Onfido logo home page
Watch a demo
Get in touch
Arrow back Back to guides

Onfido Salesforce Integration

Start here

This guide is to help you install and configure the Onfido Salesforce app. This includes applying permission sets and completing the Setup Assisstant. This guide is based on configuring your org in a Lightning Experience environment.

If you already have an older version of Onfido installed, see the migration guide for details on how to upgrade to the latest version.

Throughout the installation, you will be instructed to navigate through Setup. To do so, select the gear to the upper right and then Setup. Once in Setup, you can use the Quick Find box to find and navigate to the appropriate section:

Navigating to setup

Installing the Onfido Package

Open a new window and navigate to the following URL:


If you are not already logged into the org you wish to install the package into, Salesforce will prompt you to log in. If you already have Onfido installed, see the migration guide for details on how to upgrade to the latest version.

Install for Admins Only is recommended. This option allows for controlling access and permissions after the package has been installed. For further information, you can refer to the Salesforce documentation on Package Installations.

Install for Admins Only

For Approve Third-Party Access, check the boxes as shown in the following image:

Approve Third-Party Access

Select Continue to start the package installation when the modal appears.

Permission Sets

As part of the package, there are 3 Permission Sets: Onfido API User, Onfido Feature Set Access, and Onfido Setup. This section shows how to configure the package's Permission Sets and assign them to Salesforce users.

Onfido API User Permission Set

The Onfido API User Clone Permission Set will be assigned to the Site Guest User during the Setup in the Salesforce Site URL section. This will be done mid-flow of running the Onfido Setup app. The following objects will need Read rights regardless of which object you are running verifications from: Account, Case, Contact, Opportunity, User and Lead.

  1. Navigate to the Quick Find, then search for “Permission Sets”

Navigating to Permission Sets

  1. Select Clone next to the Onfido API User Permission Set

Clone API User Permission Set

  1. Enter in a new value for Label and select the API Name field which will automatically populate, then select Save

Cloned API User Permission Set

  1. Select the Onfido API User Clone Permission Set that was just created

Select cloned permission set

  1. Select Object Settings

Select Object Settings

You will need to select the following: Accounts, Cases, Contacts, Leads, Users and Opportunities to give Read Access to in Object Permissions.

If you have Person Accounts enabled, add permissions to the Person Account Record Type for the Account object as well.

Select for each of Accounts, Cases, Contacts and Opportunities

  1. Select Edit


  1. Check Object Permissions - Read, and select Save

Check read, then Save

Note: If you are upgrading the package and have already cloned the API User permission set, you may need to give Read access to the “Onfido Language Override” field which is on the Verifications object. On the cloned API User permission set, give Read access to the Applicant object.

  1. Navigate to System Permissions

System Permissions

  1. Select Edit

Edit System Permissions

  1. Check API Enabled, then select Save

Note: If you are in a Developer Edition org, you will not be able to check this option because you will get an error message later when assigning this permission set to the Guest User.

Onfido Feature Set Access Permission Set

The Onfido Feature Set Access Permission Set is used to provide your users access to Onfido identity verifications.

  1. Repeat the steps shown above to clone the Onfido Feature Set Access Permission Set
  2. Select the Onfido Feature Set Access Permission Set that was just cloned

Select the cloned permission set

  1. Navigate to Object Settings

You will need to select all of the following objects: Accounts, Cases, Contacts, Opportunities, User and Leads.

Add Read Object Permissions.

For the object you are running verifications from, you will need to also do the following:

  • Person Account - make sure Record Type is checked if running verifications from Person Accounts
  • Object Permissions - Read/Create/Edit/Delete
  • Field Permissions - Read/Edit on your fields used in the field mappings, which will also become required fields for your users to initiate verifications

  1. Select Manage Assignments

Select Manage Assignments

  1. Select Add Assignments

Select Add Assignments

  1. Select the Users who need access to the Onfido identity verification features, then select Assign

Assign users

Onfido Setup Access Permission Set

Previous installation instructions included setting up a permission set for the user(s) in charge of completing the Onfido setup wizard. This permission set is still a part of the package. Since it is typically a Salesforce user with System Admin access that is in charge of implementation, this permission set was deemed unnecessary since those users will already have access to all assets from the package as part of the package installation process.

