Apex Code Development You need to sign in to do that
Don't have an account?
How to setup an Integration User for middleware using Oauth and connected App ?
This is one of the most common use cases, we want to setup a secure middleware user to access and create records in salesforce but using Oauth2 security. I need help in getting the right configuration set up.
Here is what I have done till now.
What is that I should be doing to follow the right practice ?
Here is what I have done till now.
- Created a connected app using the Enable Oauth settings, and set the Oauth Scope.
- Created an Integration Profile, with API Enabled and API Only user as true. Granted connected app access to this profie.
- Created an Integration user with this profile.
What is that I should be doing to follow the right practice ?
1. Connected App is just a medium to access Salesforce Org's metadata on behalf of user. So yes, to login in your Org using connected app, you would need to provide username and password for the first time. Once you successfully login, you will authorization screen, where you basically authorize your connected app to access your Org's data on behalf of you.
Now to manage your user session, there are setting available in the connected app, you can change them as per your use case.
Use of username and password: To login in your Org
Use of client id and client secret: To uniquely identify your connected app and permissions associated with it. Like what kind of data it can access, what are the user profiles associated with it etc.
Check out this help article for more details: https://help.salesforce.com/articleView?id=connected_app_create.htm&type=5
2. Yes, you can assisgn user profiles or permission set to this connected app. The users having these profiles or permission sets assigned to them, can only access this connected app (means authorize connected app to access data on their behalf), rest of the user cannot use the connect app.
3. Yes, you can use Axiom heroku app for this. http://axiomsso.herokuapp.com/Home.action
You can follow this toturial for reference (its not exactly what you want, but can give an idea) : https://developer.salesforce.com/docs/atlas.en-us.identityImplGuide.meta/identityImplGuide/identity_sso_id_provider.htm
**Please mark this as best answer if this answers your query.**
Thanks,
Manish Choudhari
14x Certified Salesforce Architect
Certification link:http://certification.salesforce.com/certification-detail-print?conId=003G000002gRrrEIAS
My Blog: http://sfdcfacts.com/
Youtube Channel: https://www.youtube.com/SFDCFacts
LinkedIn: https://www.linkedin.com/in/manish-choudhary/
Trailhead: https://trailhead.salesforce.com/en/me/manish-choudhari
Twitter: https://mobile.twitter.com/manish_sfdc
All Answers
You already have right steps to follow. Yes, step3 will send password reset email to the user email address, but this email can be changed later on as well if you want to replace the email id. The password reset step cannot be skipped.
Once you get client id and client secret, use it in your 3rd party app to connect to Salesforce.
Please let me know if this helps.
**Please mark this as best answer if this answers your query.**
Thanks,
Manish Choudhari
14x Certified Salesforce Architect
Certification link:http://certification.salesforce.com/certification-detail-print?conId=003G000002gRrrEIAS
My Blog: http://sfdcfacts.com/
Youtube Channel: https://www.youtube.com/SFDCFacts
LinkedIn: https://www.linkedin.com/in/manish-choudhary/
Trailhead: https://trailhead.salesforce.com/en/me/manish-choudhari
Twitter: https://mobile.twitter.com/manish_sfdc
1. Connected App is just a medium to access Salesforce Org's metadata on behalf of user. So yes, to login in your Org using connected app, you would need to provide username and password for the first time. Once you successfully login, you will authorization screen, where you basically authorize your connected app to access your Org's data on behalf of you.
Now to manage your user session, there are setting available in the connected app, you can change them as per your use case.
Use of username and password: To login in your Org
Use of client id and client secret: To uniquely identify your connected app and permissions associated with it. Like what kind of data it can access, what are the user profiles associated with it etc.
Check out this help article for more details: https://help.salesforce.com/articleView?id=connected_app_create.htm&type=5
2. Yes, you can assisgn user profiles or permission set to this connected app. The users having these profiles or permission sets assigned to them, can only access this connected app (means authorize connected app to access data on their behalf), rest of the user cannot use the connect app.
3. Yes, you can use Axiom heroku app for this. http://axiomsso.herokuapp.com/Home.action
You can follow this toturial for reference (its not exactly what you want, but can give an idea) : https://developer.salesforce.com/docs/atlas.en-us.identityImplGuide.meta/identityImplGuide/identity_sso_id_provider.htm
**Please mark this as best answer if this answers your query.**
Thanks,
Manish Choudhari
14x Certified Salesforce Architect
Certification link:http://certification.salesforce.com/certification-detail-print?conId=003G000002gRrrEIAS
My Blog: http://sfdcfacts.com/
Youtube Channel: https://www.youtube.com/SFDCFacts
LinkedIn: https://www.linkedin.com/in/manish-choudhary/
Trailhead: https://trailhead.salesforce.com/en/me/manish-choudhari
Twitter: https://mobile.twitter.com/manish_sfdc