--- id: 02-guided-setup title: Setting Up The CTI Adapter Using Guided Setup --- import useBaseUrl from "@docusaurus/useBaseUrl";

In order to navigate to the Guided Setup feature, perform the following steps (NOTE: If you are not an admin user then you must first add yourself to the AC_Administrator permission set, see [here](./02-guided-setup#add-users-to-a-permission-set) for more details): 1. Navigate to the Setup section in your Salesforce instance. 2. Search for Visualforce Pages, and select **AC_GuidedSetup**. 3. Select **Preview**. ## Guided Setup Prerequisites The below sections are linked to from the Guided Setup feature. Only perform the below steps when the Guided Setup feature links to them. ### Create Named Credential See [here](/docs/classic/installation/01-installation#setting-up-the-executeawsservice-named-credential) for instructions on setting up the Named Credential. ### Create Connected App The Lambda function access Salesforce using the Salesforce REST API. To get access to the environment, a Connected App must be configured with OAuth settings enabled. 1. Log in to Salesforce 2. Navigate to Setup \> Create \> Apps

3. Click on the "New" button for the Connected Apps at the bottom of the page 4. In the following form, fill out the Connected App Name, API Name and Contact Email with values of your choice. We recommend "Amazon Connect Integration" as the Connected App Name and the default value for the API name.

5. Select the checkbox next to "Enable OAuth Settings" as shown below.

6. Set the **Callback URL** to your domain url. Find the domain at _Setup_ -> _My Domain_.

7. Ensure Selected OAuth Scopes has the following values selected: a. Access the identity URL service (id, profile, email, address, phone) b. Manage user data via APIs (api) 8. Select the checkbox "Require Secret for Web Server Flow", and the checkbox "Require Secret For Refresh Token Flow"

9. Click "Save" at the bottom of the screen. 10. Click "Continue" on the next screen

11. Once the app has been created, on the app's detail screen, please copy the "Consumer Key" value to your installation notes

12. Select "Click to reveal" next to Consumer Secret and record this value to "Consumer Secret" in your installation notes. 13. Click "Manage" at the top of the page

14. On the page that appears, click "Edit Policies" 15. Set "Permitted Users" to "Admin approved users are pre-authorizes"

16. Click "OK" on the pop-up dialog:

17. Set "IP Relaxation" to "Relax IP restrictions"

18. Click "Save" ## Guided Setup Additional Instructions The below sections are linked to from the Guided Setup feature. Only perform the below steps when the Guided Setup feature links to them. ### Retrieve Amazon Connect Instance Url 1. Navigate to the [Amazon Connect Console](https://console.aws.amazon.com/connect/home) 2. Select your Instance Alias 3. On the Overview page for your instance, copy the Login URL (if your Amazon Connect instance uses the `https://(instancename).awsapps.com/connect/login` domain, then remove everything after ".com"):

### Add users to the Call Center 1. Log in into your Salesforce org and go to **Setup** 2. In the **Quick Find** field, enter **Call Center**, then select **Call Centers** from the result list

3. If you see the **Say Hello to Salesforce Call Center** page, select **Continue** 4. Select **AC Lightning Adapter**

5. On the **AC Lightning Adapter** detail page, select **Edit** 6. On the **AC Lightning Adapter: Manage Users** page, select **Add More Users**. 7. Set filters (if desired) and then choose **Find**. 8. Select the checkbox next to the user to add, then choose **Add to Call Center**.

9. Repeat the steps to add more users. ### Add users to a Permission Set All users must be assigned the required permission set to access Salesforce metadata. The Amazon Connect CTI Adapter includes Permission Sets-- one for agents, one for managers, one for administrators, and a few for specific features, that grant users the appropriate access for their role. More information on assigning user permissions can be found in the [Salesforce help documentation](https://help.salesforce.com/articleView?id=perm_sets_mass_assign.htm&type=5). 1. Log in into your Salesforce Org. 2. Navigate to **Setup** \> **Manage Users** \> **Permission Sets**.

2. Choose **AC_Manager**.

3. Choose **Manage Assignments**. 4. Choose **Add Assignments**. 5. Select the users to assign the permissions, then choose **Assign**. More information on assigning user permissions can be found at: #### AC_Administrator

#### AC_Manager

#### AC_Agent

### Create the Softphone Layout Next, we need to create a softphone layout for the solution.

1. In the **Quick Find** box, type *Softphone Layouts*, then choose **Softphone Layouts**. 2. Choose **New**.

3. Enter a name for the layout, such as *AmazonConnectDefault*, then select the **Is Default Layout** checkbox.

4. Expand "Display these salesforce.com objects" and select objects that CTI Connector should be able to search, for a screen-pop query. In this example, besides default selection, I'm adding "Case", as I want to search and screen-pop by CaseID.

