Skip to main content

Salesforce

This guide will take you through the steps to connecting Salesforce to Catalog.

info

A Salesforce System Administrator must complete these steps.

Create a Catalog User (Optional)

We recommend creating a user and assigning them to Catalog app in order to keep a clear audit trail in Salesforce.

  1. From Setup, in Quick Find, search for Users > Users.
  2. Click New User.
  3. For the User License choose Salesforce.
  4. Set the profile to Standard User.
  5. Fill in the rest of the information based on your company's administration rules.
Salesforce Setup screen showing the New User creation page, with Users selected in the left navigation and fields for user details. The Role field is set to None Specified, the User License is Salesforce, and the Profile is Standard User, highlighted with arrows.

Create External Client App

  1. From Setup, in Quick Find, search for External Client Apps > External Client App Manager.
  2. Click New External Client App.
  3. In Basic Information, enter the required information. Name the app CatalogConnector.
  4. In API, check Enable OAuth.
    1. Callback URL - We don’t use this, so you can enter any domain such as https://localhost.
    2. OAuth Scopes:
      1. Access Lightning applications (lightning)
      2. Manage user data via APIs (api)
      3. Perform requests at any time (refresh_token, offline_access)
    3. Flow Enablement - In the same API section check the following:
      1. Enable Device Flow
    4. Security - In the same API section check the following:
      1. Require secret for Web Server Flow
      2. Require secret for Refresh Token Flow
  5. Other settings can be left at the default.
  6. Click Create.
Salesforce Setup screen showing the External Client App Manager with the CatalogConnector app open. The Settings tab is selected, displaying the Basic Information section with fields for app name, contact email, API name, distribution state, and URLs. External Client App Manager is highlighted in the left navigation.
External Client App Manager in Salesforce Setup showing the CatalogConnector app’s Basic Information settings.
Salesforce Setup screen showing OAuth Settings for the CatalogConnector external client app. The Callback URL field and OAuth Scopes section are visible, with selected scopes including API access, refresh token access, and Lightning application access. External Client App Manager is highlighted in the left navigation.
OAuth settings for the CatalogConnector external client app, including callback URL and selected OAuth scopes.
Salesforce Setup screen showing OAuth Flow Enablement and Security settings for the CatalogConnector external client app. Authorization Code and Credentials Flow and Device Flow are enabled, with security options such as requiring a client secret selected. External Client App Manager is highlighted in the left navigation.
OAuth flow enablement and security settings for the CatalogConnector external client app.

Get External App Client ID and Client Secret

  1. After saving the app, it will take you back to the app page.
  2. Click on Settings, then OAuth Settings.
  3. Click Consumer Key and Secret.
  4. It will open a new window with the Consumer Key and Consumer Secret. Copy these for later.
Salesforce Setup screen showing OAuth Settings for the CatalogConnector external client app, with the App Settings section highlighted and the Consumer Key and Secret button visible above the Callback URL field.

Set App Permissions

For these next steps, you’ll need to clone a Permission Set.

  1. From Setup, in Quick Find, search for Users > Permissions Sets.
  2. Clone any permission set with the license, Salesforce. If the license doesn’t match the user assigned to the app, the connection will fail. In this example, Event Monitoring User was cloned.
  3. Give your permission set a name and description.
  4. Under System, click System Permissions. Then click Edit.
  5. Assign the following permissions:
    1. Run Reports
    2. View Dashboards in Public Folders
    3. View Reports in Public Folders
    4. Manage All Private Reports and Dashboards
    5. View Roles and Role Hierarchy
    6. View Setup and Configuration
  6. Save.
  7. On the same Permission Sets page, click Manage Assignments near the top.
  8. Click Add Assignment.
  9. Assign the user who should have the permissions to use the Catalog app.
Salesforce Setup screen showing the Permission Sets page. The System Permissions section is highlighted, listing permissions that apply across apps, such as Modify All Data. Permission Sets is selected in the left navigation.
Permission Sets in Salesforce Setup highlighting the System Permissions section.
Salesforce Setup screen showing the Permission Sets page with a list of system permissions. The Manage All Private Reports and Dashboards permission is highlighted and selected. Permission Sets is selected in the left navigation.
System permission selection in a Salesforce permission set, highlighting Manage All Private Reports and Dashboards.

