We're updating some of our product names. K2 Five will soon be Nintex Automation On-Prem. You may see both product names in our help pages while we make this change.
Configure Salesforce (Legacy) Integration
This content applies to legacy components
(such as K2 Studio and K2 for Visual Studio), legacy assemblies, legacy services or legacy functionality. If you have upgraded from
K2 blackpearl 4.7 to K2 Five, these items may still be available in your environment. These legacy items may not be available in
new installations of K2 Five. These legacy items may also not be available, supported, or behave as described, in future updates or versions of K2. Please see the
legacy component support policy for more information about support for these components.
K2 integrates with Salesforce.com through the Salesforce Service Broker. One can register an instance of this broker that points to a Salesforce account, which exposes entities within that company as Service Objects that are referenced by SmartObjects. These SmartObjects can in turn be consumed by SmartForms, workflows, reports and other SmartObject consumers.
Salesforce is disabling the TSL 1.0 encryption protocol across their services in July of 2017. At that time all inbound or outbound connections to Salesforce must use TLS 1.1 or TLS 1.2 encryption protocol. For more information on the Salesforce changes, see the following two articles:
Also see the K2 article KB001764 for information.
Until July 2017 you can disable this TLS 1.1 requirement in your Salesforce account, reverting to TLS 1.0 and your K2 integration with Salesforce will continue to work.
The Broker Management tool, Salesforce security provider, Salesforce SmartObject Service Instance and Salesforce SmartObject Instance Generator has been updated to .NET 4 to support TLS 1.1/TLS 1.2.
Salesforce Account and System Administration
Once the WSDL (Web Services Description Language) file has been downloaded from Salesforce, an administrator account must generate the required infrastructure for the Salesforce instance. Other than facilitating a level of integration with the Salesforce site, Administrator level tasks are performed from the Salesforce site and are beyond the scope of this documentation.
Salesforce Integration Resources
There are various additional resources and extensive documentation available on the Salesforce web site which are accessible once an account has been created. For an in depth discussion on the technical aspects of the Salesforce web site, refer to the documentation provided by Salesforce which includes online help and PDFs available for download.
K2 and Salesforce
The process of integrating your organization with Salesforce is divided into a number of steps.
- Create a Salesforce user account and generate a security token for your password.
- Download the service WSDL.
- Prepare to generate the service instance.
- Generate the service instance of Salesforce in the K2 Service Broker.
- Cache the Salesforce credentials.
- Create a K2 Salesforce SmartObject and the required property mappings.
- Build a form that interacts with the K2 Salesforce centric SmartObject.
Salesforce Account
The Salesforce user account is created on the site http://developer.salesforce.com. The individual representing the organization or company creates a user account using an e-mail address and password. Once registered, Salesforce will send a confirmation email to the user account. Follow the instructions in the email.
The login credentials are used later on in the integration process to authenticate against the Salesforce site so keep them handy.
Once the account has been created, a security token for the chosen password must be generated.
The image and steps below describe how to do this:

- Log into the Salesforce web site. The Getting Started Salesforce page is displayed.
- Click the login name in the upper right corner of the page, this displays a menu. Select My Settings from this menu.
- Click Personal in the navigation bar on the left of the page to expand the menu, then select the Reset Security Token item. Read the important information on the page.
- Salesforce will send an e-mail with the new security token. This token must be appended to the account password to access Salesforce from within K2.
Generate and download the service WSDL
Salesforce supplies a Web Services Description Language (WSDL) file to its customers. The WSDL file enables the developer to integrate with Salesforce using the Salesforce API.
The method of generating the WSDL file is beyond the scope of this document but full details can be found on this site: Salesforce: SOAP API Developer Guide.
Avoid placing the WSDL and generated DLLs in a location that has spaces or special characters in the path and be aware that the Enterprise WSDL is organization specific.
Once you have the WSDL file you can distribute it amongst the developers in your organization and use it to generate the files required for developing solutions in conjunction with Salesforce.
Prepare to generate the service instance
As a prerequisite to generating the service instance, the Windows SDK .NET Framework 4 must be installed. See the K2 Product Compatibility, Integration and Support matrix for supported versions.
A Windows Registry entry of type String must be created in the following branch: HKLM > Software > Microsoft > .NETFramework with the following data:
Value name: SDKInstallRootv4.0
Value data: C:\\Program Files (x86)\\Microsoft SDKs\\Windows\\v7.0A\\ (the SDK is installed to this folder by default).
Cache Salesforce Credentials
The final step is to cache your credentials by selecting the Cache Salesforce Credentials, remember to append the token to the password.

Configuring credentials to execute Salesforce SmartObject methods
Issue:
A Salesforce service instance is created and some SmartObjects are created.
The application that uses the SmartObjects cannot execute their methods unless you have cached the Salesforce credentials in Workspace while being logged in as yourself. The application needs to use impersonation, so as long as the impersonated person has cached their credentials beforehand, the SmartObject methods will execute successfully. If you do not cache your credentials, the exception thrown is "No Credentials Cached for this label".
Workaround:
To avoid the requirement that each end user needs to cache Salesforce.com credentials in order for a SmartObject method to execute, perform the following:
- Ensure that the web application using the SmartObjects is running under an app pool account that is in turn configured to run under a service account user identity (i.e. not a predefined service).
- In your browser, log into Workspace as that app pool service account user and drill into "K2 Management > Smart Objects > Services > Salesforce Service". Select the service instance that you are using and click ’Credentials’, then enter the Salesforce credentials. Ensure that you append the Salesforce token to your password.
- In the web application code, you need to:
- Remove impersonation.
- Sign into the SmartObject server.
- Execute the SmartObject methods once you are done with the connection.
- Resume impersonation. By removing impersonation during sign in, the K2 server will pick up the service account user in the app pool that this application is running under.
Web application code:
using SourceCode.SmartObjects.Client;
.
.
.
object retVal = null, paramValue = "Some_Value";
// Stop impersonation
System.Security.Principal.WindowsImpersonationContext ctx = System.Security.Principal.WindowsIdentity.Impersonate(IntPtr.Zero);
SmartObjectClientServer clientServer = new SmartObjectClientServer();
clientServer.CreateConnection();
clientServer.Connection.Open("Integrated=True;IsPrimaryLogin=True;Authenticate=True;EncryptedPassword=False;Host=[YOUR_K2_HOST];Port=5555"); // conn string hard-coded for simplicity.
SmartObject soOpportunity = clientServer.GetSmartObject("sfOpportunity"); // or whatever your smart object is named.
try
{
// replace quoted values with your own values.
smartObject.Methods["methodToExecute"].Parameters["paramName"].Value = (string)paramValue;
smartObject.MethodToExecute = "methodToExecute";
clientServer.ExecuteScalar(soOpportunity);
retVal = smartObject.Properties["returnPropertyName"].Value;
.
.
.
.
}
catch (SourceCode.Hosting.Exceptions.AuthenticationException authEx)
{
if (ctx != null)
{
ctx.Undo();
}
throw new Exception("SourceCode.Hosting.Exceptions.AuthenticationException: " + authEx.Message);
} //*/
catch (Exception ex)
{
// Resume impersonation
if (ctx != null)
{
ctx.Undo();
}
throw new Exception(ex.Message);
}
finally
{
// Resume impersonation
if (ctx != null)
{
ctx.Undo();
}
}