How to set up Salesforce

Atlan supports the following authentication flows for Salesforce:

• OAuth 2.0 username-password flow for special scenarios
• OAuth 2.0 JWT bearer flow for server-to-server integration

You can use the following steps to configure these flows.

Use the OAuth 2.0 username-password flow

Atlan requires the following credentials for this flow:

• Username
• Password
• Consumer Key (client_id)
• Consumer Secret (client_secret)

Create a connected app

To set up a connected app in Salesforce:

1. Log in to Salesforce.
2. In the upper right of the screen, click the settings icon and then click Setup. 
3. From Setup, enter apps in the Quick Find box and select App Manager.
4. In the upper right of the screen, click the New Connected App button.
5. Under Basic Information, enter the following details:
   • For Connected App Name, enter a meaningful name, such as AtlanConnector.
   • (The API Name should be automatically populated.)
   • For Contact Email, enter your email address.
6. Under API (Enable OAuth Settings), enter the following details:
   • Ensure Enable OAuth Settings is checked.
   • Ensure Enable for Device Flow is checked.
   • For Callback URL, enter any domain, for example https://localhost — this is unused.
   • For Selected OAuth Scopes, add the following scopes:
   • Access Lightning applications (lightning) 
   • Manage user data via APIs (api)
   • Perform requests at any time (refresh_token, online_access)
   • Ensure Require Secret for Web Server Flow is checked.
   • Ensure Require Secret for Refresh Token Flow is checked.
7. At the top of the screen, click the Save button to save the app.
8. On the resulting screen, click Continue.
9. On your new connected app page and under API (Enable OAuth Settings), click Manage Consumer Details. This will open up a new tab with the consumer details for your connected app.
10. From the resulting screen:
    • Copy the Consumer Key.
    • Copy the Consumer Secret.

Retrieve the security token

To retrieve the integration user's personal security token:

1. Within Salesforce, click your user icon in the upper right of the screen.
2. Just below your name, click the Settings link.
3. From the My Personal Information expandable menu on the left, click Reset My Security Token.
4. On the Reset Security Token page, click the Reset Security Token button.
5. Copy the resulting security token.

Use the OAuth 2.0 JWT bearer flow

Atlan requires the following credentials for this flow:

• Username
• Consumer Key (client_id)
• server.key file

Create the server key file

The OAuth 2.0 JWT bearer authorization flow requires a digital certificate and the private key used to sign the certificate.

To create the server.key file:

1. Create a private key and a self-signed digital certificate with these instructions.
2. Once the server key setup is completed, keep the following output files:
• server.crt— the digital certification file to be uploaded when creating the connected app in Salesforce.
• server.key— the private key to be used when encoding the JWT token that is sent upon authentication in Atlan.

Edit the connected app policies

First, follow the instructions here to create a connected app.

Next, to edit the connected app policies:

1. Log in to Salesforce.
2. In the upper right of the screen, click the settings icon and then click Setup. 
3. From Setup, enter connected apps in the Quick Find box and select Manage Connected Apps.
4. Locate and click on your connected app, such as AtlanConnector.
5. On your connected app page, click Edit Policies.
6. Under OAuth Policies, click the Permitted Users dropdown menu and select Admin approved users are pre-authorized.
7. From the IP Relaxation dropdown, select Relax IP restrictions.
8. For Refresh Token Policy, select Refresh token is valid until revoked.
9. Click Save.

Add the server certificate file to the connected app

To add the server certificate (server.crt) file to the connected app:

1. From Setup, enter app manager in the Quick Find box and select App Manager.
2. Locate your connected app, and then click the dropdown arrow and select Edit.
3. For API Enable OAuth Settings, check Use digital signatures. 
4. Click Choose File and upload the server.crt file.
5. Click Save.

Create a custom profile

Custom profiles are only used for non-admin users. Admin users are always set with an immutable standard profile.

To create a custom profile:

1. From Setup, enter profiles in the Quick Find box and select Profiles.
2. From Profiles, click the New Profile button to navigate to the Clone Profile page.
3. On the Clone Profile page, from the Existing Profile dropdown menu, select Standard User.
4. For Profile Name, enter a name, such as AtlanIntegrationProfile.
5. Click Save.
6. On the new profile page, click Edit.
7. For Connected App Access, check the name of your connected app.
8. For Administrative Permissions>, uncheck all of the boxes except the following required permissions:
• API Enabled
• View Dashboards in Public Folders
• View Reports in Public Folders
9. For Standard Object Permissions and Custom Object Permissions, select Read and View All for all items.
10. Click Save.

Create a user

To create a non-admin user:

1. From the Setup menu and under Administration, click Users to expand the dropdown menu.
2. From the dropdown menu, click Users.
3. On the All Users page, click the New User button.
4. On the New User page, enter the required details — First Name, Last Name, Alias, Email, Username, and Nickname.

5. From the User License dropdown menu, select Salesforce.

6. From the Profile dropdown, select the custom profile you created.

7. Click Save.