Skip to main content
GroupsSalesforce Connect
Group

Salesforce Connect

This group is the official discussion forum for customers and partners who are using Salesforce Connect (previously known as LIghtning Connect). It's a forum for customers to provide feedback, requirements and share ideas. Customers may also leverage this group to collaborate with each other on best practices. This group is maintained and moderated by a salesforce.com employee(s). The content received in this group falls under the official Safe Harbor. Please also see our official Salesforce Customer Community Terms of Use
Ask a question...
Jonathan Green (Salesforce Architect at Compassion International)
Nov 5, 2025, 12:53 AM
Snowflake Deadline approaching: How can we use Programmatic Access Token with Snowflake?

(My colleague Adam Yost who you'll see in previous comments here posted about this, but I can't see the post and I wonder if it's hidden from others as well. He's the original author and I've only made a few editorial additions.) 

 

We use SF Connect for external objects that hit Snowflake. Last year we followed all the steps to set up the connection and it authenticates the principal with a username/password (it must be done manually with a pop-up interface to log in to Snowflake). The service stops working every few months and we have to manually re-authenticate - but that's not today's topic. 

 

Snowflake will remove the password option soon (here's their published schedule) - we have until June 1 to transition to a Programmatic Access Tokens (PAT) - a very long string. We were told this would be easy - just use the PAT in place of the password. 

 

But we have tried this and it doesn't work. We created a PAT in Snowflake. When authenticating the principal in SF the popup takes me to log in to Snowflake. I enter the username and PAT and get an "invalid password" error. I'm told that Snowflake does not accept PATs via the browser login.

 

Are we supposed to be able to use PATs in the setup for Snowflake connections?

  

My searches so far seem to imply that Salesforce Connect does not support the use of PATs. If that is true, what are we supposed to do when Snowflake enforces PAT usage?

 

This Snowflake document mentions "You can also use a programmatic access token as a replacement for a password in the following: Third-party applications that connect to Snowflake (such as Tableau and PowerBI)" but does not mention Salesforce.

 

*Adam's Disclaimer

: Security language is Greek to me. I don't understand all the terms. Named Creds, External Creds, oAuth - all blur together for me. But for now I'm the developer on the task to move from password to PAT.   

 

CC: 

@Ross Belmont, @George Blouin

6 answers
  1. Ross Belmont (Salesforce)
    Nov 5, 2025, 6:58 PM

    @Jonathan Green

    Here are the options I see, in no particular order: 

     

    1. Our documentation as-is highlights OAuth, lining up to what Snowflake calls Human Users, which will continue to work. (It wouldn't make much sense to cut off all access to Snowflake for human beings.) This is how my demos are configured, even though Snowflake made a change that requires humans to use MFA when they're logging in.
    2. The PAT option essentially acts as an API key, though they're trickier to create, may involve what Snowflake calls a network policy, and require rotation every year (according to my read of their doc). What I would do in your shoes is generate that token and treat it like an API key using this pattern from Named Credentials. You can try that literally today.
    3. Looking ahead into future releases, we want to expand the support for JWT in Named Credential to account for what Snowflake calls key-pair rotation. That might even work today, as long as the cert was created by an authority Salesforce trusts.
      1. The typical challenge there is that the way Snowflake instructs customers to create the certs is essentially by self-signing using command line tools: you're creating both the public and private side yourself. You can't use those certs for inbound scenarios in Salesforce–that's been the case for many years—but that doesn't mean we can't support them for outbound scenarios with Named Credentials. Our goal is to put that in place in the Summer release, giving you 3 different options in total.

     

    cc

    @Andrea Guzman

Write an answer...
0/9000
Jonathan Green (Salesforce Architect at Compassion International)
Jan 17, 2025, 12:14 AM
Did Spring 25 break Salesforce Connect?

Really excited to tell everyone I know that the Spring '25 release notes bring Snowflake Views! (@Ross Belmont

and his team to the rescue! ) All sorts of new use cases can be evaluated now for this connector.  

 

But... we haven't been able to experiment with these yet because... Validate & Sync seems to be broken in all of our Spring '25 preview sandboxes.  

 

We have 4 sandboxes that use external objects connected to Snowflake. 2 are broken and both are on Spring '25. (We have opened Case #469518267 for this issue.) 

 

Prior to authenticating the Principal, we would see expected errors about the authentication failing. After authenticating, the internal server error started.  

 

When clicking the "Validate and Sync" button on our the Snowflake External Data Source, we get an internal

Salesforce error.

 An internal server error has occurred

 An error has occurred while processing your request.

 Error ID: 1172090765-16154 (-1594132758)

 

 

We can still connect to Snowflake from the org (we can confirm via the External Data Source Tracer), so the crash seems to happen after it's connected.  

 

It all seems to be dead now... no external data displays and we can't validate & sync.  

 

Anyone else seeing the same issue? 

 

CC:

@* Release Readiness Trailblazers * 

9 answers
  1. Ross Belmont (Salesforce)
    Jan 30, 2025, 9:28 PM

    I would need a time machine to be 100% sure which fix resolved the issue in this particular org—we added error handling in a few places—but the takeaway is customers should not see this error during Validate & Sync any longer.

