Suger

Salesforce

Integrate Suger with Salesforce to create private offers, manage contracts, and co-sell across AWS, Azure & GCP Marketplaces directly from your CRM.

Overview

This guide walks you through integrating Salesforce with Suger, enabling your sales and business teams to:

  • Create marketplace offers directly from Salesforce opportunities
  • Manage co-sell referrals within your existing CRM workflow
  • Sync opportunity data between Salesforce and marketplace platforms
  • Streamline collaboration between sales teams and marketplace operations

Prerequisites

  • A Salesforce Administrator account
  • A Suger organization account and API Key
  • Installation link for the Salesforce package (Production or Sandbox)

Installation

Install the Salesforce Package

Install the Suger package from the AppExchange:

  1. Click Get it Now
  2. Log in with your Salesforce Admin account
  3. Choose Install in Production (or Sandbox)
  4. Select Install for Admins Only / All Users / Specific Profiles
  5. Click Install

Set Up Integration User

To connect Suger with Salesforce, you need a dedicated Integration User account. This user will authenticate via OAuth 2.0 Web Server Flow and allow Suger to communicate with your Salesforce org using REST APIs.

Creating a dedicated Integration User ensures:

  • Secure and isolated access for API calls
  • Easier troubleshooting and monitoring
  • No dependency on personal user accounts

Choose a License Type

When creating the Integration User, select one of the following license types:

License TypeWhen to UseNotes
Salesforce LicenseRequired if your field mapping involves any Quote object β€” standard Quote (Quote) or CPQ Quote (SBQQ__Quote__c)You must also assign a CPQ license to the user if you are using CPQ. The Salesforce Integration License does not grant access to Quote objects.
Salesforce Integration LicenseRecommended in most casesFree license, limited to API-only users (cannot log in via UI). Use with Salesforce API Only System Integrations profile

Create the Integration User

  1. In Salesforce Setup, go to Users β†’ New User.
  2. Enter a valid email address (required for activation).
  3. Assign one of the licenses listed above.
  4. For Salesforce Integration License, assign the Salesforce API Only System Integrations profile.
  5. Save and activate the user.

Assign Permission Sets

After creating the user, assign the necessary permission sets depending on the license type:

If using Salesforce License:

  • Assign the Suger Integrator permission set.

  • Create an additional permission set granting Read and View All access on:

    • Account
    • Contact
    • Opportunity
    • Any other objects/fields required in your field mapping

    If you are using standard Quote, grant Read access to Product2, Pricebook2, and Quote. The combination of these three permissions also grants access to QuoteLineItem (no separate permission is required).

If using Salesforce Integration License:

  • Assign the Suger Integrator (Salesforce Integration License) permission set.
  • Create a new permission set (with Salesforce API Integration as the license type) granting Read and View All access on:
    • Account
    • Contact
    • Opportunity
    • Any other objects/fields required in your field mapping
  • When creating this permission set, be sure to select Salesforce API Integration as the license. Note that it is Salesforce API Integration, NOT Salesforce Integration.

At this point, your Integration User is ready. You can now proceed to connect Salesforce and Suger via OAuth in the next step.

Configuration

To enable two-way communication, you need to:

  1. Allow Salesforce β†’ Suger (enter Organization ID and API Key in Salesforce).
  2. Allow Suger β†’ Salesforce (authorize access via OAuth).

Configure Salesforce to Access Suger

This step configures Salesforce so it can call Suger APIs.

  1. Get your Organization ID and API Key

    • Organization ID: found in Suger Console β†’ Settings β†’ Organization & Users
    • API Key: generate in Suger Console β†’ Settings β†’ API Client

  2. Open Suger app in Salesforce

    • In Salesforce, search for Suger under Apps and open it.

  3. Enter settings in Salesforce

    • Go to Settings inside the Suger app.

    • Fill in:

      • Organization ID
      • API Endpoint: https://api.suger.cloud
      • API Key (check no trailing spaces)

    • Click Save.

Configure Suger to Access Salesforce

This step configures Suger Console to connect to Salesforce using the Integration User.

  1. Go to Integrations in Suger Console

    • Navigate to Settings β†’ Integrations β†’ Salesforce.
    • Click Connect Now.

