Skip to main content
All CollectionsSetup
Connecting with OAuth 2.0
Connecting with OAuth 2.0

Create a Connected App in support of connecting with OAuth 2.0

Updated this week

Create a Custom Connected App

In Setup type "app", click on "App Manager"

Click "New Connected App"

New Connected App

Step 1

Input field

Notes

Connected App Name

Enter a suitable name for this Salesforce instance/sandbox, this is what you will eventually enter into the SQL-Sales Environment Configuration "Custom Connected App" input box.

Note, SQL-Sales will only accept alphanumeric, space and underscore characters for the ConnectedApplication.Name

API Name

Salesforce will auto-populate based on the above name

Contact Email

Enter a suitable email for your use case

Note, there are data entry rules on the Custom App Name, specifically: "The Application API Name can only contain underscores and alphanumeric characters. It must be unique, begin with a letter, not include spaces, not end with an underscore, and not contain two consecutive underscores."

Which governs what can be created in the Name field (although spaces are permitted in the name field).

Step 2

Click "Enable OAuth Settings

Input field

Notes

Enable OAuth Settings

Tick the checkbox

Callback URL

This is not actually referenced in the Connected App settings used by SQL-Sales, however it is a mandatory fill - entering the suggested default is fine as it does nothing functionally:

Use digital signatures

Revisited later in this article, once we have generated a self signed certificate within SQL-Sales. For now ignore.

Selected OAuth Scopes

Select only:

Manage user data via APIs (api)

Perform requests at any time (refresh_token, offline_access)

Step 3

The only OAuth 2.0 option to tick is: "Issue JSON Web Token (JWT)-based access tokens for named users". SQL-Sales establishes and maintains connections to Salesforce only through JWT (tokens). All other options, even ones which may be ticked by default are to be left unticked / False.

Step 4

For the avoidance of doubt, no other options are to be enabled, no WebApp Settings; no Custom Connected App Handler; no Mobile App Settings and no Canvas App Settings.

Step 5

Save (we will return to complete the certificate upload later)

Step 6

Click "Continue" at the notification prompt below, following the Save:

Manage Connected Apps

Step 7

Following the Save>>Continue you'll be taken to the "Manage Connected App" window.

Click "Manage"

Step 8

Click "Edit Policies"

Step 9

In "Permitted Users" select "Admin approved users are pre-authorized"

You will receive the confirmation below, click "OK".

Step 10

Ensure all options below are not entered / enabled - with the exception of:

Input field

Notes

Issue JSON Web Token (JWT)-based access tokens

Tick the checkbox

Token Timeout

Select 30 Minutes (Note, SQL-Sales at run time will validate that 30 Minutes is the configured setting).

Step 11

The remainder policy options should be defaulted as shown, if not ensure you have the settings below:

Step 12

Save the "edit policies" section

Connected App Detail - Manage Profiles

Step 13

You'll be returned to the Connected App Detail window. Click on the "Manage Profiles" button:

Step 14

Select the Profile of the Username you will be defining in SQL-Sales as the nominated OAuth Username (the Integration Username).

Click Save

Your Profile will be listed as below:

Alternatively, from directly within the given Profile tick your created Connected App from there, it has the same effect as the above. The below, in our example is the "System Administrator" Profile.

Step 15

Now return to the "App Manager"

For your Connected App, choose "View"

Step 16

Click "Manage consumer Details"

Note, this will trigger a validation/security verification code request to your email

Step 17

Copy the Consumer Key

Step 18

In the SQL-Sales Environment configuration, select the "OAuth 2.0 (REST api)" connection setting and enter the following:

Input field

Notes

Integration Username

Enter the nominated username which will serve as the Integration User, this user's Profile must have been added in Steps 13-14 "Manage Profile"

Custom Connected App

This is the Name of your Connected App

Consumer Key

Paste here the copied Consumer Key from the prior step 17

Step 19

We'll now create the self signed certificate as mentioned in step 2.

Enter an expiry term in days (maximum is 365 days).

Click "Create Certificate"

Click "Yes" at the confirmation prompt below:

Step 20

SQL-Sales will have generated a public self signed certificate for you to copy to your clipboard and save yourself as a .pem file to a location of your choosing. SQL-Sales will not hold or retain this beyond passing to the clipboard, as below.

Next steps:

  1. Save as a suitably named file with a .pem extension

  2. Save this to a key vault / safe location that you define and have control of

  3. And will be able to browse to in the next section when you upload to Salesforce

Paste to a suitable text editor (for example notepad) and save as-is with no editing whatsoever.

Step 21

Edit your Connected App

App Manager >> [Your Connected App] >> "Edit"

Tick "Use digital signatures"

Click "Choose File"

Browse to your .pem file, in the example here "demo.pem"

Click Save

Salesforce informs there can be a delay of up to 10 minutes for the certificate to take effect, in reality this is typically instantly usable, click "Continue" at the prompt below:

Step 22

Finally, we can test in SQL-Sales

Did this answer your question?