Installation Guide

Complete setup instructions for connecting Revenue Growth Agent (RGA) to your Salesforce org. Written for Salesforce administrators. Plan for about 20 to 40 minutes; you do this once per org.

RGA generates the signing certificate for you. From Settings → Integrations → Salesforce in the RGA web app, you download a certificate with one click and upload it to Salesforce. The signing key behind it is created and stored encrypted inside RGA, and is never displayed.

Overview

What you'll get

The RGA Meeting Prepper, embedded as a native Lightning component on your Lead and Contact record pages. Reps launch AI-powered meeting prep in place, prep documents sync back to Salesforce custom fields, and your managers get full visibility.

Scope: Meeting Prepper is the agent available inside Salesforce today. Discovery (transcript analysis, MEDDIC qualification) and proposal generation run in the RGA web app for now. Salesforce-embedded versions are on the roadmap.

How it works

• A Lightning Web Component (RGA Meeting Prepper) sits on your record pages and wraps a secure iframe that loads RGA's interface.
• When a rep opens the card, the component mints a short-lived, signed token in your org and hands it to RGA over an encrypted handshake. The token never appears in a URL or a server log.
• For RGA to read and write your Salesforce data, it uses the OAuth 2.0 JWT-Bearer flow against an External Client App you create in your own org. This is Salesforce's recommended approach for partner integrations: every request is signed with your certificate, there's no shared client secret to leak, and the integration is scoped to the permissions you grant its dedicated user.

Prerequisites

• Salesforce edition with Lightning components and OAuth custom apps: Enterprise, Unlimited, Developer, or Professional with API access.
• A profile with Modify All Data or Customize Application (typically System Administrator). Required only for the admin doing the one-time connection.
• An active RGA subscription.

RGA generates the signing certificate; you only need access to your Salesforce Setup and the RGA web app.

Installation steps

1. Install the RGA managed package

The RGA managed package adds the Meeting Prepper Lightning component, a permission set, and the custom fields RGA writes meeting-prep results to. It installs under the rgaapp namespace.

1a. Run the install

1. Open the install URL for the current RGA package version, while logged in to the org you're installing into:

   • Production or Developer org:
     https://login.salesforce.com/packaging/installPackage.apexp?p0=04tg50000007soWAAQ
   • Sandbox: same URL with login.salesforce.com replaced by test.salesforce.com

   Current version: RGA 2.1 (package version ID 04tg50000007soWAAQ). Once RGA is published on AppExchange, you can instead click Get It Now from the listing. This URL is updated with each new release.

2. On the Install Revenue Growth Agent screen, choose a security level:

   • Install for All Users (recommended) — everyone who needs the prepper gets access; you still control who sees it via the permission set in step 1c.
   • Install for Specific Profiles — if you want to scope access at install time.

   Click Install.

3. An Approve Third-Party Access dialog appears, listing the sites the component connects to (RGA's backend and asset storage). This is required — the embedded prepper can't load without it. Check "Yes, grant access to these third-party web sites" and click Continue.

4. The install runs (usually under a minute). When it completes, confirm it under Setup → Installed Packages: you should see Revenue Growth Agent, namespace rgaapp.

1b. Confirm the custom fields

The package provisions these fields on your Lead and Contact objects (the prepper targets people, not companies). You don't create them by hand. Confirm they're present (Setup → Object Manager → the object → Fields & Relationships):

RGA writes back to these fields automatically over the API when a prep completes — they're populated whether or not they appear on a page. To let your team see the synced values, add them to the record and grant field-level security, as follows. (Reps don't edit these fields directly.)

Make the fields visible (do this for both Lead and Contact)

Two separate things control whether reps see these fields, and you need both — doing only one is the most common reason the values don't appear:

1. Field-level security (Object Manager) — makes the field readable for your reps' profiles (covered below).
2. Placing the field on the record page — on a modern org this is the Lightning record page via Dynamic Forms, not the Page Layout (Method A below).

Modern Salesforce record pages use Dynamic Forms, where the Details tab is built from field sections on the Lightning record page — not the object's Page Layout. If your record page uses Dynamic Forms, editing the Page Layout has no effect on what the Details tab shows; you must add the fields on the Lightning page.

