Note, you only need to create a custom Connected App for the OAuth 2.0 connection method. OAuth 2.0 provides increased levels of security so the extra few minutes of setup is usually worth it, alternatively use the traditional Username-Password-Security Token (SOAP or REST api) connection method (i.e. which don't require a custom Connected App setting up).
All connection methods require the SQL-Sales Managed Package to be installed against the configured Environment (sandbox or Production instance).
Create a Custom Connected App
In Setup type "app", click on "App Manager"
Click "New Connected App"
New Connected App
Step 1
Input field | Notes |
Connected App Name | Enter a suitable name for this Salesforce instance/sandbox, this is what you will eventually enter into the SQL-Sales Environment Configuration "Custom Connected App" input box. Note, SQL-Sales will only accept alphanumeric, space and underscore characters for the ConnectedApplication.Name |
API Name | Salesforce will auto-populate based on the above name |
Contact Email | Enter a suitable email for your use case |
Note, there are data entry rules on the Custom App Name, specifically: "The Application API Name can only contain underscores and alphanumeric characters. It must be unique, begin with a letter, not include spaces, not end with an underscore, and not contain two consecutive underscores."
Which governs what can be created in the Name field (although spaces are permitted in the name field).
Step 2
Click "Enable OAuth Settings
Input field | Notes |
Enable OAuth Settings | Tick the checkbox |
Callback URL | This is not actually referenced in the Connected App settings used by SQL-Sales, however it is a mandatory fill - entering the suggested default is fine as it does nothing functionally:
|
Use digital signatures | Revisited later in this article, once we have generated a self signed certificate within SQL-Sales. For now ignore. |
Selected OAuth Scopes | Select only: Manage user data via APIs (api) Perform requests at any time (refresh_token, offline_access) |
Step 3
The only OAuth 2.0 option to tick is: "Issue JSON Web Token (JWT)-based access tokens for named users". SQL-Sales establishes and maintains connections to Salesforce only through JWT (tokens). All other options, even ones which may be ticked by default are to be left unticked / False.
Step 4
For the avoidance of doubt, no other options are to be enabled, no WebApp Settings; no Custom Connected App Handler; no Mobile App Settings and no Canvas App Settings.
Step 5
Save (we will return to complete the certificate upload later)
Step 6
Click "Continue" at the notification prompt below, following the Save:
Manage Connected Apps
Step 7
Following the Save>>Continue you'll be taken to the "Manage Connected App" window.
Click "Manage"
Step 8
Click "Edit Policies"
Step 9
In "Permitted Users" select "Admin approved users are pre-authorized"
You will receive the confirmation below, click "OK".
Step 10
Ensure all options below are not entered / enabled - with the exception of:
Input field | Notes |
Issue JSON Web Token (JWT)-based access tokens | Tick the checkbox |
Token Timeout | Select 30 Minutes (Note, SQL-Sales at run time will validate that 30 Minutes is the configured setting). |
Step 11
The remainder policy options should be defaulted as shown, if not ensure you have the settings below:
Step 12
Save the "edit policies" section
Connected App Detail - Manage Profiles
Step 13
You'll be returned to the Connected App Detail window. Click on the "Manage Profiles" button:
Step 14
Select the Profile of the Username you will be defining in SQL-Sales as the nominated OAuth Username (the Integration Username).
Click Save
Your Profile will be listed as below:
Alternatively, from directly within the given Profile tick your created Connected App from there, it has the same effect as the above. The below, in our example is the "System Administrator" Profile.
Step 15
Now return to the "App Manager"
For your Connected App, choose "View"
Step 16
Click "Manage consumer Details"
Note, this will trigger a validation/security verification code request to your email
Step 17
Copy the Consumer Key
Step 18
In the SQL-Sales Environment configuration, select the "OAuth 2.0 (REST api)" connection setting and enter the following:
Input field | Notes |
Integration Username | Enter the nominated username which will serve as the Integration User, this user's Profile must have been added in Steps 13-14 "Manage Profile" |
Custom Connected App | This is the Name of your Connected App |
Consumer Key | Paste here the copied Consumer Key from the prior step 17 |
Step 19
We'll now create the self signed certificate as mentioned in step 2.
Enter an expiry term in days (maximum is 365 days).
Click "Create Certificate"
Click "Yes" at the confirmation prompt below:
Step 20
SQL-Sales will have generated a public self signed certificate for you to copy to your clipboard and save yourself as a .pem file to a location of your choosing. SQL-Sales will not hold or retain this beyond passing to the clipboard, as below.
Next steps:
Save as a suitably named file with a .pem extension
Save this to a key vault / safe location that you define and have control of
And will be able to browse to in the next section when you upload to Salesforce
Paste to a suitable text editor (for example notepad) and save as-is with no editing whatsoever.
Step 21
Edit your Connected App
App Manager >> [Your Connected App] >> "Edit"
Tick "Use digital signatures"
Click "Choose File"
Browse to your .pem file, in the example here "demo.pem"
Click Save
Salesforce informs there can be a delay of up to 10 minutes for the certificate to take effect, in reality this is typically instantly usable, click "Continue" at the prompt below:
Step 22
Finally, we can test in SQL-Sales