Salesforce has the ability to be provisioned into through a Connected App and an Identity Manager such as the one developed by ForgeRock. FRIM has a connector available that allows you to connect the 2 solution togethor.
The following a guide on how to do this successfully in a minimal way.
Create Salesforce Connected App
- Connect to your Saleforce App with an account that has the ability to create a Connect App.
- Go to Salesforce Setup https://xxxxxx.develop.lightning.force.com/lightning/setup/NavigationMenus/home
- From the left hand side Navigation Menu select under
Platform ToolsAppsand thenApp Manager - Next click
New Connected Appin the top right.
- Provide the following details
| key | value |
|---|---|
| Connected App Name | FRIM |
| API Name | FRIM |
| Contact Email | email@address.com |
| Enable OAuth Settings | Selected |
| Callback URL | http://localhost/frim/callback |
| Selected OAuth Scopes |
Perform requests at any time (refresh_token, offline_access)Access the identitu URL Service (id,profile,email,address,phone) |
| Require Proof ket for Code Exhcange (PKCE) Etension for supported Authorization Flow | Not Selected |
| Request Secret for Web Server Flow | Selected |
| Require Secret for Refresh Token Flow | Not Selected |
| Enable Authorization Code and Credential Flows | Selected |
| Require user credentials in the POST body for Authorization and Credential Flow | Selected |
- Click the
Savebutton. - Click the
Continuebutton. - Click the
Manage Consumer Detailsbutton. - Enter the OTP they send you and click the
VerifyButton. - Copy the
Consumer KeyandConsumer Secretas they are need ed for the next step
Get Refresh Token
- Using the details collected above add them to the following URL in a browser
https://login.salesforce.com/services/oauth2/authorize?response_type=code&client_id=<CONSUMER_KEY>&redirect_uri=http://localhost/frim/callback&scope=id+api+refresh_token - Open the URL in a web browser and if prompted to login use the same credentails as when you created the Connected App.
- Click the
AllowButton
- The browser will know habe an entry containg the code.
Extract and URL Decode it into the following curl command
curl \
--verbose \
--data "grant_type=authorization_code" \
--data "client_id=<CONSUMER_KEY>" \
--data "client_secret=<CONSUMER_KEY>" \
--data "redirect_uri=http://localhost/frim/callback" \
--data "code=<CODE>" \
"https://login.salesforce.com/services/oauth2/token"
and it will return
{
"access_token":"xxxxxx",
"refresh_token":"xxxxxxxx",
"signature":"5LEpqlXnyRNXhLwNtoVIdEKjGcn8gNvxg7a4zWK34LY=",
"scope":"refresh_token id api",
"instance_url":"https://dxxxxxxx.develop.my.salesforce.com",
"id":"https://login.salesforce.com/id/xxxxx/xxxxxx",
"token_type":"Bearer",
"issued_at":"1723869878461"
}
- Extract and sabe the
access_tokenandrefresh_tokendetails for later use in a ForgeRock Identity Manager configuration.
Top comments (0)