    If you do, please contact support. And thanks for getting in touch!

Write an answer...
0/9000
Purna Sai Ram Yeluri (Application Developer at IBM)
Oct 21, 2020, 4:31 PM

Hello, 

I merged my salesforce account (Created with company mail Id) with another salesforce account (created with my personal mail id). Now i removed my company id from the profile. Whenever i try to create a new playgroud in trailheads, it is creating a user with the company Id.

How can i permanently remove the company id from my profile.

 

NOTE: I removed company id from my profile (Settings). Still it is appearing in new trailhead playground.

3 comments
Write a comment...
0/9000
Jonathan Green (Salesforce Architect at Compassion International)
Mar 26, 2024, 11:28 AM
Salesforce Connect: SQL, Snowflake can't see Views?

We have a number of use cases for Virtualizing data from #Snowflake. As we get started, we can connect, sync, configure multi-column external id... but Validate and Sync only shows Tables, not Views. 

 

How can we use this Salesforce Connect SQL for Snowflake adapter to virtualize Views, which is our primary way we expose our data in Snowflake? 

 

CC: @Ross Belmont

 

#Integration @Integration

 

(PS I thought I posted this yesterday, but I don't see it... sorry of this is a re-post)

7 answers
Write an answer...
0/9000
Joanne Dority (Senior Solutions Engineer at Independent)
Jun 4, 2024, 5:17 PM
EXTERNAL_OBJECT_EXCEPTION: Error calling service for action: QUERY, status code: 422, message

Hello All -

 

Previously I had my Salesforce Connect - Snowflake connection working just fine.

 

It still authenticates, still validates and syncs successfully, except when I try to query the external object I am now receiving the following error.  

 

I have tried adding Database and Schema Parameters, DEFAULT_NAMESPACE custom header, etc. but no such luck.   @Ross Belmont

Any hints would be appreciated!

 

EXTERNAL_OBJECT_EXCEPTION: Error calling service for action: QUERY, status code: 422, message: Unable to run the command. You must specify the warehouse to use by either setting the warehouse field in the body of the request or by setting the DEFAULT_NAMESPACE property for the current user.

3 answers
  1. Ross Belmont (Salesforce)
    Jun 4, 2024, 7:14 PM
    Hmm, I’ll keep an eye out for this. Curious if others send similar comments through support.
Write an answer...
0/9000
Jonathan Green (Salesforce Architect at Compassion International)
Apr 20, 2024, 5:20 PM
Why can't SQL/Snowflake Adapter not handle UpdateAsync? (Internal Salesforce.com Error)

Has anyone had success using any of the database async methods with the SQL adapter? I'm trying with Snowflake and while database.updateImmedate() works without issue, database.updateAsync() returns the dreaded: 

FATAL_ERROR Internal Salesforce.com Error

I've tried every combination per the docs of updateAsync with a single record or a list of records, with/without access level (tried user and system levels), with/without callback class. 

 

Would love to hear anyone else's experience with this. Thanks! 

1 answer
  1. Ross Belmont (Salesforce)
    Apr 23, 2024, 1:05 PM

    Always grateful to have you help us kick the tires, Jonathan!

     

    We’ll have to look at this and figure out what we can do. The underlying problem is that some high-scale vendors have both synchronous and asynchronous processing options “natively,” but some don’t. Snowflake offers both, but all requests in Athena are asynchronous. (I believe the thinking there is that any given query they may need to walk over an enormous data set and return results minutes later…but that is problematic for use cases like the Lightning UI.)

     

    Right now, we’re just sidestepping this and delivering on a simpler happy path whereby smaller queries that can reliably work synchronously run right in line with the rest of your processing. I won’t promise Salesforce Connect will exhibit client behavior you’d consider ideal for every workload, especially with larger queries that would take a minute or more to return that need to be processed asynchronously. We will make trade-offs to prioritize many, smaller queries working well.

     

    That said, it would help to hear more about the shape of the async processing you need to do. How many records are you moving around? What are you really trying to accomplish? Feel free to send that as a separate thread if you don’t want to post it here.

Write an answer...
0/9000
Jeff Rutter (Salesforce Architect at SolomonEdwards)
Mar 21, 2024, 8:26 PM
Does Salesforce Connect allow 2 call centers to share cases and work each others cases?

Hi!

 

I got an interesting use case (at least it is interesting to me) because I have 2 different call centers that want to keep their own Salesforce orgs, but work each others cases. My first thought was Salesforce 2 Salesforce, but that seems to be headed towards sunset if not there already. 

 

My question is with Salesforce Connect and Org Adapter aspect of things does my use case fit for Salesforce Connect or should I be looking elsewhere? The call centers are high volume and 24/7 based so I ideally want to figure out if I'm barking up the right tree here. 

 

Appreciate any input or validation to this. 

 

Thanks. 