5. If necessary, configure the search behavior in the case that one or multiple records are found upon CTI search.

6. In this example, keep the default configuration, then choose **Save**.

### Retrieve the Salesforce API Version 1. Log in into your Salesforce org and go to **Setup** 2. In the **Quick Find** field, type **apex**, then select **Apex Classes** from the results

3. Select New

4. Select the Version Settings tab

5. Note the Salesforce.com API version in your notepad. The pattern of this value is ```vXX.X```.

### Setting up the Salesforce API User The Lambda functions authenticate with Salesforce via user credentials. It is a common practice to create an API user account for this purpose. 1. Log in to Salesforce 2. Navigate to Setup \> Manage Users \> Profiles 3. Click "New Profile" 4. Enter the Profile Name (i.e. "API Only") 5. Select the existing profile to clone (The integration user\'s access to just those objects required for the integration)

NOTE: You\'re advised to use a full Salesforce License for the user to be able to set the below permissions and have full access to avoid any other errors. 6. Click "Save". A New Profile is created:

7. Once the new profile page opens, select the **System Permissions** button

8. If the Lightning Experience User checkbox is selected, clear it

9. Save the system permissions, then go back to Profile Overview 10. Select the _Password Policies_ link, click edit

11. Set **User password expire in** to **Never expires** **NOTE:** Failure to this may lead to production outages.

12. Select **Save** 13. Navigate to Setup \> Manage Apps \> Connected Apps 14. Select the app you have created in the previous step (i.e. Amazon Connect Integration)

15. Click "Manage Profiles"

16. Ensure the "API Only" profile is selected:

17. Click "Save" at the bottom of the page 18. Navigate to Setup \> Manage Users \> Users 19. Click "New User"

20. Set necessary fields: Last Name, Alias, Email, Username, Nickname

21. On the right-hand side, set the User License and Profile

22. Click "Save" 23. In **Quick Find**, search for "Permission Sets". Select the **AC_Administrator** permission set.

24. Select **Manage Assignments**. Add the apiuser you just created to the permission set. 25. A confirmation email will be sent, with an activation link. Click the link to activate your user.

Change (set) a password for apiuser (Considered a strong that contains at least 20 random characters):

26. Click "Change Password" 27. Access the apiuser personal settings by selecting the username in the top right corner, then "My Settings".

28. Type "Security Token" in the Quick Find box and click "Reset My Security Token".

29. Your security token will be emailed to you

30. Copy the security token from the email in to your installation notes for the "Access Token" value. ### Allowing the API user to authenticate using password The api user created above authenticates using username-password flow in Salesforce. This flow needs to be unblocked and to do that, go to _Setup_ and in the Quick Find box, search for __OAuth and OpenID Connect Settings__. After that, make sure that the toggles for __Allow OAuth Username-Password Flows__ and __Allow OAuth User-Agent Flows__ are turned ON, as shown in below image.

### Setting up the SecretsManager Secret To ensure that your Salesforce credentials are secure, the Lambdas require that the credentials are stored in AWS Secrets Manager. AWS Secrets Manager is a highly secure service that helps you store and retrieve secrets. 1. In a new browser tab, login to the AWS console 2. Make sure you are in the same region as your Amazon Connect instance. You can set the region by expanding the region selector in the upper right and choosing the region

3. Navigate to the [Secrets Manager console](https://console.aws.amazon.com/secretsmanager/home) 4. Select **Secrets** 5. Select **Store a new secret** 6. Select **Other types of secrets** 7. Make sure **Secret key/value** is selected 8. Enter key value pairs that match the following: a. **Key:** Password, **Value:** the password for the API user that you configured in the previous section b. **Key:** ConsumerKey, **Value:** the Consumer Key for the Connected App you created in the previous section c. **Key:** ConsumerSecret, **Value:** the Consumer Secret for the Connected App you created in the previous section d. **Key:** AccessToken, **Value:** this is the access token for the API user that you configured in the previous section 9. For the encryption key, click **Add new key** 10. Select **Create Key** 11. Make sure key type is set to **symmetric** 12. Give your key an **alias**, like *SalesforceCredentialsSecretsManagerKey* 13. Click Next 14. Select administrators you want to have access permission to change the key policy. Make sure you are being as restrictive as possible 15. Click Next 16. Select the users and roles you want to have access to the Salesforce credentials in Secrets Manager. Make sure you are being as restrictive as possible 17. Click Next 18. Click Finish 19. Click on the managed key that you just created (which is *SalesforceCredentialsSecretsManagerKey* in this case). 20. Note down the ARN. This is SalesforceCredentialsKMSKeyARN that will be used later when installing the Amazon Connect Salesforce Lambda package. 21. Navigate back to the Secrets Manager setup tab 22. Select the key you just created

23. Click Next 24. Give your secret a name, like *SalesforceCredentials* 25. Click Next 26. Make sure **automatic rotation** is disabled. 27. Click Next 28. Click Store 29. Select the secret you just created, and copy the Secret ARN