SlideShare a Scribd company logo

Deep dive into Salesforce Connected App

Download as PPTX, PDF
D
Dhanik Sahni

This document provides an overview of connected apps in Salesforce. It defines connected apps and their usage, protocols like OAuth and SAML, and terminology. It also demonstrates how to create a connected app, integrate a service provider using SAML or OpenID Connect, and manage access to third-party apps. The document contains examples of connected app use cases and managing OAuth access policies. It concludes by encouraging the reader to continue exploring and learning.

Technology
1 of 26
Deep Dive into Connected App SalesforceCodex.com 1
SalesforceCodex.com 2 About Me Dhanik Lal Sahni Technical Architect Conduent Business Solution Certified Application Architect Twitter : @dhaniksahni Blog : salesforcecodex.com
SalesforceCodex.com 3 Session 13-Agenda • In a given scenario, recommend when to use API-based integrations, such as SOAP, REST, Bulk, Streaming, Canvas, Workflow outbound, APEX (Callouts, @ future, etc.), and Lightning Connect to achieve business requirements. • Compare and contrast the advantages and drawbacks (design trade-offs) of using API-based integrations such as SOAP, REST, Bulk, Streaming, Canvas, Workflow outbound, APEX (Callouts, @future, etc.), and Lightning Connect. 28% 17% 15% 10% 15% 10% 5% Integration Architecture Designer Exam 1 2 3 4 5 6 7 Salesforce Integration Capabilities:: 28%
SalesforceCodex.com 4 AGENDA • What is Connected App? • Usage of Connected App • Connected App Terminology • Demos
SalesforceCodex.com 5 WHAT IS CONNECTED APP?  A connected app is a framework that enables an external application to integrate with Salesforce using APIs,  Connected app uses standard protocols, such as SAML, OAuth, and OpenID Connect to authorize, authenticate, and provide single sign-on (SSO) for external apps.
SalesforceCodex.com 6 CONNECTED APP PROTOCOLS  OAuth 2.0 is the industry-standard protocol for authorization.  OAuth 2.0 focuses on client side to provide specific authorization flows for web applications, desktop applications, mobile phones, and living room devices.  Basically it allows a user’s information to be used by third party system without exposing passwords.  Add an identity layer on top of OAuth2.0  Allows Clients to verify the End-User Identity and obtain his basic information.  Basically it is used for user authentication  Security Assertion Markup Language (SAML) 2.0 is a means to exchange authorization and authentication information between services.  SAML is frequently used to implement internal corporate single sign-on (SSO) solutions where the user logs into a service that acts as the single source of identity
SalesforceCodex.com 7 Connected App and OAuth Terminology Access Token Authorization Code Instead of using the user’s Salesforce credentials, a consumer (connected app) can use an access token to gain access Only used in OAuth 2.0 with the web server flow, the authorization code is a token that represents the access granted by the end user. The authorization code is used to obtain an access token and a refresh token. It expires after 15 minutes. Authorization Server The authorization server is the server that authorizes a resource owner, and upon successful authorization, issues access tokens to the requesting consumer. Callback URL A callback URL is the URL that is invoked after OAuth authorization for the consumer (connected app) Consumer A consumer is the website or app that uses OAuth to authorize both the Salesforce user and itself on the user’s behalf. Consumer Key A consumer uses a key to identify itself to Salesforce.
SalesforceCodex.com 8 Connected App and OAuth Terminology Consumer Secret Refresh Token A consumer uses a secret to establish ownership of the consumer key Only used in OAuth 2.0, a consumer can use a refresh token to obtain a new access token, without having the end user approve the access again. Resource Owner The resource owner is the entity (usually the end user) that grants access to a protected resource. Resource Server The resource server is the server that hosts the protected resource. Your Salesforce org is the resource server that protects your data.
SalesforceCodex.com 9 CONNECTED APP USE CASES Access Data with API Integration • Use a connected app to request access to Salesforce data on behalf of an external application • Must be integrated with the Salesforce API using the OAuth 2.0 protocol Integrate Service Providers with Your Salesforce Org • Use a connected app to integrate your service provider with your Salesforce org • Use a connected app with SAML 2.0 or OpenID Connect to integrate a service provider with your Salesforce org Manage Access to Third-Party Apps • Admins can set security policies to control what data a third-party app can access from your org. • Admins can also define who can use the third-party app
SalesforceCodex.com 10 CREATE A CONNECTED APP
SalesforceCodex.com 11 Connected App Server Scopes Scope DESCRIPTION Access Pardot services (pardot_api) Allows access to Pardot API services on behalf of the user. Access and manage your data (api) Allows access to the current, logged-in user’s account using APIs, such as REST API and Bulk API. This scope also includes chatter_api. Access and manage your Chatter feed (chatter_api) Allows access to Connect REST API resources on behalf of the user. Access custom permissions (custom_permi ssions) Allows access to the custom permissions in an org associated with the connected app. Full access (full) Allows access to all data accessible by the logged-in user, and encompasses all other scopes.
