Creating & Managing Connections

The Connection object allows you to create integrations locally, between Vaults, or with an external application. If you want to send Spark messages, you must also attach this connection to a queue.

Accessing Connection Administration

View and manage connections from Admin > Connections. You must have a security profile that grants the Application: Manage Connections permission to access this tab.

How to Create Connection Objects

To create a new connection:

1. From the Connections page, click Create.
2. Select a Connection Type, either Vault to Vault, External, or Local.
3. Enter a Name for this connection.
4. Enter an API Name for this connection. Only lowercase, alphanumeric characters and underscores (_) between characters are allowed.
5. Fields after this will vary based on Connection Type. See each corresponding section for connection types below.

Vault to Vault Connections

The only required fields are Name and API Name. All remaining fields for this connection type are optional.

1. Enter a Remote Vault ID. This is the ID of the Vault you want to exchange messages with. If this field has a value, only this Vault ID can upload the connection file and there is no Approval Workflow. If this field is omitted, the Approval Workflow begins when this connection is uploaded.
2. Enter a Description for this connection.
3. Select an Authorized Connection User. If the remote Vault needs to access information in this Vault, they will do so through this user.
4. Under Remote Vault Details, you can enter information about the remote Vault. Similar to the Description field, these fields are for your personal reference only. After establishing a connection, these fields are automatically populated with relevant information.
5. Click Save. The connection record is now in a Pending state. To make this connection active, you need to establish the connection.

External Connections

The Connection Authorization and Authorized Connection User options are recommended when configuring an external connection that retrieves data from Vault.

If your Vault is configured with Vault tokens and Custom tokens, you can use them in the URL. Learn more in the Vault Developer Portal.

The Connection Authorization is intended to store the user name and password of the external system and can be passed in the message header for authentication on the external system. There must be processing on the external system to handle the user name and password and authenticate on the external system.

The Authorized Connection User can be used to generate a SessionID that can be passed to the external system and used for subsequent API callbacks to retrieve data from Vault. We recommend that the SessionID is generated and passed in the message as well.

1. Enter a URL for this external connection. This URL must be in a valid HTTPS format including https://. Only the standard HTTPS port is allowed, for example, https://veeva.com:8443 is not allowed.
2. Optional: Select an Authorization record for this external connection. If the external connection needs to access data in this Vault, they will do so through this Connection Authorization record. If none exist, you can create one.
3. Optional: Enter a Description for this connection.
4. Optional: Add an Authorized Connection User for this connection. If the external application needs to access information in this Vault, they will do so through this user. If this user is not set, the external application can not create session tokens for your Vault.
5. Click Save. The connection record is created in an Active state and is available for use immediately.

Local Connections

The only required fields are Name and API Name. The remaining fields for this connection type are optional.

1. Enter a Description for this connection.
2. Add an Authorized Connection User for this connection. If your Vault needs to access information requiring user credentials, it will do so through this user. If this user is not set, you cannot access information requiring user credentials such as API calls.
3. Click Save.

How to Establish a Vault to Vault Connection

To establish a connection between two Vaults:

1. Create or navigate to a Vault to Vault Connection record in the source Vault.
2. From the Actions menu, select Download Connection File.
3. After reading the Download Connection File dialog, click Download.
4. In the target Vault, navigate to Admin > Connections.
5. From the Actions menu, select Connect from File.
6. Click Choose and select the connection file you wish to upload.
7. Click Continue.
8. If the connection file included a Remote Vault ID, the connection is now established. Both connection records are now in an Active state.
9. Optional: If the connection file does not include a Remote Vault ID, an Approval Workflow will begin in both Vaults. Navigate to the connection record and click Complete.
10. Optional: In the dialog that appears, choose to Approve the connection. The connection record is now in the Approved State. Once both Vaults approve the connection, both records move to the Active state and the connection is established.

Managing Existing Connections

Depending on the Connection Type, there are various management options available for existing connections.

Details

The Details and Remote Vault Details sections contain information about this Connection. Most of these fields are editable. However, changing the API Name may break existing integrations with this connection.

Workflow Timeline

Vault to Vault Connection object records must go through an approval workflow before the connection can enter the Approved lifecycle state. Once approved, this section holds read-only information about the approval, such as the time and user who completed the approval task.

For External and Local connections, this section is blank as approval is not required.

Integrations

Vault to Vault connections can have multiple Integrations associated with them. You can turn an integration on or off by setting the Status to Active or Inactive, respectively.

From this section, you can also create custom integrations. Learn more about integrations for Vault to Vault Connections.

Reference Lookups

Reference Lookups allow you to set the value of a field in the remote Vault indirectly from a VQL query to the source Vault, using a lookup. For example, you can indicate that the country__v value “U.S.” in the source Vault is equivalent to “United States” in the remote Vault.

Learn more about creating Reference Lookups for Vault to Vault Connections.

Managing Signing Certificates

Vault uses signing certificates to sign all outbound Spark messages. All Vaults use the same signing certificate which is renewed every year. Once the new certificate is released, Vault automatically updates all connections to use the new certificate and notifies customers ahead of time about the upcoming certificate rollover. The previous certificate is still available for a period of time known as the rollover period. During this time, you can switch between new and previous certificates if needed. Once the rollover period passes, the new certificate becomes the only active certificate on the connection.

Vault immediately uses the selected signing certificate on the connection to sign all outbound Spark messages sent through the connection.

