, Unlimited, Developer, or Performance edition — Essentials does not include API)
  • A Connected App enabled for OAuth username-password flow, with "Perform requests at any time (refresh_token, offline_access)" scope
  • An integration user with the "API Enabled" permission and the profile/permission sets covering the objects Dex will read/write
  • Salesforce daily API call limits apply — Dex throttles on 429s and surfaces limit warnings from /limits
  • For User creation: a valid ProfileId, a globally-unique Username, and a Salesforce licence available in the org

Related integrations

See Dex run Salesforce

Book a 30-minute walkthrough with our team and see how autonomous IT works in your environment — or get started for free.

Book a DemoBrowse all integrations →