SalesforceCodex.com 12 Connected App Server Scopes Access your basic information (id, profile, email, address, phone) Allows access to the identity URL service. You can request profile, email, address, or phone individually to get the same result as using id; they are all synonymous. Allow access to your unique identifier (openid) Allows access to the current, logged in user’s unique identifier for OpenID Connect apps. In the OAuth 2.0 user-agent flow and the OAuth 2.0 web server flow, use the openid scope. Perform requests on your behalf at any time (refresh_token, offline_access) Allows a refresh token to be returned when the requesting client is eligible to receive one. Provide access to your data via the Web (web) Allows use of the access_token on the web. This scope also includes visualforce, allowing access to customer-created Visualforce pages.
SalesforceCodex.com 13 CREATE A CONNECTED APP device with limited input or display capabilities, URL which is redirected to after successful authorization.
SalesforceCodex.com 14 DEMO Integrate Salesforce In ASP.NET using API Integration
SalesforceCodex.com 15 Integrate Service Providers with Your Salesforce Org • Single sign-on (SSO) lets users access other applications without logging in separately to each one—and without having to create (and remember) different user credentials for each app. • Two server roles important in SSO - Identity Providers and Service Providers Identity Provider Service Provider An identity provider is a system entity that creates, maintains, and manages identity information. A service provider is a vendor that provides IT solutions and/or services to end users and organizations.
SalesforceCodex.com 16 Integrate Service Providers with Your Salesforce Org Integrate a Service Provider with SAML To integrate a service provider with your Salesforce org, you can use a connected app that implements SAML 2.0 for user authentication
SalesforceCodex.com 17 Integrate Service Providers with Your Salesforce Org Integrate a Service Provider with OpenID Connect • OpenID Connect is a rewrite of SAML using OAuth 2.0. • In SAML, the user is redirected from the Service Provider (SP) to the Identity Provider (IDP) for sign in. • In OpenID Connect, the user is redirected from the Relying Party (RP) to the OpenID Provider (OP) for sign in.
SalesforceCodex.com 18 Demo Single Sign-on within two Salesforce Org
SalesforceCodex.com 19 Manage Access to Third-Party Apps
SalesforceCodex.com 20 Install a Connected App • We can install a connected app by installing a managed package that includes the connected app as a component. • We can also install it from OAuth connected app from the Connected Apps OAuth Usage page
SalesforceCodex.com 21 Uninstall a Third-Party Connected App • We can uninstall a third-party connected app from your org. • Uninstalling an app doesn’t delete the connected app. It delete OAuth policies. • Uninstalling a connected app only when the original developer deletes the app from their org • We can also block app to make it inaccessible.
SalesforceCodex.com 22 Manage OAuth Access Policies for a Connected App Permitted Users • All users may self-authorize • Allows all users in the org to authorize the app after successfully signing in. • Users must approve the app the first time they access it • Admin approved users are pre-authorized • Allows only users with the associated profile or permission set to access the app without first authorizing it.
SalesforceCodex.com 23 Manage OAuth Access Policies for a Connected App IP Relaxation • Enforce IP restrictions: • Enforces the IP restrictions configured for the org, such as the IP ranges assigned to a user profile. • Enforce IP restrictions, but relax for refresh tokens: • Enforces the IP restrictions configured for the org but relax for refresj token • Relax IP restrictions for activated devices • Allows a user running the app to bypass the org’s IP restrictions • app has a list of allowed IP ranges and is using the web server authentication flow. • Relax IP restrictions • Allows a user to run this app without org IP restrictions. Determines user’s access to the app is restricted by IP ranges.
SalesforceCodex.com 24 Manage OAuth Access Policies for a Connected App Refresh Token Policy • Refresh token is valid until revoked— • Default. The refresh token is used indefinitely, unless revoked by the user or Salesforce admin. • Immediately expire refresh token— • The refresh token is invalid immediately. The user can use the current session (access token) already issued, but can’t obtain a new session when the access token expires. • Expire refresh token if not used for n: • The refresh token is valid as long as it’s been used within the specified amount of time. • Expire refresh token after n • The refresh token is valid for a fixed amount of time.  Determine how long a refresh token is valid for.  If refresh tokens are provided, users can continue to access the OAuth-enabled connected app without having to reauthorize when the access token expires .  Refresh tokens are required only when a user’s session has expired or isn’t available.
salesforcecodex.com 25 Share some inspiring words about @salesforcecodex on twitter
salesforcecodex.com 26 Keep Exploring. Keep Learning.

