Salesforce has the ability to be provisioned into through a Connected App and an Identity Manager such as the one developed by ForgeRock. FRIM has a connector available that allows you to connect the 2 solution togethor.
The following a guide on how to do this successfully in a minimal way.
Create Salesforce Connected App
- Connect to your Saleforce App with an account that has the ability to create a Connect App.
- Go to Salesforce Setup https://xxxxxx.develop.lightning.force.com/lightning/setup/NavigationMenus/home
- From the left hand side Navigation Menu select under
Platform Tools
Apps
and thenApp Manager
- Next click
New Connected App
in the top right. - Provide the following details
key | value |
---|---|
Connected App Name | FRIM |
API Name | FRIM |
Contact Email | email@address.com |
Enable OAuth Settings | Selected |
Callback URL | http://localhost/frim/callback |
Selected OAuth Scopes |
Perform requests at any time (refresh_token, offline_access) Access the identitu URL Service (id,profile,email,address,phone) |
Require Proof ket for Code Exhcange (PKCE) Etension for supported Authorization Flow | Not Selected |
Request Secret for Web Server Flow | Selected |
Require Secret for Refresh Token Flow | Not Selected |
Enable Authorization Code and Credential Flows | Selected |
Require user credentials in the POST body for Authorization and Credential Flow | Selected |
- Click the
Save
button. - Click the
Continue
button. - Click the
Manage Consumer Details
button. - Enter the OTP they send you and click the
Verify
Button. - Copy the
Consumer Key
andConsumer Secret
as they are need ed for the next step
Get Refresh Token
- Using the details collected above add them to the following URL in a browser
https://login.salesforce.com/services/oauth2/authorize?response_type=code&client_id=<CONSUMER_KEY>&redirect_uri=http://localhost/frim/callback&scope=id+api+refresh_token
- Open the URL in a web browser and if prompted to login use the same credentails as when you created the Connected App.
- Click the
Allow
Button - The browser will know habe an entry containg the code.
Extract and URL Decode it into the following curl command
curl \
--verbose \
--data "grant_type=authorization_code" \
--data "client_id=<CONSUMER_KEY>" \
--data "client_secret=<CONSUMER_KEY>" \
--data "redirect_uri=http://localhost/frim/callback" \
--data "code=<CODE>" \
"https://login.salesforce.com/services/oauth2/token"
and it will return
{
"access_token":"xxxxxx",
"refresh_token":"xxxxxxxx",
"signature":"5LEpqlXnyRNXhLwNtoVIdEKjGcn8gNvxg7a4zWK34LY=",
"scope":"refresh_token id api",
"instance_url":"https://dxxxxxxx.develop.my.salesforce.com",
"id":"https://login.salesforce.com/id/xxxxx/xxxxxx",
"token_type":"Bearer",
"issued_at":"1723869878461"
}
- Extract and sabe the
access_token
andrefresh_token
details for later use in a ForgeRock Identity Manager configuration.
Top comments (0)