Loading
Set Up and Maintain Net Zero Cloud
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Integrate Microsoft 365 Azure with Salesforce for Net Zero Cloud

            You are here:

            1. Salesforce Help
            2. Docs
            3. Set Up and Maintain Net Zero Cloud

            Integrate Microsoft 365 Azure with Salesforce for Net Zero Cloud

            Author disclosure reports directly in Microsoft 365 Word by using the Salesforce Disclosure and Compliance Hub for Microsoft 365 Word add-in. To establish a secure connection between Salesforce and the add-in, configure a Microsoft Azure app, authentication provider, and named credential.

            Required Editions

            Available in: Lightning Experience
            Available in: Enterprise, Performance, Unlimited, and Developer Editions

            Before you begin the integration of Microsoft 365 Azure with Salesforce for Net Zero Cloud:

            • Log in to Azure.
            • Create a Microsoft Azure account.
            • Add an Office 365 E1 license to your users.
            1. Establish a connection between Salesforce and Microsoft by configuring a Microsoft Azure app.
            2. Establish a secure connection between Salesforce and Microsoft by adding an authentication provider credential.
            3. Add a named credential to use the external document storage configuration.
            4. For legacy named credentials that use per-user authentication, grant access to users through permission sets and profiles.
            5. Store disclosure documents and document templates by creating a site in SharePoint.
            6. Configure your authentication settings to access an external system from Salesforce.
              See Set Up Your External Authentication in Author Disclosures Using Microsoft 365 Word.
            7. To create DOCX, PPT, and Microsoft 365 Word templates in Salesforce, use Design Document Template.
            8. Set up the default mechanism for document generation on the server side.
            9. To use Microsoft 365 Word to create documents that contain formatted text, create templates in design document template.
            10. Specify the Microsoft OneDrive location in the external document storage configuration so that the generated disclosure documents are stored in a single location.
            11. Salesforce admins deploy and assign the Salesforce Disclosure and Compliance Hub for Microsoft 365 Word app to all or specific users.
            12. To generate disclosure reports with the Salesforce Disclosure and Compliance Hub add-in for Microsoft 365 Word, select Microsoft 365 Word for Get Disclosure and Compliance Hub Plugin.
            13. Salesforce Disclosure and Compliance Hub for Microsoft 365 Word add-in supports the Android, Microsoft Windows, and iOS operating systems, and the latest stable browser versions of Apple Safari, Mozilla Firefox, and Google Chrome.
              See Supported Browsers and Devices for Salesforce Contracts Connector for Word Add-In. The article is written for Salesforce Contracts users, but the steps apply to Net Zero Cloud.

            Create a Connection Between Salesforce and Microsoft Azure

            Configure a Microsoft Azure app to establish a connection between Salesforce and Microsoft.

            Required Editions

            User Permissions Needed
            To register a client application on Microsoft Azure: Azure Tenant Administrator access
            1. Open Microsoft Azure, and log in to your Azure account.
            2. Search for app registration, and then click New Registrations.
            3. Enter the registration details.
              1. Enter a name for the app, for example, MicrosoftApp.
              2. For supported account types, select Accounts in this organizational directory only (Salesforce -SFDC-CLM only - Single tenant).
              3. Click Register.
              4. Note the Application (client) ID for later use.
            4. Add permissions.
              1. Click API permissions.
              2. Click Add a permission | Microsoft Graph | Delegated permissions.
              3. In select permissions, enter Files.ReadWrite.All.
              4. Select Files.ReadWrite.All permission, and click Add permissions.
              5. Repeat these steps for these permissions:
                • openId
                • User.ReadWrite
                • Offline_access
              6. Click Grant admin consent for {TenantName}, and confirm the consent.
                The status changes to Granted for Salesforce - {TenantName} for all permissions.
            5. Add and save a client secret.
              1. Click Certificates & secrets.
              2. Click New client secret.
              3. Enter a description for the client secret, for example, MicrosoftApp.
              4. Enter or select an expiration time frame, and click Add.
              5. Copy and save the client secret value, which you need when configuring your authentication provider.
                If you don't copy the client secret value now, you can’t retrieve it, and must create a new one.