Onfido Setup Assistant

The Onfido Setup Assistant will need to be completed to connect your Salesforce org to your Onfido account in order to retrieve your list of bots and devices and to initiate your bots from Salesforce.

Navigate to App Launcher then Onfido Setup.

App launcher


If you do not see the Onfido Setup app, either type “Onfido” to search for it or select the View All link at the bottom to see the full list of apps.

All Apps

To navigate to the Onfido Setup app using Salesforce Classic follow these steps:

  1. Click the Force.com App Menu

Force.com App Menu

  1. Select the Onfido Setup app
  2. Click the Setup tab

Setup tab

Account Setup

  1. Select Get Started
  2. If you have an existing Onfido Account:

    • select your region and enter your API Key
    • select Verify then Next
    • you can now proceed to creating a webhook with your Salesforce Site URL

Existing account

  1. If you do not have an existing Onfido Account and need to set one up:

    • select “I need to create a new account”
    • fill out the form
    • click Submit

New Account New Account

  1. Select Next
  2. Now you will have to enter the URL of the Salesforce site that will be used to accept status updates and other data coming from Onfido

Follow the instructions on this page to configure your site:

Follow the on-screen instructions

For additional information and detailed instructions, see the Setup the Salesforce Site URL section.

  1. After your site has been configured, copy-paste the URL into the field and select Next
  2. The next step involves selecting the site on which the Onfido verification form will be hosted. Your applicants will be sent here when completing their verification process. Follow the on-screen instructions:

Webhook URL

If using the same site from the previous step, the URL field is pre-filled for you.

If your organization has its own verification site, select the "Self-Hosted Site" option. Here a self-hosted site URL can be entered and saved. Note: Your site will need to have the Onfido verification system implemented. Click the Create the Onfido Check to view Onfido’s API documentation. For additional assistance, contact the team responsible for the development of the self-hosted site.

Self hosted URL

  1. Click Next once you are finished

Default report settings

The next part of the setup wizard is for selecting the reports available to your users when they initiate a verification for an applicant. All of the reports available from Onfido will be shown, including reports that your Onfido Account may not have the licensing for.

Select reports

  1. Check the Active boxes for the reports that you want to be available for your users

NOTE: If an unsupported or unlicensed report is checked as active your users will be able to select it when initiating a verification, but the applicant will see an error when they attempt to complete the verification process.

  1. Check the Default boxes for the reports that should be selected by default when a user initiates a verification for an applicant. Only one default can be selected per report type
  2. Once finished, select Next

If enabled, there will be an added step within the Onfido SDK asking for consent.

Customer consent flag

Data field settings

In this section you will determine how externally created applicants will be represented in your Salesforce org as well as the required fields that must be entered on a Salesforce record in order to run a verification. This will also be your object when running Onfido verifications and if at any time you wish to select a different object you will need to change your object and field mappings back in this section of the Onfido Setup app (as well as add the custom component or Visualforce Page to the page layout). You will map the Onfido object to a Salesforce object of your choice, and then map the Onfido fields to Salesforce fields. These will need to be custom fields if you are selecting Account, Case, Opportunity, User or Lead.

You will not need to create custom Salesforce fields if your object selection is Contact or Person Account.

For a Person Account, make sure Email is on the Person Account Page Layout (Salesforce Classic > “Person Accounts” in Quick Find > Edit Page Layout > Add Email field).

Your custom fields should be either "Email" or "Text" Data Type.

  • Click Add Object to add a new object or multiple objects
  • Click Add Row to add Onfido's fields to the Salesforce Fields (Note: If there are fields that are unmapped they will be removed.)
  • Click the Save button to save the mappings


  • Click into the Extracted Data Mapping tab (Note: this section is not required.)

    • Click Add Row to add fields
    • Click Save to save down mappings
    • Click Next to complete the 'Object Mapping Settings' section


Note: For Identity reports you must map the following additional fields and populate them on your Salesforce record: Street, City, State, Country, Postcode and Date of Birth. The Country field data must be the country 3 letter code in order to correctly return data for breakdowns.