Recommended

Salesforce Integration Pattern Overview
Salesforce Integration Pattern OverviewSalesforce Integration Pattern Overview
Salesforce Integration Pattern Overview
Dhanik Sahni
 
Salesforce Integration Patterns
Salesforce Integration PatternsSalesforce Integration Patterns
Salesforce Integration Patterns
usolutions
 
Two-Way Integration with Writable External Objects
Two-Way Integration with Writable External ObjectsTwo-Way Integration with Writable External Objects
Two-Way Integration with Writable External Objects
Salesforce Developers
 
Architect day 20181128 - Afternoon Session
Architect day 20181128 - Afternoon SessionArchitect day 20181128 - Afternoon Session
Architect day 20181128 - Afternoon Session
Salesforce - Sweden, Denmark, Norway
 
Salesforce.com Sandbox management
Salesforce.com Sandbox management Salesforce.com Sandbox management
Salesforce.com Sandbox management
Ali Akbar
 
Integrating with salesforce
Integrating with salesforceIntegrating with salesforce
Integrating with salesforce
Mark Adcock
 
Integration using Salesforce Canvas
Integration using Salesforce CanvasIntegration using Salesforce Canvas
Integration using Salesforce Canvas
Dhanik Sahni
 
Managing the Role Hierarchy at Enterprise Scale
Managing the Role Hierarchy at Enterprise ScaleManaging the Role Hierarchy at Enterprise Scale
Managing the Role Hierarchy at Enterprise Scale
Salesforce Developers
 

Recommended

Salesforce Integration Pattern Overview
Salesforce Integration Pattern OverviewSalesforce Integration Pattern Overview
Salesforce Integration Pattern Overview
Dhanik Sahni
 
Salesforce Integration Patterns
Salesforce Integration PatternsSalesforce Integration Patterns
Salesforce Integration Patterns
usolutions
 
Two-Way Integration with Writable External Objects
Two-Way Integration with Writable External ObjectsTwo-Way Integration with Writable External Objects
Two-Way Integration with Writable External Objects
Salesforce Developers
 
Architect day 20181128 - Afternoon Session
Architect day 20181128 - Afternoon SessionArchitect day 20181128 - Afternoon Session
Architect day 20181128 - Afternoon Session
Salesforce - Sweden, Denmark, Norway
 
Salesforce.com Sandbox management
Salesforce.com Sandbox management Salesforce.com Sandbox management
Salesforce.com Sandbox management
Ali Akbar
 
Integrating with salesforce
Integrating with salesforceIntegrating with salesforce
Integrating with salesforce
Mark Adcock
 
Integration using Salesforce Canvas
Integration using Salesforce CanvasIntegration using Salesforce Canvas
Integration using Salesforce Canvas
Dhanik Sahni
 
Managing the Role Hierarchy at Enterprise Scale
Managing the Role Hierarchy at Enterprise ScaleManaging the Role Hierarchy at Enterprise Scale
Managing the Role Hierarchy at Enterprise Scale
Salesforce Developers
 
Salesforce integration best practices columbus meetup
Salesforce integration best practices columbus meetupSalesforce integration best practices columbus meetup
Salesforce integration best practices columbus meetup
MuleSoft Meetup
 
Introduction to Apex for Developers
Introduction to Apex for DevelopersIntroduction to Apex for Developers
Introduction to Apex for Developers
Salesforce Developers
 
