SlideShare a Scribd company logo
Deep Dive into
Connected App
SalesforceCodex.com 1
SalesforceCodex.com 2
About Me
Dhanik Lal Sahni
Technical Architect
Conduent Business Solution
Certified Application Architect
Twitter : @dhaniksahni
Blog : salesforcecodex.com
SalesforceCodex.com 3
Session 13-Agenda
• In a given scenario, recommend when to use API-based
integrations, such as SOAP, REST, Bulk, Streaming, Canvas,
Workflow outbound, APEX (Callouts, @ future, etc.), and
Lightning Connect to achieve business requirements.
• Compare and contrast the advantages and drawbacks (design
trade-offs) of using API-based integrations such as SOAP, REST,
Bulk, Streaming, Canvas, Workflow outbound, APEX (Callouts,
@future, etc.), and Lightning Connect.
28%
17%
15%
10%
15%
10%
5%
Integration Architecture
Designer Exam
1 2 3 4 5 6 7
Salesforce Integration Capabilities:: 28%
SalesforceCodex.com 4
AGENDA
• What is Connected App?
• Usage of Connected App
• Connected App Terminology
• Demos
SalesforceCodex.com 5
WHAT IS CONNECTED APP?
 A connected app is a framework that enables an external application to integrate with Salesforce using APIs,
 Connected app uses standard protocols, such as SAML, OAuth, and OpenID Connect to authorize, authenticate, and
provide single sign-on (SSO) for external apps.
SalesforceCodex.com 6
CONNECTED APP PROTOCOLS
 OAuth 2.0 is the industry-standard protocol for authorization.
 OAuth 2.0 focuses on client side to provide specific authorization flows for web applications,
desktop applications, mobile phones, and living room devices.
 Basically it allows a user’s information to be used by third party system without exposing
passwords.
 Add an identity layer on top of OAuth2.0
 Allows Clients to verify the End-User Identity and obtain his basic information.
 Basically it is used for user authentication
 Security Assertion Markup Language (SAML) 2.0 is a means to exchange authorization and
authentication information between services.
 SAML is frequently used to implement internal corporate single sign-on (SSO) solutions where
the user logs into a service that acts as the single source of identity
SalesforceCodex.com 7
Connected App and OAuth Terminology
Access Token
Authorization
Code
Instead of using the user’s Salesforce credentials, a consumer (connected app) can use an access
token to gain access
Only used in OAuth 2.0 with the web server flow, the authorization code is a token that represents the
access granted by the end user. The authorization code is used to obtain an access token and a refresh
token. It expires after 15 minutes.
Authorization
Server
The authorization server is the server that authorizes a resource owner, and upon successful
authorization, issues access tokens to the requesting consumer.
Callback URL A callback URL is the URL that is invoked after OAuth authorization for the consumer (connected app)
Consumer A consumer is the website or app that uses OAuth to authorize both the Salesforce user and itself on
the user’s behalf.
Consumer Key A consumer uses a key to identify itself to Salesforce.
SalesforceCodex.com 8
Connected App and OAuth Terminology
Consumer Secret
Refresh Token
A consumer uses a secret to establish ownership of the consumer key
Only used in OAuth 2.0, a consumer can use a refresh token to obtain a new access token, without
having the end user approve the access again.
Resource Owner The resource owner is the entity (usually the end user) that grants access to a protected resource.
Resource Server
The resource server is the server that hosts the protected resource. Your Salesforce org is the resource
server that protects your data.
SalesforceCodex.com 9
CONNECTED APP USE CASES
Access Data with API Integration
• Use a connected app to request access to Salesforce data on behalf of an
external application
• Must be integrated with the Salesforce API using the OAuth 2.0 protocol
Integrate Service Providers with
Your Salesforce Org
• Use a connected app to integrate your service provider with your Salesforce org
• Use a connected app with SAML 2.0 or OpenID Connect to integrate a service
provider with your Salesforce org
Manage Access to Third-Party
Apps
• Admins can set security policies to control what data a third-party app can
access from your org.
• Admins can also define who can use the third-party app
SalesforceCodex.com 10
CREATE A CONNECTED APP
SalesforceCodex.com 11
Connected App Server Scopes
Scope DESCRIPTION
Access Pardot
services (pardot_api)
Allows access to Pardot API services on behalf of the user.
