This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Application Integration: Create Salesforce Connection using JWT

Posted on 01-18-2023 09:06 PM
Mamatha
Staff
Reply posted on --/--/---- --:-- AM

We can connect to salesforce using 2 ways:

  1. OAUTH2 JWT BEARER
  2. UserName and Password-https://www.googlecloudcommunity.com/gc/Integration-Services/Application-Integration-Create-Salesforce-Conne...

This document explains how to connect to Salesforce using OAuth JWT Bearer 

Make sure to enable the required api’s and grant the necessary roles to the service account. Follow the link below before you begin.

Prerequisites:https://cloud.google.com/integration-connectors/docs/connectors/salesforce/configure#before-you-begi...

We can connect to salesforce using 2 ways:

OAUTH2 JWT BEARER

Step 1:Creating private key and X509 certificate

Step 2:Creating connected app in Salesforce

Step 3:Prior Approval of the Client App

Step 4:Create Salesforce Connection

Step 1:Creating private key and X509 certificate

You can use openssl to generate private keys and public certificates.

Sample openssl command to generate the private key. You can open the cloud shell and enter this command. 

openssl genrsa -out privatekey.pem 1024

Mamatha_0-1674104441328.png

openssl req -new -x509 -key privatekey.pem -out publickey.cer -days 3650

Mamatha_1-1674104441561.png

Now list the files generated:

ls -lrt

Mamatha_2-1674104441355.png

Download these files from the gcloud to your local system by clicking the download and selecting the privatekey.pem and publickey.cer files

Mamatha_3-1674104441444.png

Mamatha_4-1674104441365.png

Step 2:Creating Connected App in Salesforce

Note:Salesforce is always an evolving product, some terminologies and screenshots might differ.

Login to salesforce domain and go to setup under settings

Mamatha_5-1674104441368.png

Go to Platform Tools->Apps->App Manager->New Connected App

Mamatha_6-1674104441563.png

Fill in Connected App Name, email, phone, description etc. 

Mamatha_7-1674104441529.png

Tick ‘Enable OAuth Settings’. Fill Callback URL = ‘https://oauthdebugger.com/debug’ // we are using a great online debugger. Tick ‘Use digital signatures’.Upload <publickey.cer from Step 1>

Mamatha_8-1674104441435.png

Selected OAuth Scopes = Perform request at any time(refresh_token, offline access) and Manage user data via APIs (api). If required, then you can add more scopes. 

Mamatha_10-1674104441497.png

Save the connected app you created. Then click on Manage Consumer Details to save the Client_ID. 

Mamatha_11-1674104441373.png

Step 3:Prior approval of the Client App

This needs to be performed once per salesforce user(or profile) This will be a backend administrative approval action

Note: If we don't perform Step 3, we will get the following error in step 5 {"error":"invalid_grant","error_description":"user hasn't approved this consumer"}

Let us pretend to be an admin and approve this app/consumer to access a specific user’s data associated with a specific profile.

Go to Platform Tools->Apps->Connected Apps->Manage Connected Apps and click edit against your app.

Mamatha_12-1674104441440.png

Choose ‘Permitted Users’ = ‘Admin approved users are pre-authorized’ and click on Save .

Mamatha_13-1674104441541.png

Go to Settings > Setup->Administration->Users->Profiles. Edit the profile associated with the user(In my case the user is associated with the System administrator profile. 

Under profile search for the property “Connected App Access” and “Tick” and then save the profile

Mamatha_14-1674104441363.png

Under profile search for the property “Connected App Access” and “Tick” and then save the profile

Mamatha_15-1674104441576.png

Step 4:Create Salesforce Connection

In your Google Cloud project search for Integration Connector and click on create new connection.

Mamatha_16-1674104441568.png

Specify the location where your connection will run. Here I’m specifying it as us-west1.

Mamatha_17-1674104441397.png

Provide the Connection Details(connector, version, connection name, description and service account)

Mamatha_18-1674104441465.png

Make sure to grant the following roles to the service account that you want to use to create the connection:

  • roles/secretmanager.viewer
  • roles/secretmanager.secretAccessor

Click Next and provide destination details. In this case I’m using a trial account and it will default to https://login,salesforce .com. If you are using a custom domain then you need to specify the custom domain login endpoint. 

Mamatha_19-1674104441357.png

Under Authentication click on OAuth 2.0-JWT Bearer and provide Connected App Client ID under Connected App Consumer Key, The username that is associated with the connected app you created in salesforce and create the secret manager secret by providing the private key generated in the Step 1. 

Mamatha_20-1674104441547.png

While creating the secret make sure to copy the complete content of the private key. Below is the expected format.

-----BEGIN PRIVATE KEY-----

MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCf1nlnhQa5gYX

...

...

-----END PRIVATE KEY-----

Mamatha_21-1674104441439.png

Review the connection and create. This might take a couple of minutes to create the connection and activate it. 

Mamatha_22-1674104441492.png

To verify the connection, you can go to Salesforce->Settings->Setup->Users->My user and click on the user email id and scroll down to the login history.

Mamatha_23-1674104441527.png

Now, you should have the connection status as active under connections. 

Mamatha_24-1674104441495.png

 

 

4 4 6,507
4 REPLIES 4

Posted on --/--/---- --:-- AM
shefali
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

@Mamatha : Could you please explain the steps for the second method as well? 2. UserName and Password

Posted on --/--/---- --:-- AM
Mamatha
Staff
In response to shefali
Reply posted on --/--/---- --:-- AM

Explained here-https://www.googlecloudcommunity.com/gc/Integration-Services/Application-Integration-Create-Salesforce-Conne...

0 Likes

Posted on --/--/---- --:-- AM
AdamThorsell
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

@Mamatha , thanks for this excellent writeup, I have the connector working thanks to you!

Now... if I wanted to use the connected Salesforce org as the endpoint for a push notification from the Google Admin SDK Directory API, as described here, what additional steps are needed to set that up?  I am trying to figure out how to generate the proper certificate and install it.  Which platform stores it?

0 Likes

Posted on --/--/---- --:-- AM
hugorozestraten
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

Great post, direct to the point. I have my connection working, thanks

Top Labels in this Space