Creating Named Credential in Salesforce using Outh2.0

Creating a Connected App, an Authentication Provider, and a Named Credential in Salesforce for managing OAuth 2.0 integrations involves several steps that work together to secure and simplify external API access. Here’s how to set up each component:

Step 1: Create a Connected App

A Connected App in Salesforce is used to integrate your Salesforce Org with other applications. It provides the client ID and client secret needed for OAuth 2.0 authentication.

1. Navigate to Setup in Salesforce.
2. Use the Quick Find box and search for “App Manager”.
3. Click New Connected App.
4. Enter the required details:
   • Connected App Name
   • API Name
   • Contact Email
5. In the API (Enable OAuth Settings) section, check Enable OAuth Settings.
6. Enter the Callback URL provided by the external application or the one you intend to use for OAuth responses. This URL must match the one configured in your external system or application.
7. Select the OAuth Scopes that your application will need. These determine the levels of access that your application will have.
8. Click Save. Note down the Consumer Key and Consumer Secret generated; these are required to set up the Authentication Provider.

Step 2: Set Up an Authentication Provider

The Authentication Provider in Salesforce manages the identity protocols.

1. Navigate back to Setup.
2. Use the Quick Find box to search for “Auth. Providers”.
3. Click New.
4. For Provider Type, select the appropriate type depending on the service (e.g., Open ID Connect).
5. Fill in the required fields and click Save.:

• Name: Choose a name for the provider.
• Consumer Key: Use the Consumer Key from the Connected App.
• Consumer Secret: Use the Consumer Secret from the Connected App.
• Authorize Endpoint URL, Token Endpoint URL, and User Info Endpoint URL: These URLs are specific to the OAuth service provider (you can typically find this information in the API documentation of the external service).
• Default Scopes: Specify necessary scopes as defined by the external service.

Step 3: Create a Named Credential

Named Credentials manage authenticated connections to external services, storing endpoint URLs and authentication settings.

1. Navigate back to Setup.
2. In the Quick Find box, type “Named Credentials”.
3. Click New Named Credential.
4. Fill in the details:
   • URL: Enter the base URL of the external service’s API.
   • Identity Type: Usually, this is Named Principal.
   • Authentication Protocol: Choose OAuth 2.0.
   
   
   • Authentication Provider: Select the Authentication Provider you created.
   
   
   • Label and Name
5. Configure additional settings based on your needs:
   • Start Authentication Flow on Save: Useful for immediately initiating the authentication process.
   • Generate Authorization Header: Typically enabled.
   • Allow Merge Fields in HTTP Header and HTTP Body: Enable these if you require dynamic insertion of Salesforce data in API calls.
6. Click Save. If you enabled “Start Authentication Flow on Save,” follow the prompts to authenticate the connection.

Finalizing Setup

After setting up the Connected App, Authentication Provider, and Named Credential, your Salesforce org is ready to authenticate securely and make API calls to the connected external service. Test your setup by making API calls from Apex or Flow using the Named Credential to ensure everything is configured correctly.

This comprehensive setup ensures that all communications between Salesforce and external systems are secure, using OAuth 2.0 as the authentication standard.

***

Even if you deploy these setup, there might be specific configurations or re-authentications required in the client’s org:

1. Verify Endpoints and Keys: Ensure that the endpoints and keys (like Consumer Key and Secret in Connected App) are correct for the client’s environment. Sometimes these need to be regenerated or adjusted if the endpoint URLs or other service-specific details differ.
2. Re-authenticate OAuth: For OAuth setups (in Named Credentials and Authentication Providers), it’s usually necessary to initiate or re-initiate the OAuth flow to authenticate the connections in the new org, especially if the endpoints or keys have changed.
3. Permissions and Profiles: Ensure that the right Salesforce profiles or permission sets have access to the Connected App, Authentication Provider, and Named Credentials. Adjust these settings in the client’s org to match the security and access requirements.