Setup Salesforce Site URL

The following includes more in-depth steps with screenshots for setting up your Site used in the Account Setup portion of the Onfido Setup wizard. You will need to make sure that, besides having the secure URL, the Profile that is generated when the Site is or was created gets assigned the Onfido API User Clone Permission Set. Based on the object and fields that you will be mapping to, you will need to make sure you edit this Permission Set so that there are no issues with data that is passed between your Salesforce Org and Onfido.

Set up Salesforce site

In the Account Setup step documented above, there is a link to navigate to the Site Setup page in Salesforce. After clicking on the Sites to Setup link and navigating to the Sites page, continue with the following steps:

  1. Enter in a Site domain

    • Click Check Availability
    • Check “I have read and accepted the Salesforce Site Terms of Use"
    • Click Register My Salesforce Site Domain

Register domain

  1. Click New

Click new

  1. Enter Site Label and Site Name
  2. Select Site Contact
  3. Enter Default Web Address suffix
  4. Check Active
  5. Select Active Site Home Page
  6. Select Inactive Site Home Page
  7. Select Site Template
  8. Leave Clickjack Protection Level as default
  9. Click Save

Salesforce site edit

Now that the site has been created, you need to assign the Permission Set cloned and updated from the packaged Onfido API User permission set created in the Onfido API User Permission Set section so that the Site has the access it needs to control the flow of information between your Salesforce org and Onfido.

  1. Click Public Access Settings

Public accesss settings

  1. Click View Users

View users

  1. Click the Full Name of the Guest User

Full name

  1. Confirm your User is Activated


  1. Click Edit Assignments

Edit assignments

  1. Assign the cloned and updated version of the Onfido API User Clone Permission Set
  2. Click Save


  1. Go back to the Site Details Page by clicking the Site Label on the Sites landing page (You can use the Quick Find and search for “Sites”)
  2. Scroll down the page and copy the Custom URL (copy the secure URL), as well as the Path. You will paste this back in the Onfido Setup app and include “https://”. If you are in a production environment and have a domain with “http://”, change what’s entered in the Setup app step to “https://”.


  1. Paste this URL address into the input in the second step of Account Setup.

Paste url

Add the Onfido Verification Form Visualforce Page to Site

In the last step of Account Setup, it is possible to host the Onfido Capture Experience on the same site that was used in the second step. If that implementation option is executed, an Admin will need to add the visualforce page to the site. If the included guidance is not enough, use the following instructions with screenshots as an additional guide.

  1. Return to the Salesforce Sites Page by searching for “Sites” in Salesforce Setup
  2. Click on the Site Label for the site you are using

Site label

  1. After navigating to the detailed settings for the site, scroll down until you see a section called Site Visualforce Pages

Visualforce pages

  1. Click Edit

    • Select the onfidosf.onfido_verificationForm under "Available Visualforce Pages"
    • Click the Add button

Available Enabled

  1. Click Save

Adding Lightning Components to Record Pages

Included as part of the Onfido package is the Onfido Identity Verification lightning component. This lightning component will allow your users to initiate Onfido Verifications based on the object selected in the Data Field Settings step above and send the verification email to an applicant.

The Onfido Identity Verification lightning component needs to be added to the record page where you want it to be used.

  1. While on a Lightning record page, select the Setup gear and select Edit Page

Add to page

  1. Drag and drop the Onfido Identity Verification lightning component from the Custom - Managed section onto the main panel

Drag and drop component

  1. Save the edited lightning page

If this is the first time the lightning page for that object has been edited, the edited page may need to be activated. Activate the page as the default for the entire org, just a specific app, or according to profiles etc. as required for that specific record. To change the settings at any time, you can click on the blue Activation button while editing the lightning record page.

  1. On the next few screens, assign this Lightning Record Page as the App Default for the Onfido App

Activate page

  1. Select the App Default tab
  2. Select Assign as App Default
  3. Select the Onfido App
  4. Select Next until Save is available, and select Save

Activate page

Included with the package is an Onfido App that contains tabs for the objects that can be selected in Setup. If your org has its own app or configuration and you want to activate the lightning record page for the entire org or for specific record types or profiles etc., select the other options. The Onfido Verification lightning component will work however your record pages are configured.