Salesforce Streaming event - PushTopic and Generic Events
Salesforce Streaming event - PushTopic and Generic EventsSalesforce Streaming event - PushTopic and Generic Events
Salesforce Streaming event - PushTopic and Generic Events
Dhanik Sahni
 
Real Time Integration with Salesforce Platform Events
Real Time Integration with Salesforce Platform EventsReal Time Integration with Salesforce Platform Events
Real Time Integration with Salesforce Platform Events
Salesforce Developers
 
Introduction to Apex Triggers
Introduction to Apex TriggersIntroduction to Apex Triggers
Introduction to Apex Triggers
Salesforce Developers
 
Getting Started With Apex REST Services
Getting Started With Apex REST ServicesGetting Started With Apex REST Services
Getting Started With Apex REST Services
Salesforce Developers
 
Enterprise Integration - Solution Patterns From the Field
Enterprise Integration - Solution Patterns From the FieldEnterprise Integration - Solution Patterns From the Field
Enterprise Integration - Solution Patterns From the Field
Salesforce Developers
 
Lightning web components - Introduction, component Lifecycle, Events, decorat...
Lightning web components - Introduction, component Lifecycle, Events, decorat...Lightning web components - Introduction, component Lifecycle, Events, decorat...
Lightning web components - Introduction, component Lifecycle, Events, decorat...
Nidhi Sharma
 
Automate All The Things with Flow
Automate All The Things with FlowAutomate All The Things with Flow
Automate All The Things with Flow
Salesforce Admins
 
Intro to Salesforce Lightning Web Components (LWC)
Intro to Salesforce Lightning Web Components (LWC)Intro to Salesforce Lightning Web Components (LWC)
Intro to Salesforce Lightning Web Components (LWC)
Roy Gilad
 
Decluttering your Salesfroce org
Decluttering your Salesfroce orgDecluttering your Salesfroce org
Decluttering your Salesfroce org
Roy Gilad
 
Salesforce Cross-Cloud Architecture
Salesforce Cross-Cloud ArchitectureSalesforce Cross-Cloud Architecture
Salesforce Cross-Cloud Architecture
Thierry TROUIN ☁
 
Flow in Salesforce
Flow in SalesforceFlow in Salesforce
Flow in Salesforce
vikas singh
 
LWC Episode 3- Component Communication and Aura Interoperability
LWC Episode 3- Component Communication and Aura InteroperabilityLWC Episode 3- Component Communication and Aura Interoperability
LWC Episode 3- Component Communication and Aura Interoperability
Salesforce Developers
 
Lightning web components
Lightning web components Lightning web components
Lightning web components
Cloud Analogy
 
Lightning web components episode 2- work with salesforce data
Lightning web components episode 2- work with salesforce dataLightning web components episode 2- work with salesforce data
Lightning web components episode 2- work with salesforce data
Salesforce Developers
 
Introduction to External Objects and the OData Connector
Introduction to External Objects and the OData ConnectorIntroduction to External Objects and the OData Connector
Introduction to External Objects and the OData Connector
Salesforce Developers
 
Salesforce Integration
Salesforce IntegrationSalesforce Integration
Salesforce Integration
Joshua Hoskins
 
Planning Your Migration to the Lightning Experience
Planning Your Migration to the Lightning ExperiencePlanning Your Migration to the Lightning Experience
Planning Your Migration to the Lightning Experience
Shell Black
 
Admin Webinar—An Admin's Guide to Profiles & Permissions
Admin Webinar—An Admin's Guide to Profiles & PermissionsAdmin Webinar—An Admin's Guide to Profiles & Permissions
Admin Webinar—An Admin's Guide to Profiles & Permissions
Salesforce Admins
 
Oracle APEX Social Login
Oracle APEX Social LoginOracle APEX Social Login
Oracle APEX Social Login
msewtz
 
OAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedOAuth with Salesforce - Demystified
OAuth with Salesforce - Demystified
Calvin Noronha
 

More Related Content

What's hot

Salesforce Cross-Cloud Architecture
Salesforce Cross-Cloud ArchitectureSalesforce Cross-Cloud Architecture
Salesforce Cross-Cloud Architecture
Thierry TROUIN ☁
 
Introduction to External Objects and the OData Connector
Introduction to External Objects and the OData ConnectorIntroduction to External Objects and the OData Connector
Introduction to External Objects and the OData Connector
Salesforce Developers
 