Method A — Dynamic Forms (most orgs, including recent Developer/Enterprise editions):

1. Open a Contact record → gear icon (top right) → Edit Page.
2. Click the Details area. If you see individual fields with an Add Field(s) option (a Field Section), this page uses Dynamic Forms.
3. Add Field(s) → search RGA → add RGA Prep Doc URL, RGA Prep Status, RGA Last Prep Date (and optionally LinkedIn Profile, RGA Prep Session ID).
4. Save → Activate (assign as Org Default, covering the apps/profiles your reps use).
5. Reload the record — the fields appear, populated from the most recent prep.
6. Repeat for the Lead record page.

Method B — classic Page Layout (only if the page does NOT use Dynamic Forms):
If Edit Page shows a single Record Detail component (not a Field Section), the Details tab reads the Page Layout:

1. Setup → Object Manager → Contact (then Lead) → Page Layouts → open the active layout.
2. Drag RGA Prep Doc URL, RGA Prep Status, RGA Last Prep Date onto a section → Save.

If you added the fields to the Page Layout but they don't appear on the record, your page is using Dynamic Forms — use Method A instead. This is the most common point of confusion.

Field-Level Security (both methods): Object Manager → the object → Fields & Relationships → click each RGA field → Set Field-Level Security → Visible for your reps' profiles/permission sets. Leave them read-only for reps — RGA owns the values.

1c. Assign the RGA permission set

The package ships a permission set, RGA Meeting Prepper (API name RGA_Meeting_Prepper), that grants users what they need to launch the component (read access to the RGA Embed Config custom setting and execute access to the embed-token Apex service). Assign it to every user who will run meeting prep:

1. Setup → Permission Sets → RGA Meeting Prepper.
2. Manage Assignments → Add Assignment.
3. Select the users (your reps and yourself for testing) → Assign.

Reps need this permission set plus access to the records they work and the RGA custom fields. They do not need admin permissions.

1d. Set the embed configuration (required)

The package includes a custom setting, RGA Embed Config (rgaapp__RGA_Embed_Config__c), that the Meeting Prepper component reads to sign its secure handshake with RGA. The package ships these fields empty — you must set the signing secret once, or the component will fail to load with "Unable to initialize meeting prepper."

1. Setup → Custom Settings → RGA Embed Config → Manage.
2. Next to Default Organization Level Value, click New (or Edit if a value already exists).
3. Signing Secret — paste the embed signing secret shown in the RGA web app. After you generate your certificate (step 2), the connect screen displays an embed signing secret with a Copy button; copy it and paste it here. It must match exactly, with no extra whitespace.
4. Backend Base URL — leave this blank. The component defaults to RGA's production backend, and the package's allowed-sites configuration already covers it. Set a value here only if RGA support directs you to a preview environment.
5. Save.

The signing secret secures the token the component sends to RGA. If it's missing or doesn't match the value on RGA's side, the component loads but shows a red "Unable to initialize meeting prepper" error, or the handshake returns a 401. Setting it correctly once is all that's needed.

2. Generate your signing certificate in RGA

1. In the RGA web app, go to Settings → Integrations → Salesforce.
2. Enter your Salesforce Org ID (Setup → Company Information → Salesforce.com Organization ID; it starts with 00D and is 15 or 18 characters) and choose your environment (Production/Developer or Sandbox).
3. Click Generate Certificate. RGA creates an RSA-2048 key pair and a one-year signing certificate, and offers rga-jwt.crt for download.

rga-jwt.crt is the public certificate — the only file you handle. The matching private key is generated inside RGA and stored encrypted (AES-256-GCM); it is never shown, downloaded, or transmitted to Salesforce.