Add logo to email template

The Onfido App also comes packaged with a default Onfido logo that can be added to the template for the email that users will send to applicants once the verification process has been initiated in the Onfido Verification lightning component. The same process can be done for a company’s branding after uploading the logo image or graphic to Salesforce Documents.

  1. Navigate to Salesforce Classic

Salesforce classic

  1. Click the Sales app
  2. Click the “+” the header
  3. Click on Documents


  1. Click on the folder dropdown in the upper left
  2. Select Onfido Documents (or the folder where your own branding is saved)

Onfido documents

  1. Click Company Logo

Company logo

  1. Copy the Salesforce ID of the Logo. It can be found in the address bar of your browser at the end of the URL.

Salesforce id

  1. Go to Custom Settings to paste the Company Logo Salesforce ID into Onfido Email Settings
  2. Search Custom Settings in the Quick Find
  3. Click Manage next to Onfido Email Settings


  1. Click the top New button

New email

  1. Paste in the Company Logo Salesforce ID that was copied from the URL earlier
  2. Click Save


JSON examples for Customizations and Language Overrides



  1. Click into the Onfido Customization tab
  2. Click New
  3. Add UI JSON

    For example: {"colorBackgroundSurfaceModal":"rgb(252, 148, 3)","fontSizeTitle":"100px","fontFamilyTitle":"Impact, fantasy","borderRadiusButton":"500px"}

  4. Click Save
  5. Check active (Note: Only one can be active at a time.)



  1. Click into the Language Overrides tab
  2. Click New
  3. Enter the Label which will be displayed in the pick list
  4. Add Phrases JSON

    For example: {"welcome":{"title":"My Julian title"}}

  5. Click Save

Lightning Flow Support

This sections explains how to create a flow that takes advantage of our invocable method and Lightning Web Component to display the SDK.

Lightning flow exmaple

This is an example flow that allows a user to sign up with their contact information which then creates a contact record for them within the Salesforce org, creates an applicant record with a lookup to that newly created contact record, then also makes a callout to onfido to create an applicant record, then finally creates a verification record within SF.

After the verification record is created we pass the verification ID to our LWC component to render the SDK within the flow. Allowing the user to verify their identity right after signing up.

  1. Create a sign up screen

    • Add a screen to collect user information by click the plus button and adding a screen

    Sign up

    • Add on text fields for all the information you wish to collect from the user

    Sign up

  2. Create a record in Salesforce

    • Add a create record element of the object type of your choice (in this example a contact is created).

    Record Record

    • Click into the create record element and attach the fields you collected in the previous screen to the corresponding fields on the contact record. Once this step is complete the record will be created and the ID of the record will be returned.
  3. Add the invocable method

    • Add an apex action element and search for the flow titled Initiate Verification Flow

    Invocable Invocable

    • Set all the variables that you want to provide here. In our example we are creating a new applicant based on our contact record we just created so we pass in the following selectedReportNames, SendEmail (false - we don’t want to send an email), Language, and recordId (the ID of the contact we just created).


    • In the advanced section of this same screen we need to select this option or else the invocable will fail
    • Our flow will now return the ID of the newly created Verification ID (to be used next) while also creating the Applicant in onfido and in Salesforce
  4. Load new lightning web component

    • Next we add a new screen that will host our new Lightning Web Component

    Lwc Lwc

    • Here we drag on our custom component from the left side and turn off Show Header and Show Footer on the right side


    • When you drag the component on we get these options on the right side. Here we name the component on the flow (sdk in our case) and pass the Verification ID we received from the Invocable on the previous step. In our case the variable is called {!call_invocable} as that’s what we named our apex action
    • This is the last step. Now we can Save and activate our component to be used wherever we wish to call this flow.


The invocable (onfido_verificationsInvocable.cls) allows Onfido users within Salesforce to create Applicants and initiate verifications just as our standard verification component can, but automated. This can be done through flows or process builders.