  2. Select Environment

    • Enter your Salesforce Subdomain (e.g., acme.my.salesforce.com).
    • Check Sandbox if you are connecting to a sandbox org.
    • Click Create

Find your Salesforce Subdomain in Salesforce Setup β†’ Company Settings β†’ My Domain.

  1. Verify the connection

    • Click Verify.

User Interface Setup

Enable Suger Widget on Opportunity Pages

Add the Suger Opportunity Quick Panel component to enable Suger features directly on opportunity records:

  1. Open Salesforce Setup β†’ Object Manager β†’ Opportunity β†’ Lightning Record Pages.
  2. Edit the Opportunity Record Page.
  3. In the Components panel, search for Suger.
  4. Drag and drop Suger Opportunity Quick Panel onto the page layout.
  5. Save and activate the page.

When configured, users will see New Offer and Co-sell buttons on Opportunity records.

Assign User Permissions

Your team will only see the correct Suger buttons if they are assigned the right Permission Set. Suger provides three permission sets:

Permission SetVisible FeaturesTypical Use Case
Suger User – MarketplaceMarketplace buttons only (e.g., New Offer)Sales team managing offers
Suger User – CosellCo-sell button onlyBusiness development team
Suger UserAll functionalitiesPower users, admins, or full-feature users

Example: If Jane Doe is assigned Suger User – Cosell, she will only see the Co-sell button in the Suger Widget.

Custom Permissions

Under the hood, button visibility is controlled by the following Custom Permissions (under the Suger namespace):

  • Create Offer
  • Create Referral

Authentication & Security

Suger connects to your Salesforce org via the OAuth 2.0 Authorization Code flow with PKCE, with Refresh Token Rotation, 30-day idle TTL, and IP allowlist enforced at the External Client App level.

See Salesforce App β†’ Authentication & Security for the full reference β€” OAuth flow, token storage, required admin policy settings, revocation, and transport security.

CRM Enrichment

Automatically populate Salesforce records with intelligence signals from Suger (engagement scores and marketplace metrics across AWS, Azure, GCP).

See Salesforce App β†’ CRM Enrichment for the full configuration guide β€” custom field setup, SOQL targeting, refresh-cycle controls, and sync progress tracking.

Suger AI Tools

Suger AI uses a middleware strategy β€” wrapping the Salesforce REST API directly.

Org-level only: Salesforce tools use the org-level integration credentials.

ToolDescription
salesforce_queryExecute a SOQL query against Salesforce
salesforce_searchExecute a SOSL search across Salesforce objects
salesforce_list_objectsList all available sObject types
salesforce_describe_objectDescribe an sObject type (fields, metadata, picklist values)
salesforce_get_recordGet a single record by sObject type and ID
salesforce_create_recordCreate a new record
salesforce_update_recordUpdate fields on an existing record
salesforce_delete_recordDelete a record by sObject type and ID

Troubleshooting

If a user still sees the wrong button after assigning the correct permission set:

  1. Check the user profile

    • Go to the user’s profile and verify whether Salesforce automatically enabled additional custom permissions when the package was installed.
    • If unnecessary permissions are enabled, uncheck them. (screenshot: user profile showing Custom Permissions section)

  2. Force refresh the page

    • Ask the user to refresh with Cmd+R (Mac) or Ctrl+Shift+R (Windows).

  3. Object / Field-Level Security (FLS)

    • Ensure users have Read/View All permissions on Account, Contact, Opportunity, and any mapped fields.

  4. API Only User / Login Access

    • Remember that Salesforce Integration License is API-only; business users need a full Salesforce License + proper Permission Set.

Removing the Integration

To completely remove the Salesforce integration:

From Suger Console

  1. Navigate to Suger Console β†’ Settings β†’ Integrations β†’ Salesforce
  2. Click the πŸ—‘οΈ Delete button
  3. This removes stored credentials from Suger

From Salesforce

  1. Go to Setup β†’ Connected Apps OAuth Usage
  2. Locate the Suger Connected App
  3. Click the User Count link
  4. Click Revoke (specific user) or Revoke All (all users)