Atlan supports the following authentication flows for Salesforce:
- OAuth 2.0 username-password flow for special scenarios
- OAuth 2.0 JWT bearer flow for server-to-server integration
You can use the following steps to configure these flows.
Use the OAuth 2.0 username-password flow
Atlan requires the following credentials for this flow:
- Username
- Password
- Consumer Key (
client_id
) - Consumer Secret (
client_secret
)
Create a connected app
To set up a connected app in Salesforce:
- Log in to Salesforce.
- In the upper right of the screen, click the settings icon and then click Setup.
- From Setup, enter
apps
in the Quick Find box and select App Manager. - In the upper right of the screen, click the New Connected App button.
- Under Basic Information, enter the following details:
- For Connected App Name, enter a meaningful name, such as
AtlanConnector
. - (The API Name should be automatically populated.)
- For Contact Email, enter your email address.
- For Connected App Name, enter a meaningful name, such as
- Under API (Enable OAuth Settings), enter the following details:
- Ensure Enable OAuth Settings is checked.
- Ensure Enable for Device Flow is checked.
- For Callback URL, enter any domain, for example
https://localhost
β this is unused. - For Selected OAuth Scopes, add the following scopes:
- Access Lightning applications (lightning)
- Manage user data via APIs (api)
- Perform requests at any time (refresh_token, offline_access)
- Ensure Require Secret for Web Server Flow is checked.
- Ensure Require Secret for Refresh Token Flow is checked.
- At the top of the screen, click the Save button to save the app.
- On the resulting screen, click Continue.
- On your new connected app page and under API (Enable OAuth Settings), click Manage Consumer Details. This will open up a new tab with the consumer details for your connected app.
- From the resulting screen:
- Copy the Consumer Key.
- Copy the Consumer Secret.
Retrieve the security token
To retrieve the integration user's personal security token:
- Within Salesforce, click your user icon in the upper right of the screen.
- Just below your name, click the Settings link.
- From the My Personal Information expandable menu on the left, click Reset My Security Token.
- On the Reset Security Token page, click the Reset Security Token button.
- Copy the resulting security token.
Use the OAuth 2.0 JWT bearer flow
Atlan requires the following credentials for this flow:
- Username
- Consumer Key (
client_id
) server.key
file
Create the server key file
The OAuth 2.0 JWT bearer authorization flow requires a digital certificate and the private key used to sign the certificate.
To create the server.key
file:
- Create a private key and a self-signed digital certificate with these instructions.
- Once the server key setup is completed, keep the following output files:
server.crt
β the digital certification file to be uploaded when creating the connected app in Salesforce.server.key
β the private key to be used when encoding the JWT token that is sent upon authentication in Atlan.
Edit the connected app policies
First, follow the instructions here to create a connected app.
Next, to edit the connected app policies:
- Log in to Salesforce.
- In the upper right of the screen, click the settings icon and then click Setup.
- From Setup, enter
connected apps
in the Quick Find box and select Manage Connected Apps. - Locate and click on your connected app, such as
AtlanConnector
. - On your connected app page, click Edit Policies.
- Under OAuth Policies, click the Permitted Users dropdown menu and select Admin approved users are pre-authorized.
- From the IP Relaxation dropdown, select Relax IP restrictions.
- For Refresh Token Policy, select Refresh token is valid until revoked.
- Click Save.
Add the server certificate file to the connected app
To add the server certificate (server.crt
) file to the connected app:
- From Setup, enter
app manager
in the Quick Find box and select App Manager. - Locate your connected app, and then click the dropdown arrow and select Edit.
- For API Enable OAuth Settings, check Use digital signatures.
- Click Choose File and upload the
server.crt
file. - Click Save.
Create a custom profile
Custom profiles are only used for non-admin users. Admin users are always set with an immutable standard profile.
To create a custom profile:
- From Setup, enter
profiles
in the Quick Find box and select Profiles. - From Profiles, click the New Profile button to navigate to the Clone Profile page.
- On the Clone Profile page, from the Existing Profile dropdown menu, select Standard User.
- For Profile Name, enter a name, such as
AtlanIntegrationProfile
. - Click Save.
- On the new profile page, click Edit.
- For Connected App Access, check the name of your connected app.
- For Administrative Permissions, uncheck all of the boxes except the following required permissions:
- API Enabled
- View Dashboards in Public Folders
- View Reports in Public Folders
- Modify All Data
- For Standard Object Permissions and Custom Object Permissions, select Read and View All for all items.
- Click Save.
Create a user
To create a non-admin user:
- From the Setup menu and under Administration, click Users to expand the dropdown menu.
- From the dropdown menu, click Users.
- On the All Users page, click the New User button.
- On the New User page, enter the required details β First Name, Last Name, Alias, Email, Username, and Nickname.
-
From the User License dropdown menu, select Salesforce.
-
From the Profile dropdown, select the custom profile you created.
-
Click Save.