Configure OAuth and REST integration

This topic describes how to configure the Salesforce integration to use REST APIs to authenticate using OAuth.

You can configure the Salesforce integration to use REST APIs for OAuth authentication. Before Salesforce can access REST API resources, it must be authorized as a safe visitor. To do this, use a connected app and an OAuth 2.0 authorization flow. See Authorization Through Connected Apps and OAuth 2.0.

Before you begin

  1. Create an administrator account in Salesforce. Youll use this account to create the OAuth consumer key and consumer secret used in Salesforce REST integration.
  2. Create a custom user profile in Salesforce. This is required for both SOAP and REST integrations See Enable Salesforce provisioning
  3. In Salesforce, create a connected app and enable OAuth Settings for API Integration.
    • To create a Connected App, perform the steps in Configure Basic Connected App Settings.
    • To enable OAuth Settings, perform the steps in Enable OAuth Settings for API Integration. Use the following settings
      • Enable for Device Flow: disabled
      • Callback URL: https://system-admin.okta.com/admin/app/generic/oauth20redirect

        Copy and paste this URL as-is.

      • Use digital signatures: disabled
      • Selected OAuth scopes:
        • Access and manage your data (API)
        • Perform requests on your behalf at any time (refresh_token, offline_access)
      • Require Secret for Web Server Flow: enabled
      • Introspect All Tokens: disabled
      • Configure ID Token: disabled
      • Enable Asset Tokens: disabled
      • Enable Single Logout: disabled
  4. Allow up to ten minutes for your changes to take effect before using the connected app.
  5. After your changes are saved, note your Consumer Key and Consumer Secret in Enable OAuth Settings for API Integration. You'll use these to configure your Provisioning later.
  6. On the page where you found your Consumer Key and Consumer Secret, click Manage. Verify that Refresh Token Policy is set to Refresh token is valid until revoked.

Configure OAuth and REST integration

For existing customers:

Even after you enable this feature, SOAP credentials (admin username and password) are still used for all provisioning operations. Therefore, if you haven’t configured SOAP credentials , or OAuth credentials (the next step), you will get an invalid API credentials error for any provisioning operation.

  1. In the Admin Console go to Provisioning > Integration.
  2. Enter the following:
    • OAuth Consumer Key: Consumer Key from your Salesforce OAuth settings
    • OAuth Consumer Secret: Consumer Secretfrom your Salesforce OAuth settings
  3. Click Authenticate with Salesforce.com.
  4. In the new Salesforce.com window, enter the administrator username and password that you used to create the Connected OAuth App. If you previously entered SOAP credentials, you don't need to enter them again.
  5. Click Allow to permit access to your Connected App.
  6. Click Save.

Your Salesforce integration is now integrated. If you previously used SOAP credentials (admin username and password), you can switch back by disabling this feature.