Connected App

What is a connected app?

A connected app is a framework that enables an external application, such as the Mogli API, to integrate with Salesforce using APIs and standard protocols, such as SAML, OAuth, and OpenID Connect. The connected app in the Mogli SMS managed package is named Mogli Technologies, which uses OAuth to authenticate, authorize, and provide single sign-on (SSO) for the Mogli API.

Helpful links

• Salesforce help article: Connected Apps
• Salesforce security guide article: Connected Apps

Why is Mogli using the connected app?

The Mogli Technologies connected app provides a secure and authenticated connection between the Mogli API and your Salesforce org. This allows Mogli to seamlessly:

• Create new incoming SMS records: When someone sends a message to your Mogli number, the connected app enables Mogli to create a record of this message in Salesforce.
• Update existing outgoing SMS records: The connected app allows Mogli to update the status of your sent messages (e.g., delivered, failed) in Salesforce.

While features like Mogli URL and Mogli Scheduler already utilize the connected app, it's now being extended to handle all gateway communication and message status callbacks. This means the connected app will replace the existing Salesforce Site and the associated SMS Site Guest User.

We strongly encourage all Mogli users to transition to using the connected app. This authenticated connection improves security, expands integration access in industry clouds, and makes the integration more robust and adaptable to future Salesforce updates.

How to Enable the Connected App

Upgrade to Mount Democrat (5.127.2+) & enable connected app

Clients must be on the Mount Democrat (5.127.7) version of Mogli SMS or higher to enable the connected app.

1. Navigate to the Application Settings tab within the Mogli SMS Lightning App to access the Mogli Settings page.
2. If you do not have a Mogli API key, click Request API Key.
   
   1. If you already have an API key, the set assistant looks like this:
      
3. If you have not authorized the Mogli API, click Authorize.
   Note: The client must perform this step. Mogli cannot perform via subscriber access. See “Authorized user for the connected app” section below.
   
   A new tab will open, click Allow.
   
   1. If you have already authorized the API, which you may have if your organization is using Mogli URL or Mogli Scheduler, the setup assistant looks like this:
      
4. Click the toggle to enable: Enable Mogli Messaging API for Bulk Sends.
   
   1. Once enabled the toggle is changed to disabled in the Mogli Settings UI to prevent users from disabling the Mogli Messaging API without support from Mogli.
   2. If your organization already has the Mogli Messaging API enabled, the setup assistant looks like this:
      
5. Click the toggle to enable: Connected App for Incoming Messages
   
   1. Once enabled the toggle state is changed to disabled in the Mogli Settings UI to prevent users from changing the setting back to the Site Guest User without support from Mogli.
   2. Once toggle is enabled, the setup assistant looks like this:
      

Why do clients need to authorize the Mogli Technologies connected app?

The Mogli team cannot authorize the Mogli Technologies connected app via subscriber access. Without this authorization, the Mogli API cannot make API calls back into Salesforce.

Gateways

To use the connected app for incoming messages, the incoming webhook URL must be updated on the messaging partner.

This process is automated for Salesforce production instances only by completing the steps above. Please contact help@mogli.com for support in updating gateways in sandbox instances.

Authorized user for the connected app

Best practice for authorizing the connected app is a user with a System Administrator profile and the Mogli SMS User: System Admin permission set.

Minimum access required for an authorized user

We understand that security-conscious clients may want to assign users with the minimum access required for Mogli to function correctly. To achieve this, you can assign an authorized user similar permissions to the SMS Site Guest User, but with the "Mogli SMS User: System Admin" permission set instead of the "Mogli SMS User: Guest User" permission set.

• The user must be assigned the Mogli SMS User: System Admin permission set.
• Read access to any objects configured on the Mogli Integrated Object.
• Read access to the Mogli Number, Mogli Opt-Out, and Default Gateway fields on any custom Mogli Integrated Objects.

Changing the authorized user

1. Navigate to the Mogli Settings, find the Authorize Mogli API step in the setup assistant and click Authorize.
   1. The connected app will utilize the user who has most recently authorized.
   2. An admin may revoke a previously authorized user’s authorization.

Revoking a user’s authorization

1. Navigate to Setup > Connected Apps OAuth Usage
   
2. Find the Mogli Technologies connected app, and click the link in the User Count column.
3. Find the user whose authorization needs to be revoked, and click the Revoke link in the Action column.

What happens when the authorized user is made inactive?

1. Incoming messages & status callbacks will no longer work.
2. If authorization is revoked and there is no authorized user, an offline alert is shown in the Mogli Conversation View component.

Revert back to SMS Site Guest User

If you wish to revert to using the SMS Site Guest User for incoming messages, please contact help@mogli.com for support.

Expected message behaviors when the connected app is enabled

Outgoing 1:1 and bulk messages

No changes to general operation or experience. System fields are populated as follows:

• Created By: running user.
• Owner: running user.
•  Status updated by: authorized user.

Incoming messages

No changes to general operation or experience. System fields are populated as follows:

• Created By: authorized user.
• Owner: matches owner from last outgoing message to that phone number + Gateway combination.
  • If there are no previous outgoing messages, the Owner is the authorized user.
• Status updated by: authorized user.

Automated outgoing message triggered by incoming message

No changes to general operation or experience. System fields are populated as follows:

• The running user for the automation is the authorized user.
• Created By: authorized user.
• Owner: matches owner from last outgoing message to that phone number + Gateway combination.
  • If there are no previous outgoing messages, the Owner is the authorized user.
• Status updated by: authorized user.

Forms created from outgoing 1:1 and bulk messages

No changes to general operation or experience. System fields are populated as follows:

• First SMS record sent and Form record
  • Created By: running user
  • Owner: running user.
  • SMS.Status updated by: authorized user
• The rest of the SMS records:
  • Created By: authorized user
  • Owner: matches owner of the Form record.

Forms created from an incoming query code

No changes to general operation or experience. System fields are populated as follows:

• All records Created By and Owner: authorized user.

What if we are referencing Site Guest User in Flows?

Automations that have any decisions or criteria that evaluate a user field for the SMS Site Guest user will no longer work.

We strongly recommend reviewing flows before enabling the connected app.