Using the TopClass – Salesforce Bridge

The TopClass–Salesforce Bridge provides a seamless two-way integration between your AMS and LMS:

• Real-time profile sync: Individual and group account records created or updated in Salesforce are synchronized to TopClass when users log in to TopClass or during scheduled sync processes.
• Single Sign-On (SSO): Members log in to your website through Salesforce and are automatically logged into TopClass when they launch TopClass by clicking the TopClass button in Salesforce.
• Product and enrollment management: Training products maintained in Salesforce are created and updated in TopClass during scheduled synchronization, reducing the need for duplicate data entry.
• Completion writeback: TopClass can write completions and credits back to Salesforce, with flexible options available during implementation, such as completions and credits.

This integration ensures accurate data flow, reduced manual effort, and seamless access to learning activities for members.

Prerequisites

TopClass uses the Salesforce REST services to integrate, so the following information will need to be made available to initiate any integration:

• Salesforce test server with URL and test account credentials
• URL of REST API endpoint
• Username and password for a Salesforce test user that can be used to access the endpoint
• A Client ID and Client Secret
• An API Version.

Single Sign On (SSO)

TopClass’ Salesforce integration can use either SAML or oAuth, but the default implementation is SAML.

The following process describes the default SSO SAML process between TopClass and Salesforce:

1. Identity provider and service provider
   • Salesforce acts as the Identity Provider (IdP).
   • TopClass acts as the Service Provider (SP).
   • Salesforce issues a SAML assertion that contains user information.
2. User authentication
   • A user logs into Salesforce first.
   • Since TopClass’ Salesforce integration includes SSO, the user will be seamlessly logs into TopClass if authenticated via Salesforce.
3. SAML assertion
   • After authentication, Salesforce generates a SAML assertion for the user.
   • This assertion is sent to TopClass as part of the SSO process.
   • The assertion includes a user identifier that TopClass uses to match the user.
4. Assertion validation
   • TopClass validates the SAML assertion received from Salesforce.
   • If the assertion is valid, TopClass extracts the user identifier.
5. User login to TopClass
   • With the user identifier from the SAML assertion, TopClass initiates the user JIT integration.
   • The user logs into TopClass automatically.

Data flow: Salesforce > TopClass

TopClass’ Salesforce Bridge allows the transfer of several different types of information from Salesforce to TopClass:

• Data synchronization: The bridge uses the Salesforce REST API with SQL queries to retrieve required information. Each integration point requires a query, with sample fields provided in Appendix B.
• User information: User accounts are synchronized via ETL (batch) jobs or Just-in-Time (JIT) updates at authentication. ETL can run on a schedule to sync all users, while JIT creates or updates users on-the-fly.
• Group information: Groups created or updated in Salesforce are synchronized to TopClass using ETL, with scheduled reports after each sync.
• Product (Online and ILT activities) information: Training products and activities are transferred from Salesforce to TopClass via ETL batch jobs, with separate syncs for Online and ILT activities. Reports are generated after each run.
• Registrations (Online and ILT activities) information: The TopClass Salesforce integration bridge can hook into user registration for activities in TopClass from Salesforce.

Data synchronization

The TopClass Bridge uses the Salesforce REST API to integrate with Salesforce. Salesforce SQL queries are used to retrieve the required information via the REST API. TopClass Support requires a query to be provided for each integration point that is needed between TopClass and Salesforce. Appendix B contains a list of sample fields for each integration.

User information

TopClass can retrieve user information from Salesforce using two different mechanisms. These can be used independently or together depending on requirements:

• ETL batch job: The ETL batch retrieves all user and group information from Salesforce that is required in TopClass. This is split into two distinct steps:

  • Synchronize all groups into TopClass.
  • Synchronize all users into TopClass and add the user to their Primary Group.

  The ETL process can be scheduled to run via the TopClass user interface on a repeating interval, and each time it runs a report is generated once the integration has completed.

  When data is synchronized via the ETL process, only records relating to users or groups that have changed since the last ETL process was run are extracted.

• Just-in-Time (JIT): The JIT mechanism retrieves and updates user information at the point of authentication. This allows the creation of users on the fly when they access TopClass for the first time.

📘

Note

It is possible to use both the ETL and JIT processes in parallel. For example, the ETL integration can run overnight to synchronize all users, while the JIT process can run during the day to pick up users who are created in Salesforce.

Group information

The TopClass Salesforce Bridge can create and update groups in TopClass from Salesforce. Information about the group is pulled over from Salesforce as part of the group synchronization process. This integration is carried out via a batch ETL process. The ETL process can be scheduled to run via the TopClass user interface on a repeating interval. Each time the process runs, a report is generated once the integration has finished.

Product (Online and ILT activities) information

The TopClass Salesforce Bridge can create and update activities in TopClass from Salesforce. Two separate syncs can be configured (Batch Online sync and Batch ILT sync) to allow product information to be transferred from Salesforce into TopClass. This integration is carried out via a batch process (ETL). The ETL process can be scheduled to run via the TopClass user interface on a repeating interval, and each time it runs a report is generated once the integration has completed.

Registrations (Online and ILT Activities) Information

The TopClass Salesforce integration bridge can cater for the registration of user into activities in TopClass from Salesforce (based on the user successfully registering or purchasing access to a product in Salesforce).  This integration is carried out via a JIT process when the user signs into TopClass, ensuring their latest purchases are always available to them.

Data flow: TopClass > Salesforce

As part of the Salesforce integration, TopClass can perform a write back of data to Salesforce (most commonly, this would relate to completion and transcript information; however it can also be used to write back user profile data and TopClass enrollments, if required). Further details on additional writebacks can be provided upon request.

The following are a sample of the fields that are typically configured to be written back as part of the completion's writeback.

Responsibilities: TopClass Support & Customer

TopClass Support and the customer are expected to manage the following responsibilities.

Appendix A – SSO Configuration

The following steps are necessary to configure the Single Sign On components in Salesforce:

1. Create a new Custom Domain in Salesforce.
2. Create a new Connected App. The following are sample values:
   • App Name: TopClass
   • Start URL: https://yourdomain/topclass/login.do
   • Entity ID and ACS URL can have the same value as the Start URL
   • Subject Type should be Username
3. Download the Identity Provider Certificate and provide it to TopClass Support.
4. Create Permission Sets: In order to view the new connected app you created, you need to set up a new permission set and assign it to users. Do the following in Salesforce:
   1. Go to Quick Find >Permission Sets > New.
   2. Give it any label and API name, then click Save.
   3. Select Assigned Connected Apps.
   4. Click Edit.
   5. Move the connected app into Enabled Connected Apps select box and click Save.
   6. Select Manage Assignments and assign the permission to the desired users.
   7. These users can now launch the Connected App from the App Launcher in Salesforce

Appendix B – Sample Data

The following are the minimum fields TopClass requires in SQL queries for the REST API:

• User First Name
• User Last Name
• User Email
• User ID - Used as an identifier to link accounts in Salesforce and TopClass
• User Username - TopClass does not support spaces in username fields

Additional Profile Fields

You can include any number of additional profile fields in the user sync. These are defined during the requirements process.

Groups

As part of user creation, you can also add users to groups in TopClass. Groups can be used to:

• Target training to specific members
• Organize users by organization, location, or other attributes

By default, TopClass supports:

• Single group mapping to a company ID
• A comma-separated list of group strings when performing UserJIT

Considerations when using groups:

1. Do you have a flat or hierarchical organization structure in Salesforce? TopClass supports hierarchical groups.
2. How will group membership be determined on user creation or update?
3. Should users be removed from groups if they are no longer eligible (for example, they leave a company in Salesforce)?