 

Jeff

1 answer
  1. Jonathan Fox (Cooper Parry) Forum Ambassador
    Mar 24, 2024, 8:45 AM

    There will be latency with the connect, and I'd still be worried that there would be duplicated work or confusion.

    From an architects perspective, just because they want to keep their orgs, isn't a good enough reason to build out a process like you're trying.

    Dig into why they want to keep their orgs and why they need to work each others cases. I suspect there is a middle ground to either bring them into the same org with same processes OR they work as individual orgs (unless there is a huge difference in processes OR data residency issues, I'd be leaning towards same org)

Write an answer...
0/9000
Surya vvsn (Developer at TCS)
Mar 4, 2024, 4:49 PM
In OData Services, we have a limitation like Your organization has exceeded the maximum number of external data sources of this type. Purchase another Salesforce Connect add-on, or delete an external data source of one of the following types:

Hi,

 

Our requirement involves receiving data from multiple services within SAP. I've already created one External source with one url https://abc.sap.com/AAABBB22. If I'm trying to add another url, I'm getting error like: "Your organization has exceeded the maximum number of external data sources of this type. Purchase another Salesforce Connect add-on, or delete an external data source of one of the following types:"

But my other  exrternal source urls contains like https://abc.sap.com/AAABBB44  / https://abc.sap.com/AAABB876.

 

Is it feasible to set up a base connection within the external data source (e.g., https://abc.sap.com/) and dynamically pass child URLs (such as https://abc.sap.com/A000123 and https://abc.sap.com/A000456/) within the code (Custom adapter)? #Integration #API #RestAPI

5 answers
  1. S B
    Mar 11, 2024, 5:59 PM

    When trying to expose SAP ECC data the issue is that you are trying to bring over each and every SAP table (i.e. EKKO, EKPO, LIKP, LIPS, etc.). You are going to quickly overrun the odata connection limits and then you have to spend $$! Do not try and bring over every PO, Sales Order, Delivery from your back end. This is not how an interface to SAP should be developed. Use Filters, Publish/Subscribe and other techniques to improve the data quality of what you expect to expose to the SF user. 

Write an answer...
0/9000
Yann COLLERY (Gestionnaire salesforce at Ponant)
Feb 9, 2024, 3:05 PM
Salesforce connect: update not working

Hi everybody,

 

We have set up two external servers, the first for hosting our external database and the second for hosting the .Net solution.

We have exposed several methods for reading (GET), creating (POST), updating (PATCH and PUT) and deleting (DEL) data through this gateway in Odata.

All our tests from the Postman tool work correctly.

We then configured Salesforce Connect in Odata 4.00 version which we linked to this server.

We are successfully synchronizing two external objects named ArchivedEmailMessage and Subscription_ext.

We manage to insert data into these two tables which we can load for reading at the salesforce interface.

Deleting these records is also possible.

We are encountering difficulties updating this data which gives us a 405 method not allowed error.

The method applied by salesforce in "POST with X-HTTP-METHOD header set to PATCH" does not seem to be recognized by the method in .Net.

Having been unable to get a solution from support, we therefore upgraded the connector to Odata 4.01.

All parameters were set correctly which allowed us to operate the data insertion, reading and deletion methods.

Unfortunately, the update method still doesn't work.

We encountered error 400 which was resolved by removing control over the object model sent by salesforce.

A 500 error appeared after that and logs on the server recovered the following error: "Microsoft.OData.ODataException: An OData version of 4.01 was specified and the maximum supported OData version is 4.0."

We added additional code to try to correctly interpret Odata 4.01 but returned to a 400 error with logs stating that the model sent was null.

 

Does anyone have a solution for us?

Write an answer...
0/9000
Paul Fischer (Solution Principal at Mphasis Silverline)
Jul 12, 2023, 6:48 PM
Refining / Filtering Global Search Results from an External Data Source

We are using Salesforce Connect to integrate an external system with Salesforce. We are using a custom Apex adapter with Salesforce Connect. Global search works well, but we'd like the ability to filter the global search results. Is this possible? I'd like to do something like the below but for an external object instead of  standard/custom object.

Refining / Filtering Global Search Results from an External Data Source

In the setup menu for the external object I see there is an area for search filters, but this doesn't seem to work and pull up the "Refine by" option when clicking on a specific external object after executing a global search.searchFiltersExternalObject.png

I've opened case #44893818 with support but they have not been helpful. TIA! 

3 answers
  1. Paul Fischer (Mphasis Silverline)
    Jul 14, 2023, 10:19 PM

    Thank you both! I don't think we implemented any of the Apex dynamic level filters in our Apex Connector which seems it leaves us lacking many standard features like filtering global search, list views, and reports. Although we are leveraging Connect it is still operating much more like the Request and Reply data virtualization pattern. I wish we could have used Odata, but are limited by the customer's external system. We have one API we call for global search to pass the whole search phrase, and another when searching orders from case in a more structured manner. Thankfully the search from case doesn't make filtering global search a "must-have" for go-live. We will look at enhancing both the API and the Apex Connector in the future. Thanks again.

Write an answer...
0/9000