            Configure an Authentication Provider for Microsoft App

            Add an authentication provider credential to establish a secure connection between Salesforce and Microsoft.

            Required Editions

            User Permissions Needed
            To view the settings: View Setup and Configuration
            To edit the settings: Customize Application
            To configure Auth. Provider: Manage Auth. Providers
            1. From Setup, in the Quick Find box, enter Auth. Providers, and then select Auth. Providers.
            2. Click New.
            3. For the provider type, select Open ID Connect.
            4. For the authentication provider name, enter MicrosoftApp.
              MicrosoftApp is added to the end of the URL.
            5. For the consumer key, enter your Azure app’s Application (client) ID.
            6. For the consumer secret, enter your Azure app’s Client Secret Value.
            7. For the authorize endpoint URL, enter https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize.
            8. For the token endpoint URL, enter https://login.microsoftonline.com/organizations/oauth2/v2.0/token.
            9. For the user info endpoint URL, enter https://graph.microsoft.com/oidc/userinfo.
            10. For the default scopes, enter https://graph.microsoft.com/Files.ReadWrite.All offline_access openid User.ReadWrite.

              Make sure that Default Scopes matches the API permissions that you added to your Microsoft Azure account. See Create a Connection Between Salesforce and Microsoft Azure.

            11. Deselect Send client credentials in header.
            12. Select Send access token in header and Include Consumer Secret in SOAP API Responses.
            13. For the registration handler, select Automatically create a registration handler template.
            14. For how to execute the registration, select your system admin account.
            15. Save your changes.
            16. Under Salesforce Configurations, verify that these URLs are generated.
              • Test-Only Initialization URL
              • Single Sign-On Initialization URL
              • Existing User Linking URL
              • OAuth-Only Initialization URL
              • Callback URL
              • Single Logout URL
            17. If your Salesforce org has an Experience Cloud site, expand Experience Cloud Sites and verify that these URLs are generated.
              • Test-Only Initialization URL
              • Single Sign-On Initialization URL
              • Existing User Linking URL
              • OAuth-Only Initialization URL
              • Callback URL
            18. Save your changes.
              After you save the Auth. Provider, a Registration Handler Apex class is created. For example, AutocreatedRegHandler1234567890123.
            19. Disable email notifications.
              You can also disable email notifications when you link your Salesforce account with your Microsoft Azure account and update the Salesforce email address with your Microsoft Azure account.
              1. Click the Registration Handler Apex class link.
              2. Click Edit.
              3. Search for the updateUser method, and remove or comment out this entry.
                //u.email = data.email; //u.lastName = data.lastName; //u.firstName = data.firstName;
              4. Save your changes.
            20. Add the Callback URL.
              1. Go back to your authentication provider.
              2. In the Salesforce Configuration section, copy the callback URL.
              3. Open your Microsoft Azure account, and click Overview.
              4. Click Add a Redirect URL next to Redirect URLs.
              5. Select Add a platform | Web.
              6. Paste the callback URL in Redirect URIs.
              7. Select the access tokens (used for implicit flows) and ID tokens (used for implicit and hybrid flows).
              8. Click Configure.
              9. If you have a partner community set up, go to the Auth. Provider in your org.
              10. From the Experience Cloud Sites section, copy the callback URL.
              11. Open your Microsoft Azure account, and click Authentication.
              12. Go to Web | Redirect URLs, and click Add URL.
              13. Paste the Experience Cloud Site callback URL, and save your changes.
            21. Test the Auth. Provider authentication.
              1. From the Salesforce Configuration section, copy the Test-Only Initialization URL.
              2. Paste the URL in the address bar, and press Enter.
              Log in to the third-party provider and you’re redirected back to your Salesforce org.

            Create a Named Credential for Salesforce Disclosure and Compliance Hub for Microsoft 365 Word Add-In

            Add a named credential to use the external document storage configuration. Specify the Microsoft OneDrive location in the external document storage configuration so that the generated contract documents and document templates are stored in a single location.

