function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
S i dS i d 

How to setup an Integration User for middleware using Oauth and connected App ?

This is one of the most common use cases, we want to setup a secure middleware user to access and create records in salesforce but using Oauth2 security. I need help in getting the right configuration set up.

Here is what I have done till now.
  1. Created a connected app using the Enable Oauth settings, and set the Oauth Scope.
  2.  Created an Integration Profile, with API Enabled and API Only user as true. Granted connected app access to this profie.
  3. Created an Integration user with this profile.
Step 1 has given me the client Id and Client secret, and Step 3 has provided the username - but it also sends an email with password to the user.
What is that I should be doing to follow the right practice ?
Best Answer chosen by S i d
Manish  ChoudhariManish Choudhari
Hi Sid,

1. Connected App is just a medium to access Salesforce Org's metadata on behalf of user. So yes, to login in your Org using connected app, you would need to provide username and password for the first time. Once you successfully login, you will authorization screen, where you basically authorize your connected app to access your Org's data on behalf of you. 
User-added image
Now to manage your user session, there are setting available in the connected app, you can change them as per your use case.
User-added image
Use of username and password: To login in your Org
Use of client id and client secret: To uniquely identify your connected app and permissions associated with it. Like what kind of data it can access, what are the user profiles associated with it etc.


Check out this help article for more details: https://help.salesforce.com/articleView?id=connected_app_create.htm&type=5


2. Yes, you can assisgn user profiles or permission set to this connected app. The users having these profiles or permission sets assigned to them, can only access this connected app (means authorize connected app to access data on their behalf), rest of the user cannot use the connect app.

3. Yes, you can use Axiom heroku app for this. http://axiomsso.herokuapp.com/Home.action
You can follow this toturial for reference (its not exactly what you want, but can give an idea) : https://developer.salesforce.com/docs/atlas.en-us.identityImplGuide.meta/identityImplGuide/identity_sso_id_provider.htm


**Please mark this as best answer if this answers your query.**

Thanks,
Manish Choudhari
14x Certified Salesforce Architect
Certification link:
http://certification.salesforce.com/certification-detail-print?conId=003G000002gRrrEIAS
My Blog: http://sfdcfacts.com/
Youtube Channel: https://www.youtube.com/SFDCFacts
LinkedIn: https://www.linkedin.com/in/manish-choudhary/
Trailhead: https://trailhead.salesforce.com/en/me/manish-choudhari
Twitter: https://mobile.twitter.com/manish_sfdc

All Answers

Manish  ChoudhariManish Choudhari
Hi Sid,

You already have right steps to follow. Yes, step3 will send password reset email to the user email address, but this email can be changed later on as well if you want to replace the email id. The password reset step cannot be skipped.

Once you get client id and client secret, use it in your 3rd party app to connect to Salesforce.

Please let me know if this helps.

**Please mark this as best answer if this answers your query.**

Thanks,
Manish Choudhari
14x Certified Salesforce Architect
Certification link:
http://certification.salesforce.com/certification-detail-print?conId=003G000002gRrrEIAS
My Blog: http://sfdcfacts.com/
Youtube Channel: https://www.youtube.com/SFDCFacts
LinkedIn: https://www.linkedin.com/in/manish-choudhary/
Trailhead: https://trailhead.salesforce.com/en/me/manish-choudhari
Twitter: https://mobile.twitter.com/manish_sfdc
S i dS i d
Thanks Manish - much appreciated. Few clarifications.
  1. Do you mean, that the 3rd party app will need all (Client Id + Client Secret + Username + Password) to login and access salesforce ?
  2. Is there anything else in configuration required to "tie" the Connected App with a user of this profile ?
  3. Is there any tool where I can test this using salesforce endpoint, and the parameters in #1
Manish  ChoudhariManish Choudhari
Hi Sid,

1. Connected App is just a medium to access Salesforce Org's metadata on behalf of user. So yes, to login in your Org using connected app, you would need to provide username and password for the first time. Once you successfully login, you will authorization screen, where you basically authorize your connected app to access your Org's data on behalf of you. 
User-added image
Now to manage your user session, there are setting available in the connected app, you can change them as per your use case.
User-added image
Use of username and password: To login in your Org
Use of client id and client secret: To uniquely identify your connected app and permissions associated with it. Like what kind of data it can access, what are the user profiles associated with it etc.


Check out this help article for more details: https://help.salesforce.com/articleView?id=connected_app_create.htm&type=5


2. Yes, you can assisgn user profiles or permission set to this connected app. The users having these profiles or permission sets assigned to them, can only access this connected app (means authorize connected app to access data on their behalf), rest of the user cannot use the connect app.

3. Yes, you can use Axiom heroku app for this. http://axiomsso.herokuapp.com/Home.action
You can follow this toturial for reference (its not exactly what you want, but can give an idea) : https://developer.salesforce.com/docs/atlas.en-us.identityImplGuide.meta/identityImplGuide/identity_sso_id_provider.htm


**Please mark this as best answer if this answers your query.**

Thanks,
Manish Choudhari
14x Certified Salesforce Architect
Certification link:
http://certification.salesforce.com/certification-detail-print?conId=003G000002gRrrEIAS
My Blog: http://sfdcfacts.com/
Youtube Channel: https://www.youtube.com/SFDCFacts
LinkedIn: https://www.linkedin.com/in/manish-choudhary/
Trailhead: https://trailhead.salesforce.com/en/me/manish-choudhari
Twitter: https://mobile.twitter.com/manish_sfdc
This was selected as the best answer
S i dS i d
Thanks Manish ! Appreciate your time and detailed description here.