Configure OAuth and OpenID Connect Settings

  1. From Setup, in Quick Find, search for Identity > OAuth and OpenID Connect Settings.
  2. Make sure Allow OAuth Username-Password Flows is toggled on.
Salesforce Setup screen showing OAuth and OpenID Connect Settings. The Allow OAuth Username-Password Flows option is highlighted and enabled, with OAuth and OpenID Connect Settings selected in the left navigation.

Get Your Security Token

  1. Make sure you’re signed in as the user who will be using the Catalog app.
  2. Click on your profile, then Settings.
  3. In the Quick Find, search for Reset My Security Token.
  4. Click Reset Security Token.
  5. You’ll get an email with the security token.
Salesforce Setup screen showing the Reset My Security Token page. The Reset Security Token button is highlighted, with Reset My Security Token selected in the left navigation under My Personal Information.

Get Your Domain and Username

warning

The username is not the same as your email. The username will look like something like this: coalesce.support.a4bb07276aff@agentforce.com.

  1. From Setup, in Quick Find, search for Users > Users.

  2. Find the user and click on them. Copy the information in Username.

    Salesforce Setup screen showing a user detail page. The Username field is highlighted with an arrow, indicating the user’s login username, with Users selected in the left navigation.

  3. From Setup, in Quick Find, search for Company Settings > My Domain.

  4. Copy Current My Domain URL.

Salesforce Setup screen showing the My Domain settings page. The Current My Domain URL field is highlighted, displaying the organization’s My Domain URL, with My Domain selected in the left navigation.

Connect Catalog and Salesforce

  1. Go to Settings > Integrations.
  2. Find and click the Salesforce tile.
  3. Select Managed By Catalog.
  4. Give the source a name.
  5. Enter the credentials and click Save.
{
    "baseUrl": "<Your salesforce host>",
    "username": "<Your salesforce username address>",
    "password": "<Your password used to login>",
    "securityToken": "<Your security token from the reset email>",
    "clientId": "<The connected app consumer key>",
    "clientSecret": "<The connected app consumer secret>"
}

// example

{
    "baseUrl": "some-url-628db8712c-dev-ed.develop.my.salesforce.com",
    "username": "coalesce.support.a4bb07276aff@agentforce.com",
    "password": "myloginpassword",
    "securityToken": "Efe3L6BfW95xMn25bsut6lLLBxkHW",
    "clientId": "IitzUN13UdTsbHAQVr02NAVpTEMhYyQwJ",
    "clientSecret": "ENSGbqHF6QV7zTEfC3Z5VUW08"
}

Troubleshooting

Check IP Restrictions

You might need to adjust your IP settings.

  1. From Setup, in Quick Find, search for Connected Apps > Manage Connected Apps .
  2. Click Edit next to the app.
  3. Review:
    1. IP Relaxation: Enforce IP restrictions
    2. Refresh Token Policy: Refresh token is valid until revoked
Salesforce OAuth Policies section showing Permitted Users set to All users may self-authorize, IP Relaxation set to Enforce IP restrictions, and the Refresh Token Policy set to Refresh token is valid until revoked.

Need the Client ID and Client Secret

  1. From Setup, in Quick Find, search for Connected Apps > External Client App Manager .
  2. Click on the app.
  3. Click on Settings, then OAuth Settings.
  4. Click Consumer Key and Secret.

How To Test Your Connection Settings

You can make an API request to check that your credentials are correct.

The request can be done using cURL and should be x-www-form-urlencoded. Using a tool such as Postman or Insomnia makes it easy.


POST

curl --location 'your-domain-url.my.salesforce.com/services/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id='consumer key' \
--data-urlencode 'client_secret=consumer secret' \
--data-urlencode 'username=coalesce.support.a4bb07276aff@agentforce.com' \
--data-urlencode 'password=this is the login password with the security token as one word. passwordsecruitytoken' \
--data-urlencode 'grant_type=password'

Postman interface showing a POST request to the Salesforce OAuth token endpoint using the username-password grant type. The request body includes client ID, client secret, username, password with security token, and grant type, with a successful 200 OK response returning an access token and instance URL.

View Login Information

You can also check the login history to see if the connection was successful.

  1. From Setup, in Quick Find, search for Users > Users.
  2. Click on the Catalog user.
  3. Scroll to Login History. You’re looking for the application along with the status message.
Salesforce Login History table showing recent login attempts. Entries include OAuth Username-Password logins for the CatalogConnector application with successful and failed statuses, along with login time, source IP, location, and login type.

Reset Keys

  • Reset the Security Key.
  • The Consumer Key and Consumer Secret can't be reset. Create a new app.

What’s Next