Skip to Content

Security Provider - Salesforce / OpenID Connect

Note

This connection guide is the recommended process for user level Account authentication between Vinyl and Salesforce. See the Salesforce JWT OAuth Connection Guide if you are looking to configure Service Account authentication.

The Salesforce / OpenID Connect (SF/OIDC) security provider is a vendor-specific implementation of the OpenID Connect security provider. The Salesforce implementation allows Vinyl to authenticate Salesforce users. It can also be used to authorize requests to the following data servers:

  • Salesforce ADO.NET
  • REST

Limitations

  • The SF/OIDC security provider cannot be used with Salesforce1 Platform data servers
  • The SF/OIDC security provider does not support the ReplaceIssuerTenantId parameter

Configure in Salesforce

To get started you will need to login to your Salesforce account and create a Connected App.

From the Manage Connected Apps screen in Salesforce:

  1. Provide the Callback URL value. This is the URL invoked after OAuth authorization for the consumer connected app. This is the Vinyl root directory/signin-[Name of Security Provider].
    For example: https://example.com/Vinyl/signin-Salesforce

  2. Add the following Available OAuth Scopes to the Selected OAuth Scopes list:

    • Access the identity URL service (id, profile, email, address, phone)
    • Access unique user identifiers (openid)
    • Full access (full)
    • Manage user data via APIs (api)
    • Perform requests at any time (refresh_token, offline_access)

  3. Ensure the following options are enabled:

    • Require Proof Key for Code Exchange (PKCE) Extension for Supported Authorization Flows
    • Require Secret for Web Server Flow
    • Require Secret for Refresh Token Flow
    • Enable Client Credentials Flow

The Consumer Key and Consumer Secret for the Salesforce Connected App are required for the Vinyl configuration. Make sure you have these values handy to reference.

To obtain the Salesforce Connected App credentials:

  1. Log into your Salesforce account
  2. Navigate to Apps > Connected Apps > Manage Connected Apps
  3. Click the Manage Consumer Details button for Consumer Key and Secret
  4. Copy the Consumer Key and Consumer Secret values

Configure Salesforce as a Security Provider in Vinyl

The SF/OIDC security provider requires:

  • Client credentials (Consumer Key and Consumer Secret)

To configure the Salesforce security provider:

  1. Log into the Vinyl instance as an administrator
  2. Navigate to the IDE
  3. Click Security Providers from the Connect menu
  4. Click + Data Source Authentication from the Data Source Authentication panel

  5. Provide the following:

    • Name: Salesforce
    • Type: Salesforce / OpenID Connect

  6. Check the Enabled field

  7. Select User as the Tokens Owner value
  8. Click the Save button
  9. In the Endpoints panel, Vinyl supplies default endpoints and no additional configuration is needed unless you wish to override the default. The OpenID Connect Issuer default value is https://login.salesforce.com.

  10. In the Credentials panel, click the + Credential button to add the following credential:

    • Type: Client
    • User Name: provide the Salesforce Consumer Key
    • Password: provide the Salesforce Consumer Secret

  11. Click Save and exit the Credential screen

  12. In the Properties panel, click the +Property button to add the following properties:

    • Parameter: Scopes
    • Value: openid profile offline_access api

  13. Click Save and exit the Properties screen

  14. Click + Claim from the Claims panel and add the following:

    • Identifier: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
    • Usage: Name

  15. Click Save and add one additional Claims record:

    • Identifier: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier
    • Usage: Name ID

  16. Click Save

Register Salesforce as a Data Source Server

To register Salesforce as a data source server:

  1. Log into the Vinyl instance as an administrator
  2. Navigate to the IDE
  3. Click the Data Servers button from the Connect menu
  4. Click + Server to register a new server

  5. Provide the following:

    • Server Name: An identifiable Name. For example: Salesforce Connected App
    • Type: Salesforce ADO.NET

  6. Click the Advanced Settings button

  7. Provide the OAuth server information in the Advanced field:

    https://<your instance>.salesforce.com/services/Soap/c/56.0/<your organization ID>
    To find your instance, log into Salesforce and the URL will begin with the proper instance.
    The organization ID can be found by following this Salesforce article: Find your Salesforce Organization ID

  8. Click Save and exit back to the Server settings screen

  9. Expand Security Settings and select Salesforce as the Security Provider
  10. Click Save

  11. Expand Testing and click the Test Connection button

    • Click the Proceed button to confirm. If all information is configured correctly, you will receive the message, "The connection test passed."