Configure OAuth and REST integration

This is an Early Access feature. To enable it, use the Early Access Feature Manager as described in Manage Early Access and Beta features .

For a client application to access REST API resources, it must be authorized as a safe visitor. To implement this authorization, use a connected app and an OAuth 2.0 authorization flow. For more information, see Authorization Through Connected Apps and OAuth 2.0.

This topic describes how to configure the SalesForce integration to use REST APIs to authenticate using OAuth.

Requirements

  • Create an administrator account in Salesforce. You will use this account to create the OAuth consumer key and consumer secret used in Salesforce REST integration.
  • In Salesforce, create a connected app, enabling OAuth Settings for API Integration:
    • Create a Connected App, Configure Basic Connected App Settings.
    • Enable OAuth Settings for API Integration:
      • Enable for Device Flow: disabled
      • Callback URL: https://system-admin.okta.com/admin/app/generic/oauth20redirect
      • Use digital signatures: disabled
      • Selected OAuth scopes:
        • Access and manage your data (api)
        • Perform requests on your behalf at any time (refresh_token, offline_access)
      • Require Secret for Web Server Flow: enabled
      • Introspect All Tokens: disabled
      • Configure ID Token: disabled
      • Enable Asset Tokens: disabled
      • Enable Single Logout: disabled
  • Allow from 2-10 minutes for your changes to take effect on the server before using the connected app.
  • Once saved, get your Consumer Key and Consumer Secret under API (Enable OAuth Settings) section. They will be used to configure your Provisioning later.
  • Make sure that Refresh Token Policy is set to Refresh token is valid until revoked. This can be checked by clicking Manage on the page where you find your Consumer Key and Consumer Secret.

Configure OAuth and REST integration

Notes:

  • Even after enabling this feature, SOAP credentials (admin username and password) are used for any provisioning operation. Therefore if you haven’t configured SOAP credentials (admin username and password) previously, and haven’t configured OAuth credentials yet (the next step), you will get an invalid API credentials error for any provisioning operation.
  • You can switch back to SOAP credentials (admin username and password) workflow by disabling this feature.
  • If you previously entered SOAP credentials, you don’t need to enter them once again. Otherwise, you should enter them in Provisioning > Integration section.
  1. Go to Provisioning > Integration.
  2. Enter the following:
    • OAuth Consumer Key: Consumer Key
    • OAuth Consumer Secret: Consumer Secret

3. Click Authenticate with Salesforce.com. This opens a new Salesforce.com window.

4. Enter your administrator username and password that were used to create the Connected OAuth App.

5. Click Allow to permit access to your Connected App.

6. Click Save to save your OAuth configuration.

7. Your Salesforce integration is now authenticated.