To manage Spark messaging signing certificates:

1. Create or navigate to a Connection record.
2. From the Actions menu, select Manage Signing Certificate.
3. From the Manage Signing Certificate dialog, select the checkbox next to the applicable certificate. If the current certificate is the only one available, the certificate is read-only and you can either download the certificate or cancel the action. If two certificates are available, you are in the rollover period. Use the new certificate if possible. See Vault SSL Certificates for more information.
4. Optional: To download, click the download icon next to the applicable certificate.
5. Click Save to make the selected certificate active to use for Spark messaging.

How to Delete a Connection

To delete a connection, select Delete from the Actions menu. Note that you cannot delete a connection referenced by a queue. You also cannot delete standard, system managed connections, but you can reconnect them to a different Vault.

If you delete an established Vault to Vault connection, the connection record in the remote Vault moves to the Disconnected state.

Standard Vault Connections

Standard, system managed connections are available between Vault applications to support specific business processes.

Quality to RIM: Change Control & Variation Management

This Vault Connection between a Quality QMS Vault and a RIM Registrations Vault automates data sharing between the two applications, supporting change control initiation, regulatory assessment, and close out. See details about the Quality to RIM Vault Connection.

RIM to Clinical Operations

This Vault Connection between a Clinical Operations eTMF Vault and a RIM Submissions Vault automates data sharing between the two applications, supporting automatic transfer of Product, Study, and Site data and documents. See details about the RIM to Clinical Operations Vault Connection.

Clinical Operations to CDMS

This Spark messaging connection allows for the exchange of Studies, Study Countries, and Sites from Clinical Operations CTMS Vaults to CDMS EDC Vaults, and the exchange of Subjects, Subject Visits, and Visit Definitions from CTMS Vaults to EDC Vaults.

RIM to PromoMats

Organizations using both a RIM Submissions Vault and a PromoMats Vault can utilize the Spark messaging framework to create a standard Vault to Vault connection. This connection transfers Application, Submission, and Compliance Package information across Vaults and automates the creation and updating of CrossLink documents. See details about the RIM to PromoMats Vault Connection.

Vault CRM to PromoMats

This Vault Connection between a CRM Vault and a PromoMats Vault automates data sharing between the two applications, supporting automatic transfer of steady state documents from PromoMats to Veeva CRM. See details about the Vault CRM to PromoMats Connection.

Veeva CRM to MedComms

This Vault Connection between a Veeva CRM and a MedComms Vault automates data sharing between the two applications, supporting automatic transfer of Medical Inquiry records from CRM to MedComms and Medical Inquiry status updates from MedComms to CRM. See details about the Veeva CRM to MedComms Vault Connection.

Network to MedComms

This connection allows MedComms to source reliable HCP contact information from Veeva OpenData for use when responding to Medical Inquiries.

Standard Vault to Vault Connection Limitations

When you configure any of the standard Vault to Vault connections, errors may occur in the following situations:

• If a user deletes a record that either side of the connection was using, Vault ceases to update connected records with no notification.
• If a user manually updates one of the ID fields on a record used by either side of the connection, Vault may fail to process Spark messages and update connected records.
• If configuration change on either side of the connection may impact the integration, such as changes to fields or picklists, Vault may fail to process Spark messages and update connected records.

Connections & Sandbox Vaults

When you create or refresh a sandbox Vault, all Active external connections except those with tokens in the URL are set to Inactive, and all Active Vault to Vault connections are set to Pending. Local connections remain as Active.

External connections with tokens in the URL retain the URL value and Active or Inactive state of the parent Vault in newly created or refreshed sandboxes.

To make external connections active again, you must re-enter the connection URL. To make Vault to Vault connections active again, you must re-establish the connection as described below.

Re-Establishing a Vault to Vault Connection

During sandbox creation or refresh, all Active Vault to Vault connections are set to Pending. The corresponding connection in the remote Vault remains in an Active state.

To re-establish a Vault to Vault connection, you must re-download the connection file in the source Vault, re-upload the connection file in the target Vault, and approve the connection.

To re-establish this connection:

1. Navigate to Admin > Connections in the source Vault. The source Vault is the Vault which initiates the connection request.
2. Find the Vault to Vault connection you wish to re-establish.
3. If the connection record is in an Active state, open the Actions menu and select Make Connection Pending.
4. After reading the Make Connection Pending dialog, select Continue.
5. Optional: If you know the ID of the target Vault, enter it in the Remote Vault ID field. The target Vault is the Vault your source Vault will connect to. If you leave this field blank, establishing the connection will require an approval workflow.
6. From the Actions menu, select Download Connection File.
7. After reading the Download Connection File dialog, click Download.
8. In the target Vault, navigate to Admin > Connections. The target Vault is the Vault which accepts the connection request.
9. Find the Vault to Vault connection you wish to re-establish.
10. From the Actions menu, select Connect from File.
11. Click Choose and select the connection file downloaded from the source Vault.
12. Click Continue.
13. If the connection file included a Remote Vault ID, the connection is now re-established. Both connection records are now in an Active state.
14. If the connection file does not include a Remote Vault ID, an Approval Workflow will begin in both Vaults. In both the source and target Vault, navigate to the connection record details page and click Complete.

In the dialog that appears, choose to Approve the connection. The connection record is now in the Approved State. Once both Vaults approve the connection, both records move to the Active state and the connection is re-established.

Related Admin Permissions

Uploading a Vault to Vault connection file without a Remote Vault ID starts an Approval Workflow, so this user must have the Workflow: Start permission.