3. Create the External Client App

1. In Salesforce Setup, type External Client Apps in Quick Find → External Client App Manager. If you see "External Client Apps are not enabled," open External Client App Settings and turn on "Allow creation of External Client Apps," then return here.
2. Click New External Client App (top right).
3. Basic Information:
   • External Client App Name: RGA Meeting Prepper
   • Contact Email: your admin email
   • Distribution State: Local. (Local means the app lives only in this org — correct here, since each org creates its own. "Packaged" is only for redistributing an app inside a managed package.)
4. API (Enable OAuth Settings):
   • Check Enable OAuth.
   • Callback URL: required by the form, but RGA uses the JWT-Bearer flow (no browser redirect), so the value isn't actually used. Enter https://revenuegrowthagent.com/oauth/callback.
   • OAuth Scopes — move these from Available to Selected:
     • Manage user data via APIs (api) — required; lets RGA read records and write prep results back.
     • Perform requests at any time (refresh_token, offline_access) — required for JWT-Bearer token issuance.
   • Use digital signatures: check this and upload the rga-jwt.crt you downloaded in step 2.
   • Leave PKCE and any client-secret settings as their defaults — JWT-Bearer is certificate-based and uses no client secret.
5. Save. The app is created with App Status Enabled.
6. Get the Consumer Key: open the app (External Client App Manager → click RGA Meeting Prepper) → Settings tab → expand OAuth Settings → under App Settings click Consumer Key and Secret. (Salesforce may prompt you to verify your identity.) Copy the Consumer Key — it begins with 3MVG9.... You'll paste it in step 5.

Scopes matter. If the api scope is missing, Validate & Connect in step 5 fails with "Salesforce rejected the credentials" even when the certificate and user are correct. Confirm api is in the Selected scopes before connecting.

4. Choose and pre-authorize the integration user

RGA authenticates as one Salesforce user via JWT-Bearer, so reads and writes are attributable to that user. This user must have a full Salesforce license with API access — not Chatter Free, Platform, or a license without API.

Fastest for a test or single-admin org: use your existing System Administrator user as the integration user. It already has a Salesforce license, API access, and access to all objects/fields. Skip creating a new user and note your own username.

For production / a dedicated user:

1. Setup → Users → New User. Set:
   • User License: Salesforce (a full license).
   • Profile: System Administrator, or a custom profile that has API Enabled plus read/write on Lead, Contact, and the RGA custom fields.
   • Active: checked.
   • Note the Username (it's the value you'll paste in step 5, not the email).

Pre-authorize the user for the app (either path above):
2. Setup → External Client App Manager → click RGA Meeting Prepper → Policies tab → under Plugin Policies, set Permitted Users to "Admin approved users are pre-authorized."
3. Still on Policies, under App Policies → Select Profiles, move the integration user's profile (e.g., System Administrator) into Selected Profiles, then Save.

Do not add the RGA Meeting Prepper permission set to this ECA Policies screen. It is a managed-package permission set, and adding it here fails to save with an error like "entity=SetupEntityAccess … state=MANAGED_INSTALLED." That permission set is for granting reps access to the prepper component (step 1c, via Permission Sets → Manage Assignments) — it is not part of the ECA's authorization. Authorize the app by Profile here.

5. Verify and connect

Return to Settings → Integrations → Salesforce in the RGA web app, where you left off in step 2:

1. Paste the Consumer Key (from step 3) and the integration username (from step 4).
2. Click Validate & Connect.

RGA mints a real JWT-Bearer token against your org to prove the credentials work, then records the connection and finalizes encrypted storage of the signing key. The form switches to a read-only "Connected" view. The private key is write-only: no path, for anyone, returns it in plaintext.

Why this step also proves org ownership. A JWT-Bearer token exchange can only succeed against an org you actually administer. RGA reads the Salesforce org identity from the token Salesforce itself returns and confirms it matches the Org ID you entered. If they don't match, RGA refuses to connect. This means credentials can never be bound to the wrong org, even by a typo — the verification is the security gate, not the value you typed.

6. Add the Lightning component and test

1. Add the Lightning component to a record page: open any Lead or Contact → gear icon → Edit Page → in the Components rail, find RGA Meeting Prepper under Custom → drag it onto the page → Save → Activate → Org Default.
2. Confirm the RGA custom fields are both visible (step 1b — added on the Lightning page via Dynamic Forms and with field-level security set in Object Manager; you typically need to do both) and that they're populated after a prep runs.
3. Open a Lead or Contact, confirm the form pre-fills with record data, click Generate Meeting Prep, and confirm a prep document is produced and linked back to the record.

Troubleshooting

Getting help

• Fast path: Quick Start Guide
• Security and compliance: Security & Privacy
• Support: support@revenuegrowthagent.com

Next steps

Once connected, every rep with access to the component can run meeting prep from any record. Explore guided Discovery (transcript analysis and MEDDIC qualification) and proposal generation in the RGA web app to extend the workflow beyond prep.