DEV Community

Cover image for Beyond the Firewall: Unlocking Trusted Web Search for Agentforce with OpenAI
Hemant Jawale
Hemant Jawale

Posted on

Beyond the Firewall: Unlocking Trusted Web Search for Agentforce with OpenAI

#agentforce #openai #salesforce #agents

Your Agentforce Agent is a genius regarding your CRM data. It knows every Opportunity, Case, and Contact inside your org. But let’s be honest—sometimes, being stuck inside the "Salesforce bubble" limits its potential.

What happens when your Sales Rep asks, "What is the latest news on our competitor's merger?" or "What are the current compliance regulations for AI in the EU?"

Usually, the Agent says: "I don't have that information." 🛑

Connecting an AI to the open internet often rings alarm bells for Architects and CISOs. Is it safe? Is it private? Will it hallucinate?

Today, we’re going to solve this using the standard "Search The Web" action. But we aren't just giving it raw internet access. We are configuring it to use OpenAI as the search provider, routed through the Einstein Trust Layer, ensuring that your Agent's trip to the web is secure, grounded, and enterprise-grade.

Why "Trusted" Web Search Matters

Before we build, it's critical to understand why this isn't just a simple API call.

When you use the out-of-the-box webSearchStream action with Agentforce, the request flows through the Einstein Trust Layer. This means:
Secure Gateway: Your Agent doesn't just "Google it." The query is passed through Salesforce's secure AI gateway.
Zero Data Retention: When utilizing providers like OpenAI via this integration, your search data is not stored or used for model training by the provider.
Grounding: The search results aren't just pasted into the chat; they are used as grounding context for the LLM, reducing hallucinations and ensuring the answer is fact-based.

The Scenario: The "Compliance Assistant" ⚖️

Let's build a practical example where trust is paramount.

Agent's Job: Imagine a Legal/Compliance Agent.
The User: A Legal Officer.
The Request: "Find the latest updates to the California Consumer Privacy Act (CCPA) regarding data retention."
The Challenge: This data changes frequently and lives on government websites, not in Salesforce.
The Requirement: The answer must be accurate and derived from trusted public sources.

Step-by-Step Walkthrough

Prerequisites

  1. Access to Agentforce in your Salesforce Org.
  2. Permissions to edit Agents and Actions.

Note: Ensure your org has the Einstein and Agentforce features enabled.

Step 1: Instruction Engineering 🗣️

We need to give the Agent that uses the web search proper guardrails to ensure it uses this power responsibly. All this happens at the Agentforce Topic level where we will add the Search The Web action.

Below is a reference snapshot of the **Compliance Research topic configuration could look like:**

Topic Classification Description and Scope

Topic Instructions

Example User Input

Step 2: Equip the Action 🛠️

For the created topic, we grab the web search standard action from the library. This is a pre-built capability provided by Salesforce.

  1. Navigate to Setup > Agentforce > Agents.
  2. Open your desired Agent (e.g., "Legal Assistant").
  3. Go to the specific Topic like "Compliance Research".
  4. Click + Add Action and select Add from Asset Library.
  5. Search for "Search The Web".
  6. Click Add.

Step 3: Configure the Trusted Provider (OpenAI) 🔐

This is the critical configuration step. By default, the action might use a standard index, but specifying OpenAI allows for advanced retrieval reasoning.

  1. Click on the newly added Search The Web action to view its properties.
  2. Scroll down to the Configuration section.
  3. Locate the Search Provider section.
  4. For the instructions, you can append the words "using OpenAI" to the existing text.
  5. For the Configuration Value select "OpenAI". If it is grayed out, click the Edit Action button at the bottom.
  6. Save your changes.

Step 4: Testing the Trust Layer 🧪

Let's verify the flow in the Simulator.

User Prompt Input: "Find the latest updates to the California Consumer Privacy Act (CCPA) regarding data retention"

You will see a response like this:

Here is how the Agentforce Reasoning Engine handled it:

How It All Comes Together 🏗️

So, how did we actually solve the requirement without compromising security?

  1. The Mechanics (The Action): The webSearchStream action created a real-time bridge to the outside world. By switching the provider to OpenAI, we upgraded the search from a simple keyword lookup to a semantic query. This allowed the Agent to understand the nuance of "latest amendments" and retrieve highly relevant results from government sites rather than generic blog spam.

  2. The Protection (The Trust Layer): Instead of opening a direct pipe to the internet, every interaction now passes through the Einstein Trust Layer. This layer acts as a secure broker ensuring PII data masking, auditing, and provides security ensuring the Agent does not accidentally summarize harmful content.

  3. The Solution: We successfully transformed an isolated CRM bot into a connected Compliance Assistant. The Agent could answer questions about external laws (CCPA) using internal reasoning, completely solving the "stale data" problem while maintaining enterprise-grade security.

Conclusion

By combining the Search The Web action with the OpenAI provider, you aren't just opening a door to the internet; you are building a secure, transparent window. You get the vast knowledge of the web, filtered through the security and grounding of the Einstein Trust Layer.

Audit your existing Agents. Are they hitting dead ends on questions about public knowledge? Enable trusted web search today to close that gap!

Happy (and Safe) Building! ☁️

Note: The Web Search Results Using OpenAI is in Beta as of Jan 2026.
Refer to the release notes related to this feature for more details.

Top comments (0)