What's hot (20)

Salesforce integration best practices columbus meetup
Salesforce integration best practices columbus meetupSalesforce integration best practices columbus meetup
Salesforce integration best practices columbus meetup
 
Introduction to Apex for Developers
Introduction to Apex for DevelopersIntroduction to Apex for Developers
Introduction to Apex for Developers
 
Salesforce Streaming event - PushTopic and Generic Events
Salesforce Streaming event - PushTopic and Generic EventsSalesforce Streaming event - PushTopic and Generic Events
Salesforce Streaming event - PushTopic and Generic Events
 
Real Time Integration with Salesforce Platform Events
Real Time Integration with Salesforce Platform EventsReal Time Integration with Salesforce Platform Events
Real Time Integration with Salesforce Platform Events
 
Introduction to Apex Triggers
Introduction to Apex TriggersIntroduction to Apex Triggers
Introduction to Apex Triggers
 
Getting Started With Apex REST Services
Getting Started With Apex REST ServicesGetting Started With Apex REST Services
Getting Started With Apex REST Services
 
Enterprise Integration - Solution Patterns From the Field
Enterprise Integration - Solution Patterns From the FieldEnterprise Integration - Solution Patterns From the Field
Enterprise Integration - Solution Patterns From the Field
 
Lightning web components - Introduction, component Lifecycle, Events, decorat...
Lightning web components - Introduction, component Lifecycle, Events, decorat...Lightning web components - Introduction, component Lifecycle, Events, decorat...
Lightning web components - Introduction, component Lifecycle, Events, decorat...
 
Automate All The Things with Flow
Automate All The Things with FlowAutomate All The Things with Flow
Automate All The Things with Flow
 
Intro to Salesforce Lightning Web Components (LWC)
Intro to Salesforce Lightning Web Components (LWC)Intro to Salesforce Lightning Web Components (LWC)
Intro to Salesforce Lightning Web Components (LWC)
 
Decluttering your Salesfroce org
Decluttering your Salesfroce orgDecluttering your Salesfroce org
Decluttering your Salesfroce org
 
Salesforce Cross-Cloud Architecture
Salesforce Cross-Cloud ArchitectureSalesforce Cross-Cloud Architecture
Salesforce Cross-Cloud Architecture
 
Flow in Salesforce
Flow in SalesforceFlow in Salesforce
Flow in Salesforce
 
LWC Episode 3- Component Communication and Aura Interoperability
LWC Episode 3- Component Communication and Aura InteroperabilityLWC Episode 3- Component Communication and Aura Interoperability
LWC Episode 3- Component Communication and Aura Interoperability
 
Lightning web components
Lightning web components Lightning web components
Lightning web components
 
Lightning web components episode 2- work with salesforce data
Lightning web components episode 2- work with salesforce dataLightning web components episode 2- work with salesforce data
Lightning web components episode 2- work with salesforce data
 
Introduction to External Objects and the OData Connector
Introduction to External Objects and the OData ConnectorIntroduction to External Objects and the OData Connector
Introduction to External Objects and the OData Connector
 
Salesforce Integration
Salesforce IntegrationSalesforce Integration
Salesforce Integration
 
Planning Your Migration to the Lightning Experience
Planning Your Migration to the Lightning ExperiencePlanning Your Migration to the Lightning Experience
Planning Your Migration to the Lightning Experience
 
Admin Webinar—An Admin's Guide to Profiles & Permissions
Admin Webinar—An Admin's Guide to Profiles & PermissionsAdmin Webinar—An Admin's Guide to Profiles & Permissions
Admin Webinar—An Admin's Guide to Profiles & Permissions
 

Similar to Deep dive into Salesforce Connected App

Salesforce Integration with MuleSoft | MuleSoft Mysore Meetup #12
Salesforce Integration with MuleSoft | MuleSoft Mysore Meetup #12Salesforce Integration with MuleSoft | MuleSoft Mysore Meetup #12
Salesforce Integration with MuleSoft | MuleSoft Mysore Meetup #12
MysoreMuleSoftMeetup
 
Authentication with OAuth and Connected Apps
Authentication with OAuth and Connected AppsAuthentication with OAuth and Connected Apps
Authentication with OAuth and Connected Apps
Salesforce Developers
 

Similar to Deep dive into Salesforce Connected App (20)