Our invocable takes the following variables:

Variable Description
sendEmail Required. Determines if we send an email alert to the applicant after the verification record is created.
selectedReportNames Required. The report types you wish to run within the SDK. Must be in the format of string separated by commas (ex. document,facialsimilarityphoto).
recordId Optional but required if applicantId is not provided. The ID of the Case, Opportunity, Lead, User that the new applicant will be based off of. This is where we will use your mappings for the corresponding object to pull the first name, last name, and email to create the applicant in onfido.
applicantId Optional. If the applicant already exists you can pass the record ID of the applicant within Salesforce into the invocable and we will only create a new verification for the applicant. If applicantId is provided you do not need to provide a recordId.
language Optional. This field can either be the record ID of a Language Override Record or a default language string that exists within the SDK (ex. esES, enUS, frFR etc). This will be added to the newly created verification and this is the language the SDK will initialize in. If nothing is provided we default to enUS.


Email Template ID

Email template ID gives Onfido users the ability to send email templates in different languages based on the language they selected for the verification.

Email alerts are sent on creation of an Email Proxy record. We added a new field called language_c. Based on the language you select for the initiation of a verification we will set the language_c field on Email Proxy record to the label_c of the Onfido Override Language record (if selected) or the default language string (es_ES) of that’s on the Verification Record. For example: If you create a verification record with the language of spanish (es_ES) at the end of the Verification creation flow we create an Email Proxy record that has a lookup to the verification and a language__c field of es_ES. After the record is created our email alert will be triggered that will send the applicant an email that has an email template in spanish.

Example for creating an email template in spanish

  1. Clone the email alert called Send Webform Email.

Send webform email

  1. Change the name to match the language you’re supporting.
  2. Select an email template created in spanish (You can clone an existing email template and translate everything to spanish).
  3. Next clone the packaged workflow rule called Send Webform Email and edit the rule criteria to match the new language you want to support. In this example, spanish (es_ES) as its default language.

Edit rules webform

  1. To send an email on verifications with Onfido Language Override selected, enter the value as the label of your override record. In this example it would simply be Julian.


  1. Click on your newly created rule. In this example the "Send Spanish Webform Email".

All workflows rules

  1. Click Edit under workflow actions.

Edit workflow

  1. Then click Add workflow action and select Select Existing Action.
  2. Select your new email alert that was created for the spanish template. Click Save.

Spanish template

  1. Click Activate and now this email will be sent whenever a verification is created with the spanish default language.


Digital Experiences Setup

  1. Search for "Digital Experiences" in Setup
  2. Click into All Sites

All sites

  1. Click New


  1. Select the Build Your Own Template


  1. Click Get Started

Get started

  1. Enter name
  2. Click Create


  1. Select Builder


  1. Click and drag the flow component onto the page
  2. Select the flow you created within Salesforce under Flow
  3. Click Publish


  1. Click the drop down next to home
  2. Click Administration


  1. Click Activate to activate your Digital Experience


Trusted Domains for Inline Frames

  1. From Salesforce Setup go to the Experience Site and copy the URL
  2. Go to the quick find and go to "Sites" (listed under "Sites and Domains")
  3. Click into the Site (label) that you created as part of the Onfido Setup app steps
  4. Scroll down and click Add Domain next to "Trusted Domains for Inline Frames". Leave the "Site" pre-populated and paste the domain of your Digital Experience
  5. Click Save

Allow framing of site pages on external domains (Good protection)

  1. Click Edit

Trusted Domains Inline Frames

  1. Change the "Clickjack Protection Level" to "Allow framing of site pages on external domains (Good protection)"

Clickjack Protection Level

  1. Click Save

Profile Permissions Needed for Community Users

  • Objects:

    • Account: Read, Create, Edit
    • Case: Read, Create, Edit
    • Contact: Read, Create, Edit
    • Applicants: Read, Create

      • Field access: Read
      • Field access: Edit on Account, Case, Contact, Onfido Applicant Id, User
    • Email Proxies: Read, Create

      • Field access: Read
      • Field access: Edit on Account, Case, Contact, Recipient Email, Recipient Name, Verification, Webform URL
    • Onfido Customizations: Read

      • Field access: Read
    • Onfido Language Overrides: Read

      • Field access: Read
    • Setup Assistant Data: Read

      • Field access: Read
    • Verifications: Read, Create

      • Field access: Read and Edit
  • Apex Class Access:

    • onfido_verificationForm
    • onfido_verifications
    • onfido_verificationsInvocable
  • Visualforce Page Access:

