Skip to main content
The Salesforce integration syncs Verilock verification outcomes to your Salesforce CRM. Approved verifications create or update Contacts, while rejected verifications create Cases for compliance review.

Prerequisites

  • Salesforce Professional, Enterprise, or Unlimited edition
  • System Administrator profile or Connected App permissions
  • Verilock Enterprise plan

Setup

1

Create a Connected App

In Salesforce Setup, navigate to App Manager > New Connected App and configure:
  • Connected App Name: Verilock Integration
  • API (Enable OAuth Settings): Checked
  • Callback URL: https://verilock.io/api/v1/integrations/salesforce/callback
  • OAuth Scopes: Full access (full), Perform requests at any time (refresh_token, offline_access)
Click Save and wait 2-10 minutes for the app to activate.
2

Retrieve Consumer Credentials

After the Connected App is active, click Manage Consumer Details. Copy the Consumer Key and Consumer Secret.
3

Configure in Verilock

Go to Dashboard > Settings > Integrations > Salesforce and enter:
  • Consumer Key: From step 2
  • Consumer Secret: From step 2
  • Username: Your Salesforce username
  • Password: Your password + security token
  • Environment: production or sandbox
Verilock uses the OAuth 2.0 Username-Password flow for server-to-server communication. Ensure the user has API access enabled.
4

Configure Sync Rules

Define how Verilock events map to Salesforce objects.
5

Test Connection

Click Test Connection to verify OAuth authentication. Verilock will query your Salesforce instance for available objects and fields.

Sync Rules

Verilock OutcomeSalesforce ObjectAction
Session approvedContactCreate or update
Session declinedCaseCreate
AML match foundCaseCreate (high priority)
Transaction blockedCaseCreate (high priority)

Field Mapping — Contacts

When a session is approved, Verilock creates or updates a Salesforce Contact:
Verilock FieldSalesforce FieldNotes
applicant.first_nameFirstName
applicant.last_nameLastName
applicant.emailEmailUsed as lookup key
applicant.phonePhone
applicant.date_of_birthBirthdate
applicant.addressMailingStreetFull address
applicant.countryMailingCountryISO 3166-1 alpha-2
session_idVerilock_Session_ID__cCustom field
risk_scoreVerilock_Risk_Score__cCustom field
decisionVerilock_Status__cCustom field
Custom fields (Verilock_Session_ID__c, Verilock_Risk_Score__c, Verilock_Status__c) must be created in Salesforce before enabling the integration. Use the provided package link in your dashboard to auto-create them.

Field Mapping — Cases

When a session is declined or an AML match is found, Verilock creates a Case:
Verilock FieldSalesforce Field
Event typeSubject
Full event payloadDescription
Risk scorePriority (mapped: 0-30 Low, 31-60 Medium, 61-100 High)
Session/screening IDVerilock_Session_ID__c
applicant.emailSuppliedEmail
Event categoryType

Example Payloads

{
  "FirstName": "Jean",
  "LastName": "Dupont",
  "Email": "jean@example.com",
  "Phone": "+33612345678",
  "Birthdate": "1990-05-15",
  "MailingCountry": "FR",
  "Verilock_Session_ID__c": "ses_a1b2c3d4e5f6",
  "Verilock_Risk_Score__c": 12,
  "Verilock_Status__c": "Approved"
}

Duplicate Handling

Verilock uses the applicant’s email address as the lookup key for Contacts. If a Contact with the same email exists, it is updated instead of creating a duplicate.
Enable Salesforce duplicate rules to catch edge cases. Verilock respects Salesforce duplicate rules and will report errors if a duplicate is detected and the rule is set to block.

Troubleshooting

Verify the username, password, and security token are correct. The password field should be your password concatenated with your security token (e.g., mypasswordABCDEF123). Ensure the user profile has API access enabled.
Install the Verilock managed package from the link in your dashboard, or manually create the custom fields on the Contact and Case objects.
Sandbox instances use test.salesforce.com for login. Ensure the correct environment is selected in the Verilock dashboard.