Oracle APEX Social Login
Oracle APEX Social LoginOracle APEX Social Login
Oracle APEX Social Login
 
OAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedOAuth with Salesforce - Demystified
OAuth with Salesforce - Demystified
 
SharePoint Add-Ins - Brief Overview
SharePoint Add-Ins - Brief OverviewSharePoint Add-Ins - Brief Overview
SharePoint Add-Ins - Brief Overview
 
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
 
Secure Development on the Salesforce Platform - Part 3
Secure Development on the Salesforce Platform - Part 3Secure Development on the Salesforce Platform - Part 3
Secure Development on the Salesforce Platform - Part 3
 
EduID Mobile App - Use-Cases, Concepts and Implementation
EduID Mobile App - Use-Cases, Concepts and ImplementationEduID Mobile App - Use-Cases, Concepts and Implementation
EduID Mobile App - Use-Cases, Concepts and Implementation
 
SharePoint 2013 App Provisioning Models
SharePoint 2013 App Provisioning ModelsSharePoint 2013 App Provisioning Models
SharePoint 2013 App Provisioning Models
 
Implementing Microservices Security Patterns & Protocols with Spring
Implementing Microservices Security Patterns & Protocols with SpringImplementing Microservices Security Patterns & Protocols with Spring
Implementing Microservices Security Patterns & Protocols with Spring
 
API, Integration, and SOA Convergence
API, Integration, and SOA ConvergenceAPI, Integration, and SOA Convergence
API, Integration, and SOA Convergence
 
RESTful services and OAUTH protocol in IoT
RESTful services and OAUTH protocol in IoTRESTful services and OAUTH protocol in IoT
RESTful services and OAUTH protocol in IoT
 
SharePoint 2013 Apps and the App Model
SharePoint 2013 Apps and the App ModelSharePoint 2013 Apps and the App Model
SharePoint 2013 Apps and the App Model
 
App Model For SharePoint 2013
App Model For SharePoint 2013App Model For SharePoint 2013
App Model For SharePoint 2013
 
#2 connected apps_calicut_31_july
#2 connected apps_calicut_31_july#2 connected apps_calicut_31_july
#2 connected apps_calicut_31_july
 
Salesforce Integration with MuleSoft | MuleSoft Mysore Meetup #12
Salesforce Integration with MuleSoft | MuleSoft Mysore Meetup #12Salesforce Integration with MuleSoft | MuleSoft Mysore Meetup #12
Salesforce Integration with MuleSoft | MuleSoft Mysore Meetup #12
 
Salesforce Identity Management
Salesforce Identity ManagementSalesforce Identity Management
Salesforce Identity Management
 
Securing Insecure
Securing InsecureSecuring Insecure
Securing Insecure
 
Authentication with OAuth and Connected Apps
Authentication with OAuth and Connected AppsAuthentication with OAuth and Connected Apps
Authentication with OAuth and Connected Apps
 
Meet up slides_mumbai_21032020_final
Meet up slides_mumbai_21032020_finalMeet up slides_mumbai_21032020_final
Meet up slides_mumbai_21032020_final
 
OAuth
OAuthOAuth
OAuth
 
OAuth for QuickBooks Online REST Services
OAuth for QuickBooks Online REST ServicesOAuth for QuickBooks Online REST Services
OAuth for QuickBooks Online REST Services
 

Recently uploaded

Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Skynet Technologies
 
Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024
Hiroshi SHIBATA
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
Safe Software
 
TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024
Stephen Perrenod
 
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
Muhammad Subhan
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
Srushith Repakula
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
FIDO Alliance
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
FIDO Alliance
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overview
DianaGray10
 

Recently uploaded (20)

Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
 
Using IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandUsing IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & Ireland
 
Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024
 
The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform Engineering
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024
 
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data Science
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overview
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
 