    • onfido_verificationForm
    • onfido_verifications

Release Notes


  • Updated mapper in Setup Assistant will allow the user to map up to 7 objects: Account, Contact, Opportunity, Person Account, Lead and User. (New Objects added).
  • Packaged Onfido Customizations and Onfido Language Override Tabs

    • These objects will be used to render customizations in the SDK. The admin will be responsible for defining the records of customizations that'll be used with the SDK. Based on the records of the Language Override that are created, the user initiating verifications will be able to select supported languages.
  • Added Customer Consent Flag

    • The default report types setup screen will be upgraded to include a Consent capture flag, which will cause the org to use Onfido's consent screen in verification flows if checked.
  • Lightning Flow Support

    • A global invocable method will be added to the package that will perform the initialization of a verification check with Onfido by making the required API calls and setting the required values on records within the Salesforce database. Admins will be able to use this method within lightning flows, process builder, etc.
  • Invocable Method
  • Email Template ID
  • Digital Experiences Setup


  • Contacts created with valid birthdate and mailing address will pass data to corresponding Onfido Applicant.
  • Watchlist and identity reports will provide more meaningful results.
  • SDK upgraded to version 6.6.
  • Upon applicant creation, Onfido API error messages get passed back to Salesforce for easier troubleshooting.


  • Fix for breaking Winter of '21 release.
  • Improvements to SDK. Title and subtitle are more generic and no longer ask to "open a bank account".
  • SDK flow is conditional based on the report selected. Users don't have to go through both document and live photo/video upload if their report doesn't require it.
  • SDK will prompt users with "no data is needed at this time" if the selected report(s) don't require the SDK.

Migration guide

v2.2x -> v2.54

If you already have an existing version of Onfido installed, v2.54 is not compatible as a direct upgrade due to significant changes in the way the app functions.

In order to use the latest version of the Onfido Salesforce app, the previous package needs to be uninstalled before installing the new package.

Note: This will delete all of your setup and configuration settings related to Onfido. You will need to reconfigure after you install the latest version.

Please complete the following steps:

Remove or Unassign Onfido Assets from the Org

Any packaged assets that are currently in use in the Salesforce org must be removed or unassigned before Salesforce will allow you to uninstall the Onfido package.

  1. Unassign Packaged Permission Set(s)

    • Any original, packaged permission sets that were not cloned and altered must be unassigned from users. This will most likely affect the Onfido Feature Access permission set but may also include the other packaged permission sets depending on how you have configured access for your users. Permission sets that have been cloned and assigned are not affected by the package uninstall and may need to be deleted manually if a completely blank slate is desired - for example, the cloned and edited Onfido API User Perm Set that is assigned to your Site’s Guest User. You will need to go to the Site Guest User’s detail page in order to remove its permission set.
  2. Remove Verification Form Visualforce Page from Site

    • Remove the onfidosf.onfido_verificationForm visualforce page from your site. View the section on adding the Visualforce page for instructions on where to locate it and make the change.
  3. Remove Onfido Verification Lightning Components from Lightning Record Pages

    • The Onfido Identity Verification lightning component will need to be removed from the Lightning Pages of the objects where it was added. View the configuration instructions to see how the component can be removed - instead of dragging it onto the page, simply click the X in the corner of the component on the page.
  4. Remove Onfido Verification Visualforce Page from Page Layouts

    • If there are Onfido users on Salesforce Classic and the Onfido Verification visualforce page has been added to one or more Object’s page layouts, they will also have to be removed in order to proceed with uninstalling the package.

Once all the elements of the package have been removed from active use in the org, the package can be uninstalled in preparation for the new Onfido package.

Uninstalling the Older Onfido Salesforce App

  1. Navigate to Salesforce Setup > Apps > Packaging > Installed Packages.
  2. Look for the “Onfido” package and click on the Uninstall link next to the package.


  1. Scroll down to the bottom of the next page and check the box for “Yes, I want to uninstall this package and permanently delete all associated components”.
  2. Click Uninstall.

Our solutions

Onfido uses 256-bit SSL encryption 100% of the time on every device.


Onfido has been certified by BSI to ISO 27001 under certificate number IS 660122.

© Onfido™, 2022. All rights reserved.
Company Registration Number: 07479524.