You can translate the document:



This document describes how to connect to Denodo from Salesforce Connect External Data Source.

Connecting Using Denodo’s OData Service

Salesforce Connect can connect to external data sources that expose their data through OData. Salesforce Connect could imply an extra cost depending on the edition you have. Check your Salesforce rep to know if you have such option.

Denodo 7.0 provides an OData 4.0 compliant interface, through is “Denodo OData service”. The OData Service is available at:

http://localhost:9090/denodo-odata4-service/denodo-odata.svc/<database name>/

Note the segment “<database name>” is mandatory

Note for Denodo 6.0 users

The OData Service is not bundled within Denodo 6.0. You must install the OData Service component that can be found in the Denodo Support Site – Denodo Connects section.

Once the Denodo OData Service is installed and configured we can connect to it from Salesforce. The rest of the steps in this guide are the same.

Creating the External Data Source in Salesforce

A Salesforce’s external data source specifies how to access an external system. Salesforce Connect uses external data sources to access data that's stored outside your Salesforce organization. More info at

Salesforce External Data Source Preconditions:

  • The external data must be exposed by a service that uses Open Data Protocol (OData) Version 2.0 or 4.0. Such a service is called an OData producer.
  • The URL for reaching the OData producer must be accessible by Salesforce application servers through the Internet. You can allow access by white-listing Salesforce server IP addresses on your corporate network firewall or by setting up a reverse-proxy XML Gateway.

Follow the instructions in this link to Define an External Data Source for Salesforce Connect - OData 2.0 or 4.0 Adapter

Define an External Data Source for Salesforce Connect—OData 2.0 or 4.0 Adapter

The steps to create an External Data source in Salesforce are summarized below:

  1. Enter in your Setup section
  2. In the “App Setup” section select “Develop” – “External Data Sources”
  3. Select “New External Data Source”


Salesforce Connect allows multiple methods of authentication as a Denodo client. The main focus of this section is to explain how to configure a secure connection through HTTPS, despite that, it is also possible to configure a non-secure version with No Authentication. This insecure configuration is strongly discouraged and not recommended at all, but it can be useful for testing purposes.

The next sections will describe in detail the steps to set up the authentication for External Data Sources.

Password Authentication

It’s required for Salesforce Connect to have HTTPS in the sources which are accessed in order to use a user/password authentication, hence we need to configure it for the embedded Apache Tomcat in Denodo as it is the container managing the OData endpoint.

Note: When using an HTTPS address, the authentication is allowed but the certificate can’t be self-signed but signed by one of the CA allowed by SFDC. Salesforce trusts only root certificate authority (CA) certificates, with few historical exceptions. Salesforce's certificate trust policy is to require server and client certificate chains to include all intermediate certificates that exist between the server or client certificate and the chain's root certificate. Salesforce will not honor requests to add intermediate certificates to its trust list. Salesforce trusts many generally trusted root certificates, but not all. Review the list at Outbound Messaging SSL CA Certificates for the root CA certificates that Salesforce trusts.

The steps to enable HTTPS in the Denodo Apache Tomcat container are:

  1. Obtain and install an SSL/TLS certificate for the Denodo server, you can follow the steps in the Denodo Platform Installation Guide. As highlighted in the previous note, you will need to keep track of the full chain certificate that has all the intermediate certificates between the server and the chain’s root certificate. Salesforce Connect needs that certificate to trust the connection.
  2. Next step is to enable HTTPS in the Embedded Apache Tomcat. You can achieve this step following the following section of the Denodo documentation Enabling HTTPS in the Embedded Apache Tomcat. Remember to include the correct certificate and to restart all the Denodo servers to load the new configuration after changing the files.

Once enable HTTPS in the Denodo Apache Tomcat, you can create the External Data Source in Salesforce using “Password Authentication”.

  1. Fill the URL field with the appropriate HTTPS protocol and port (default port of Denodo Apache Tomcat for HTTPS is 9443). Select Identity Type “Per User”, Authentication Protocol “Password Authentication” and introduce the username and password (that user/password must be a valid user in Denodo).

  1. When using Password Authentication, Salesforce requires to configure an External Data User Authentication associated with a user and the External Data Source. Creating the configuration must be done in the section
    “My Connected Data” >> “Authentication Settings for External System
    Set up a new user authentication for third-party systems and associate it with the External Data Source previously created.

  1. Once the configuration is finished and saved, a new External Data User Authentication row will appear under the External Data Source previously created meaning that it’s all set for automatically authenticate the Salesforce user.

No Authentication

In case you do not have a valid SSL certificate (remember self-signed certificates are not allowed by Salesforce), you can instead use an HTTP connection without authentication. Note that in this case, the Denodo OData service needs to be configured with a debug parameter to skip the authentication. This authentication method should be used for development and testing only. With this method, Salesforce connects to Denodo without credentials and through an insecure channel, so the communication could be accessible and visible for anyone intercepting packets in the network.

Creating the External Objects

Once the external data source is defined, click on “Validate and Sync” and Salesforce will show the external objects available in your OData Service. You can select them and click Sync to create an External Salesforce Object for each selected entity of the service OData. These external objects map the schema of the OData service. It is important to know that syncing does not create a copy of the data, only the schema is synchronized. If there is a change in the OData schema, it will not be automatically synchronized into Salesforce. In this case, it is necessary to resync to update the schema in the External Salesforce Object.

Using the External Objects

Those objects can be now used in your SOQL queries and you can also create a tab to show the information from them by clicking on “App Setup” – “Create” – “Tabs”

Select the external object that will be used

Add a short description, click on next until saving the tab. A new tab will be created in Salesforce.

Click on that tab and select ‘Edit’ to edit the default view (or create a new one by selecting ‘Creating New View’). Select the fields to be shown in the view. Note: Due Salesforce limitation, you can not select more than 15 fields.

The data from the Denodo View can now be accessed from the new tab


  • Use Free-Text Search Expressions:  this option in the creation of the external Data Source is not supported by Denodo Odata Service because it has not available the query option $search.


Ask a question

You must sign in to ask a question. If you do not have an account, you can register here