Deep dive into Salesforce Connected App

  • 1. Deep Dive into Connected App SalesforceCodex.com 1
  • 2. SalesforceCodex.com 2 About Me Dhanik Lal Sahni Technical Architect Conduent Business Solution Certified Application Architect Twitter : @dhaniksahni Blog : salesforcecodex.com
  • 3. SalesforceCodex.com 3 Session 13-Agenda • In a given scenario, recommend when to use API-based integrations, such as SOAP, REST, Bulk, Streaming, Canvas, Workflow outbound, APEX (Callouts, @ future, etc.), and Lightning Connect to achieve business requirements. • Compare and contrast the advantages and drawbacks (design trade-offs) of using API-based integrations such as SOAP, REST, Bulk, Streaming, Canvas, Workflow outbound, APEX (Callouts, @future, etc.), and Lightning Connect. 28% 17% 15% 10% 15% 10% 5% Integration Architecture Designer Exam 1 2 3 4 5 6 7 Salesforce Integration Capabilities:: 28%
  • 4. SalesforceCodex.com 4 AGENDA • What is Connected App? • Usage of Connected App • Connected App Terminology • Demos
  • 5. SalesforceCodex.com 5 WHAT IS CONNECTED APP?  A connected app is a framework that enables an external application to integrate with Salesforce using APIs,  Connected app uses standard protocols, such as SAML, OAuth, and OpenID Connect to authorize, authenticate, and provide single sign-on (SSO) for external apps.
  • 6. SalesforceCodex.com 6 CONNECTED APP PROTOCOLS  OAuth 2.0 is the industry-standard protocol for authorization.  OAuth 2.0 focuses on client side to provide specific authorization flows for web applications, desktop applications, mobile phones, and living room devices.  Basically it allows a user’s information to be used by third party system without exposing passwords.  Add an identity layer on top of OAuth2.0  Allows Clients to verify the End-User Identity and obtain his basic information.  Basically it is used for user authentication  Security Assertion Markup Language (SAML) 2.0 is a means to exchange authorization and authentication information between services.  SAML is frequently used to implement internal corporate single sign-on (SSO) solutions where the user logs into a service that acts as the single source of identity
  • 7. SalesforceCodex.com 7 Connected App and OAuth Terminology Access Token Authorization Code Instead of using the user’s Salesforce credentials, a consumer (connected app) can use an access token to gain access Only used in OAuth 2.0 with the web server flow, the authorization code is a token that represents the access granted by the end user. The authorization code is used to obtain an access token and a refresh token. It expires after 15 minutes. Authorization Server The authorization server is the server that authorizes a resource owner, and upon successful authorization, issues access tokens to the requesting consumer. Callback URL A callback URL is the URL that is invoked after OAuth authorization for the consumer (connected app) Consumer A consumer is the website or app that uses OAuth to authorize both the Salesforce user and itself on the user’s behalf. Consumer Key A consumer uses a key to identify itself to Salesforce.
  • 8. SalesforceCodex.com 8 Connected App and OAuth Terminology Consumer Secret Refresh Token A consumer uses a secret to establish ownership of the consumer key Only used in OAuth 2.0, a consumer can use a refresh token to obtain a new access token, without having the end user approve the access again. Resource Owner The resource owner is the entity (usually the end user) that grants access to a protected resource. Resource Server The resource server is the server that hosts the protected resource. Your Salesforce org is the resource server that protects your data.
  • 9. SalesforceCodex.com 9 CONNECTED APP USE CASES Access Data with API Integration • Use a connected app to request access to Salesforce data on behalf of an external application • Must be integrated with the Salesforce API using the OAuth 2.0 protocol Integrate Service Providers with Your Salesforce Org • Use a connected app to integrate your service provider with your Salesforce org • Use a connected app with SAML 2.0 or OpenID Connect to integrate a service provider with your Salesforce org Manage Access to Third-Party Apps • Admins can set security policies to control what data a third-party app can access from your org. • Admins can also define who can use the third-party app
  • 11. SalesforceCodex.com 11 Connected App Server Scopes Scope DESCRIPTION Access Pardot services (pardot_api) Allows access to Pardot API services on behalf of the user. Access and manage your data (api) Allows access to the current, logged-in user’s account using APIs, such as REST API and Bulk API. This scope also includes chatter_api. Access and manage your Chatter feed (chatter_api) Allows access to Connect REST API resources on behalf of the user. Access custom permissions (custom_permi ssions) Allows access to the custom permissions in an org associated with the connected app. Full access (full) Allows access to all data accessible by the logged-in user, and encompasses all other scopes.
