Salesforce Widget Installation guide

    The Salesforce widget allows brands to provide a highly personalized customer experience by collating a 360 view of the customer and all relevant cases from Salesforce inside the Agent workspace itself.

    For brands that currently use Salesforce as their preferred CRM platform, this solution offers an out-of-box integration and empowers agents with meaningful context. With this solution, brands can save agents time by reducing the need for dual maintenance and updates of notes in the CRM. Brands can also lower overall operational costs by driving automation of the flows from the customer interactions with the agents to updates in the CRMs. This will allow brands to streamline the process so that the relevant teams can focus on cases based on the inputs from the agent interactions with the customer. The complete chat transcript can be synced to Salesforce and related to the specific case for context.

    This guide provides an overview of the tasks that should be completed to enable the Salesforce widget in the Conversational Cloud.

    The widget is currently available as an EAP solution. If you are interested in enabling this for your brand, please complete the steps detailed below and contact your customer success manager or complete this form for additional support with the setup. 


    In order to perform the following steps, you will need the following:

    • Salesforce Account with administrative privileges
    • LivePerson Account with administrative privileges 

    The LivePerson Salesforce Widget uses OAuth 2.0 JWT Bearer Flow for Server-to-Server Integration as an authorization scheme in Salesforce.

    You need the following information to set up the account using the Salesforce Widget setup wizard in Integration Hub:

    • Salesforce Authorization server URL (formatted like this:
    • Salesforce OAuth Key (called Client ID in the setup wizard)
    • The generated secret key
    • Salesforce Username of the System User (used for chat transcript sync & potentially access to the data within SF, called “CRM ID” in the setup wizard)

    Step 1: Key & Certificate generation

    1 - Generate key

    With openssl installed, open a shell and generate a new RSA private key. You can choose to encrypt the key file, but be aware that you need to submit the decryption passphrase during the Salesforce Widget setup process.

    $ openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -out private-key.pem

    Use this command to generate a new key without a passphrase or 

    $ openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -aes256 -pass stdin -out private-key.pem

    to create an encrypted key.

    Keep the private key in a safe place and do not reveal it to anyone else.

    2 - Generate a certificate

    Create an X.509 certificate using the newly generated private key. There are two options for this, either a self-signed certificate or a certificate signed by your company’s certificate authority (CA). 

    A self-signed certificate, valid for 365 days, can be created like this (update the subject according to your company information):

    $ openssl req -new -x509 -sha512 -key private-key.pem -subj '/C=Country/ST=State/L=City/O=Company_Name/OU=Department_Name>/CN=Canonical_Name' -days 365 -out certificate.crt

    You can skip to the next step 3 - Validate certificate in this tutorial.

    If your organization has its own certification authority (CA), then it is more secure to generate a certificate signed by this CA. In order to do it, you should first create a certificate request:

    $ openssl req -new -sha512 -key private-key.pem -subj '/C=Country/ST=State/L=City/O=Company_Name/OU=Department_Name>/CN=Canonical_Name' -out certificate.csr

    This command generates a new certificate request based on the given private key and stores it in the certificate.csr file. You should replace values in the -subj parameter with the information about your organization. There is also a short command that generates a certificate request along with a private key, all at once:

    $ openssl req -new -sha512 -newkey rsa:4096 -keyout private-key.pem -subj '/C=Country/ST=State/L=City/O=Company_Name/OU=Department_Name>/CN=Canonical_Name' -out certificate.csr

    After that, the certificate request can be signed using CA’s root or intermediate certificate:

    $ openssl x509 -req -sha512 -in certificate.csr -CA ca.crt -CAkey ca-private-key.pem -CAcreateserial -days 365 -out certificate.crt

    Please note, the CA’s certificate (ca.crt) and the private key (ca-private-key.pem) associated with it are used to sign the request. Usually regular employees do not have access to the CA’s private keys, while the CA’s certificates in most cases are public. So, this last step is usually done by the special department within the organization that plays the role of certification authority and is responsible for certificates. You should figure out if your organization has its own certification authority and follow its policies and procedures to generate and sign the request.

    3 - Validate certificate

    After you created the certificate, review its contents using this command.

    $ openssl x509 -in certificate.crt -text -noout

    Step 2: Setting up connected Salesforce Application 

    Sign in to your Salesforce account. Open the App Manager.


    Create a new connected app.


    Set the basic information, enable OAuth Settings, provide a callback URL (not used, you can use a localhost address), enable use digital signature and upload the X.509 certificate from the previous step. Select these scopes:

    • Manage user data via APIs (api)
    • Perform ANSI SQL queries on Customer Data Platform data (cdp_query_api)
    • Perform requests at any time (refresh_token, offline_access)

    Uncheck all other checkboxes



    Save the new Connected App by clicking on the Save button. Navigate to the Manage page


    Set the permitted users to Admin approved users are-preauthorized and the IP Relaxation to Relax IP restrictions. Save the configuration.


    Add the Salesforce profiles that should be able to use the widget


    Scroll down and select "Manage profiles"


    Select the profiles that should be able to access the widget. Also ensure that the "system account" is permitted.

    Navigate to the App Manager and select View on your Connected App



    Retrieve the Consumer Key by clicking on the Manage Consumer Details button. Copy the Consumer Key for the next steps.



    You can now install LivePerson's Salesforce package to add the LivePersonConversation type to your Salesforce account. This is where conversation transcripts will be stored if selected in the configuration of the Salesforce Widget for Conversational Cloud. 

    Navigate to, sign in to your Salesforce instance and proceed with the installation as depicted below.


    Select to install the package for all users and click "Install"


    Step 3: Widget Configuration in iHub

    Now you have all the necessary information for the Widget configuration steps documented here.

    Missing Something?

    Check out our Developer Center for more in-depth documentation. Please share your documentation feedback with us using the feedback button. We'd be happy to hear from you.