            Required Editions

            User Permissions Needed
            To view named credentials: View Setup and Configuration
            To create, edit, or delete named credentials: Customize Application
            To authenticate on Microsoft Azure: Azure Tenant Administrator access
            1. From Setup, in the Quick Find box, enter Named Credentials, and then select Named Credentials.
            2. From the actions menu, select New Legacy.
            3. For Label, enter MicrosoftApp.
            4. For URL, enter https://graph.microsoft.com/v1.0.
            5. For Identity Type, select Per User.
            6. For Authentication Protocol, select OAuth 2.0.
            7. For Authentication Provider, select the authentication provider.
            8. Select Start Authentication Flow on Save.
            9. Select Generate Authorization Header.
            10. Save your changes.

              The named credential’s authentication status changes to Authenticated when Microsoft Azure is authenticated.

              Note
              Note If your Microsoft account is already authenticated in your current browser session, you can successfully authenticate your named credential. If not, authenticate your named credential by using your Microsoft account credentials.

            Configure External Document Storage for Disclosures

            Specify the Microsoft OneDrive location in the external document storage configuration to store the generated disclosure documents in a single location.

            Required Editions

            User Permissions Needed
            To view the settings: View Setup and Configuration
            To create, edit, or delete named credentials: Customize Application
            To authenticate on Microsoft Azure: Azure Tenant Administrator
            1. From Setup, in the Quick Find box, enter External Document, and then select External Document Storage Configuration.
            2. Click New.
            3. Select Disclosure as the target object.
              Note
              Note If you store all the documents in the same OneDrive account irrespective of the target object, and the authentication provider and named credentials are the same for all objects, then you can select the target object as All.
            4. Select All or a disclosure record type that you created.

              Each disclosure record type must have a corresponding entry in the External Document Storage Configuration.

            5. Enter the SharePoint drive ID for the external document storage identifier.

              The SharePoint drive ID is generated when you create a SharePoint site. See Create a SharePoint Site for Net Zero Cloud.

            6. To determine where you want to store the documents, enter the document folder path, for example, Disclosure/DisclosureAndComplianceHub.

              Salesforce sets up the folder structure inside the SharePoint site that you created to store document templates and disclosure documents.

            7. Select the named credential that you created for the Microsoft app.
            8. Select Microsoft OneDrive as the storage drive type.
            9. Save your changes.
            10. Repeat these steps for the Document Template target object.

            Configure External Document Storage for Information Library

            Specify the Microsoft OneDrive location in the external document storage configuration to store the Information Library documents in a single location.

            Required Editions

            User Permissions Needed
            To view the settings: View Setup and Configuration
            To create, edit, or delete named credentials: Customize Application
            To authenticate on Microsoft Azure: Azure Tenant Administrator
            1. From Setup, in the Quick Find box, enter External Document, and then select External Document Storage Configuration.
            2. Click New.
            3. Select Information Library as the target object.
              Note
              Note If you store all the documents in the same OneDrive account irrespective of the target object, and the authentication provider and named credentials are the same for all objects, then you can select the target object as All.
            4. Enter the SharePoint drive ID for the external document storage identifier.

              The SharePoint drive ID is generated when you create a SharePoint site. See Create a SharePoint Site for Net Zero Cloud.

            5. To determine where you want to store the documents, enter the document folder path, for example, InformationLibrary.

              Salesforce sets up the folder structure inside the SharePoint site that you created to store document templates and disclosure documents.

            6. Select the named credential that you created for the Microsoft app.
            7. Select Microsoft OneDrive as the storage drive type.
            8. Save your changes.

            Deploy Salesforce Disclosure and Compliance Hub for Microsoft 365 Word App

            Centralize the deployment and assign the Salesforce Disclosure and Compliance Hub Connector for Word app to users so that they can use the Salesforce Disclosure and Compliance Hub for Microsoft 365 Word add-in.

            Required Editions

            User Permissions Needed
            To deploy the add-in app to users: System Administrator with Azure Tenant Administrator access
            To deploy the Salesforce Disclosure and Compliance Hub for Microsoft 365 Word add-in, go to the Salesforce Disclosure and Compliance Hub Connector for Word page. Then, log in to the Microsoft 365 admin center or search for the add-in app in Microsoft AppSource.

            See Also

             
            Loading
            Salesforce Help | Article