  • 12. SalesforceCodex.com 12 Connected App Server Scopes Access your basic information (id, profile, email, address, phone) Allows access to the identity URL service. You can request profile, email, address, or phone individually to get the same result as using id; they are all synonymous. Allow access to your unique identifier (openid) Allows access to the current, logged in user’s unique identifier for OpenID Connect apps. In the OAuth 2.0 user-agent flow and the OAuth 2.0 web server flow, use the openid scope. Perform requests on your behalf at any time (refresh_token, offline_access) Allows a refresh token to be returned when the requesting client is eligible to receive one. Provide access to your data via the Web (web) Allows use of the access_token on the web. This scope also includes visualforce, allowing access to customer-created Visualforce pages.
  • 13. SalesforceCodex.com 13 CREATE A CONNECTED APP device with limited input or display capabilities, URL which is redirected to after successful authorization.
  • 14. SalesforceCodex.com 14 DEMO Integrate Salesforce In ASP.NET using API Integration
  • 15. SalesforceCodex.com 15 Integrate Service Providers with Your Salesforce Org • Single sign-on (SSO) lets users access other applications without logging in separately to each one—and without having to create (and remember) different user credentials for each app. • Two server roles important in SSO - Identity Providers and Service Providers Identity Provider Service Provider An identity provider is a system entity that creates, maintains, and manages identity information. A service provider is a vendor that provides IT solutions and/or services to end users and organizations.
  • 16. SalesforceCodex.com 16 Integrate Service Providers with Your Salesforce Org Integrate a Service Provider with SAML To integrate a service provider with your Salesforce org, you can use a connected app that implements SAML 2.0 for user authentication
  • 17. SalesforceCodex.com 17 Integrate Service Providers with Your Salesforce Org Integrate a Service Provider with OpenID Connect • OpenID Connect is a rewrite of SAML using OAuth 2.0. • In SAML, the user is redirected from the Service Provider (SP) to the Identity Provider (IDP) for sign in. • In OpenID Connect, the user is redirected from the Relying Party (RP) to the OpenID Provider (OP) for sign in.
  • 18. SalesforceCodex.com 18 Demo Single Sign-on within two Salesforce Org
  • 20. SalesforceCodex.com 20 Install a Connected App • We can install a connected app by installing a managed package that includes the connected app as a component. • We can also install it from OAuth connected app from the Connected Apps OAuth Usage page
  • 21. SalesforceCodex.com 21 Uninstall a Third-Party Connected App • We can uninstall a third-party connected app from your org. • Uninstalling an app doesn’t delete the connected app. It delete OAuth policies. • Uninstalling a connected app only when the original developer deletes the app from their org • We can also block app to make it inaccessible.
  • 22. SalesforceCodex.com 22 Manage OAuth Access Policies for a Connected App Permitted Users • All users may self-authorize • Allows all users in the org to authorize the app after successfully signing in. • Users must approve the app the first time they access it • Admin approved users are pre-authorized • Allows only users with the associated profile or permission set to access the app without first authorizing it.
  • 23. SalesforceCodex.com 23 Manage OAuth Access Policies for a Connected App IP Relaxation • Enforce IP restrictions: • Enforces the IP restrictions configured for the org, such as the IP ranges assigned to a user profile. • Enforce IP restrictions, but relax for refresh tokens: • Enforces the IP restrictions configured for the org but relax for refresj token • Relax IP restrictions for activated devices • Allows a user running the app to bypass the org’s IP restrictions • app has a list of allowed IP ranges and is using the web server authentication flow. • Relax IP restrictions • Allows a user to run this app without org IP restrictions. Determines user’s access to the app is restricted by IP ranges.
  • 24. SalesforceCodex.com 24 Manage OAuth Access Policies for a Connected App Refresh Token Policy • Refresh token is valid until revoked— • Default. The refresh token is used indefinitely, unless revoked by the user or Salesforce admin. • Immediately expire refresh token— • The refresh token is invalid immediately. The user can use the current session (access token) already issued, but can’t obtain a new session when the access token expires. • Expire refresh token if not used for n: • The refresh token is valid as long as it’s been used within the specified amount of time. • Expire refresh token after n • The refresh token is valid for a fixed amount of time.  Determine how long a refresh token is valid for.  If refresh tokens are provided, users can continue to access the OAuth-enabled connected app without having to reauthorize when the access token expires .  Refresh tokens are required only when a user’s session has expired or isn’t available.
  • 25. salesforcecodex.com 25 Share some inspiring words about @salesforcecodex on twitter