Open in app

Sign in

Write

Sign in

Demystifying Salesforce integration with Connected App

Nethra Raghupathy
BRIDGEi2i
Published in
4 min readFeb 24, 2020

We are all familiar with applications built on the Salesforce platform, which are built with Visualforce pages or Lightning components. There are other classes of applications that drive a fairly large percentage of traffic that’s coming to the Salesforce authentication service, these are called the Connected app.

The Connected app is a means by which external entities can integrate with Salesforce via APIs and standard protocols, such as Security Assertion Markup Language (SAML), OAuth, and OpenID Connect.

Typically Connected apps are used for collecting metadata about the external application and for establishing a bridge between Salesforce and the external system through various authentication protocols. Through which they grant access to data with a certain level of restriction imposed via access policies.

Use cases of Connected app:

  • Provide Authorization based on OAuth protocol
  • Access Data with API Integration
  • Integrate service providers with Salesforce
  • Manage Access to Third-Party Apps

Apart from the above-mentioned use cases, the Connected app provides a few other options to utilize the Salesforce API layer like Chatter feed. Let's see how these options are used to leverage BRIDGEfunnel.

Integration of our application with Salesforce

The core of any application to operate is data. The connected app is used to request access to Salesforce data on behalf of our application. For doing this, it must be integrated with the Salesforce API using the OAuth 2.0 protocol.

OAuth 2.0 is an open protocol that enables authentication, authorization, and secure data sharing between applications through the exchange of tokens.

Since we deal with a lot of customer data from Salesforce we created a Connected app on the customer’s Salesforce org which provides limited access to the customer’s data. The Connected app enables our application to integrate with Salesforce API over the OAuth 2.0 protocol, giving it secure access to customer-defined data.

Access Salesforce data within the external application using the Connected app

Once authorized, the data can be pulled in 2 ways.

  • Integration user

Integration user is a dedicated full Salesforce license (not used by any human) that has a custom Profile, Permission Set, and is used for any 3rd party integrations. It is a more secure and auditable way to move data into and out of customer instance without relying on an existing user’s license. The Integration user is then assigned to the Connected app with the required access control, whose credentials are used for data pulling.

  • ETL

For an ETL system that accepts OAuth2 authorization like Talend, the obtained Connected app identity (i.e ClientID and Client secret) is directly fed into the system where data mapping is done from Salesforce to the destination database.

Integration with Salesforce Chatter feed

Now that the data is obtained. We deliver real-time deal-specific recommendations to salesforce users via Chatter.

Chatter is a Salesforce real-time collaboration application that lets your users work together, talk to each other, and share information.

Salesforce allows several OAuth 2.0 authentication types to choose from and out of which we use chatter feed to post our tactic recommendation for every opportunity. To achieve this, the scope of OAuth 2.0 needs to be set to API and chatter API. With this flow, our server hosting the app will protect the Connected app’s identity, defined by the client ID and client secret. Customer Salesforce sends a callback with an access token and that’ll be used by Salesforce Chatter API to post recommendations.

Below code snippet, takes opportunity ID and access token as input to push recommendation for every opportunity in the chatter feed.

url = 'https://instance.salesforce.com/services/data/v42.0/chatter/feed-elements'body = {'body' : {'messageSegments' : [{'type' : 'Text','text' : text}]},'feedElementType' : 'FeedItem','subjectId' : opportunity ID}
    
response = requests.post(url,json = body,headers = {'Authorization': 'Bearer access_token','Content-Type':'application/json'})

Integrate service providers with Salesforce

We have a web application that resides outside Salesforce and it acts as an identity provider. The Connected app is the one that is used to integrate our external application (service provider) with the Salesforce org. This inherent flow is achieved via Connected apps that implement SAML 2.0 or OpenID Connect for user authentication.

SAML 2.0

The Connected app is used with SAML 2.0 to integrate a service provider with your Salesforce org. Salesforce supports SAML single sign-on (SSO) when the service provider or the identity provider initiates the flow.

To set up this SSO flow, our web app is configured as a Connected app. Customer Salesforce org is defined as the SAML identity provider for the Connected app.

OpenID Connect

Sequence diagram for OpenID Connect

Like SAML, OpenID Connect is another authorization protocol that enables SSO between two services. Unlike SAML, OpenID Connect is built for today’s API economy. It adds an authentication layer on top of OAuth 2.0 to enable a secure exchange of ID tokens that contain user information alongside OAuth access tokens.

To integrate our web application with customer Salesforce org, we used the Connected app that implements OpenID Connect for user authentication. An OAuth 2.0 client is created, which provides an OpenID token to communicate to the end system. The token provided by the client will have the necessary user information that enables us to log in to our web application via their Salesforce or community credentials.

To know more about our product, visit www.bridgefunnel.ai!

Salesforce
Connected Apps
Authorization

--

--

Nethra Raghupathy
BRIDGEi2i

Written by Nethra Raghupathy

10 Followers
Writer for

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams