Documentation
Documentation
Breadcrumbs

Downloading Files

Create External Client App (Salesforce)

  • Go to Setup > External Client App Manager

  • Create new External Client App

  • Call it Salesforce

  • Distribution state = Local

  • Go to API (Enable OAuth Settings)

  • Enable OAuth

  • Make a placeholder in Callback URL: “e.g. https://acme.sharepoint.com/services/authcallback/Salesforce

  • Select as scopes: Api, Offline_access, Refresh_token

  • Click Create

  • Go to Settings > OAuth Settings

  • Click on Consumer Key and Consumer Secret (and copy/save them)


Create another Salesforce Auth Provider

  • Go to Setup > Auth. Providers > New

  • Fill in details:

Field

Value

Provider Type

Salesforce

Name

Salesforce

URL-suffix

Salesforce

Consumer Key

Consumer Key from the External Client App

Consumer Secret

Consumer Secret from the External Client App

Default scopes

refresh_token, offline_access api

  • Uncheck checkbox "Use Proof Key for Code Exchange (PKCE) Extension"

     

Setting Up External Credentials & Named Credentials in Salesforce

Create a New External Credential

  1. Go to Setup → search for Named Credentials → select the External Credentials tab

  2. Click New

  3. Fill in the fields:

    • Label: Salesforce

    • Name: Salesforce

    • Authentication Protocol: OAuth 2.0

    • Authentication Flow Type: Browser Flow

    • Identity Provider: Select Auth Provider and choose your Salesforce auth provider

  4. Leave Scope and Additional Status Codes for Token Refresh blank

  5. Click Save

Create the Principal

  1. After saving, scroll down to the Principals section on the External Credential detail page

  2. Click New or open the existing principal

  3. Confirm/set:

    • Parameter Name: Principle

    • Sequence Number: 1

    • Identity Type: Named Principal

    • Leave Scope blank

  4. Click Save

Authenticate the Principal

  1. Back on the External Credential detail page, scroll to the Principals section

  2. You'll see the principal listed with Authentication Status: Not Configured

  3. Click the dropdown arrow on the right → select Authenticate

  4. A browser pop-up will appear asking you to log in and authorize the Salesforce org

  5. Complete the OAuth flow — once done, the Authentication Status will update to Authenticated

Create/Edit the Named Credential

  1. Still in Named Credentials, go to the Named Credentials tab

  2. Click New (or edit an existing one)

  3. Fill in:

    • Label: Salesforce1

    • Name: Salesforce1


Important: Label and Name must be exactly Salesforce1 (case-sensitive).

  1. URL: your org's URL (e.g. https://acme.my.salesforce.com )

  2. Under Authentication, set External Credential to the External Credential you created earlier

  3. Click Save

Configure Permission Set

  • Create or edit permission set for users who need document access

  • Add "External Credential Principal Access" for the Principal from Authenticate the Principle

  • Add Read permissions for "User External Credentials"