Access and manage your
data (api)
Allows access to the current, logged-in user’s account using APIs, such as REST API and
Bulk API. This scope also includes chatter_api.
Access and manage your
Chatter feed (chatter_api)
Allows access to Connect REST API resources on behalf of the user.
Access custom
permissions (custom_permi
ssions)
Allows access to the custom permissions in an org associated with the connected app.
Full access (full)
Allows access to all data accessible by the logged-in user, and encompasses all other
scopes.
SalesforceCodex.com 12
Connected App Server Scopes
Access your basic information (id,
profile, email, address, phone)
Allows access to the identity URL service. You can request profile, email, address,
or phone individually to get the same result as using id; they are all synonymous.
Allow access to your unique
identifier (openid)
Allows access to the current, logged in user’s unique identifier for OpenID
Connect apps.
In the OAuth 2.0 user-agent flow and the OAuth 2.0 web server flow, use
the openid scope.
Perform requests on your behalf at
any time (refresh_token,
offline_access)
Allows a refresh token to be returned when the requesting client is eligible to
receive one.
Provide access to your data via the
Web (web)
Allows use of the access_token on the web. This scope also includes visualforce,
allowing access to customer-created Visualforce pages.
SalesforceCodex.com 13
CREATE A CONNECTED APP
device with limited input or display capabilities,
URL which is redirected to after successful authorization.
SalesforceCodex.com 14
DEMO
Integrate Salesforce In ASP.NET using API Integration
SalesforceCodex.com 15
Integrate Service Providers with Your Salesforce Org
• Single sign-on (SSO) lets users access other applications without logging in separately to each one—and without having to
create (and remember) different user credentials for each app.
• Two server roles important in SSO - Identity Providers and Service Providers
Identity Provider
Service Provider
An identity provider is a system entity that creates, maintains, and
manages identity information.
A service provider is a vendor that provides IT solutions and/or services to
end users and organizations.
SalesforceCodex.com 16
Integrate Service Providers with Your Salesforce Org
Integrate a Service
Provider with SAML
To integrate a service provider with your Salesforce org, you can use a
connected app that implements SAML 2.0 for user authentication
SalesforceCodex.com 17
Integrate Service Providers with Your Salesforce Org
Integrate a Service
Provider with OpenID
Connect
• OpenID Connect is a rewrite of SAML using OAuth 2.0.
• In SAML, the user is redirected from the Service Provider (SP) to the
Identity Provider (IDP) for sign in.
• In OpenID Connect, the user is redirected from the Relying Party (RP)
to the OpenID Provider (OP) for sign in.
SalesforceCodex.com 18
Demo
Single Sign-on within two Salesforce Org
SalesforceCodex.com 19
Manage Access to Third-Party Apps
SalesforceCodex.com 20
Install a Connected App
• We can install a connected app by installing a managed package that includes
the connected app as a component.
• We can also install it from OAuth connected app from the Connected Apps
OAuth Usage page
SalesforceCodex.com 21
Uninstall a Third-Party Connected App
• We can uninstall a third-party connected app from your org.
• Uninstalling an app doesn’t delete the connected app. It delete OAuth policies.
• Uninstalling a connected app only when the original developer deletes the app
from their org
• We can also block app to make it inaccessible.
SalesforceCodex.com 22
Manage OAuth Access Policies for a Connected App
Permitted Users
• All users may self-authorize
• Allows all users in the org to authorize the app after successfully signing in.
• Users must approve the app the first time they access it
• Admin approved users are pre-authorized
• Allows only users with the associated profile or permission set to access the app without first authorizing it.
SalesforceCodex.com 23
Manage OAuth Access Policies for a Connected App
IP Relaxation
• Enforce IP restrictions:
• Enforces the IP restrictions configured for the org, such as the IP ranges assigned to a user profile.
• Enforce IP restrictions, but relax for refresh tokens:
• Enforces the IP restrictions configured for the org but relax for refresj token
• Relax IP restrictions for activated devices
• Allows a user running the app to bypass the org’s IP restrictions
• app has a list of allowed IP ranges and is using the web server authentication flow.
• Relax IP restrictions
• Allows a user to run this app without org IP restrictions.
Determines user’s access to the app is restricted by IP ranges.
SalesforceCodex.com 24
Manage OAuth Access Policies for a Connected App
Refresh Token Policy
• Refresh token is valid until revoked—
• Default. The refresh token is used indefinitely, unless revoked by the user or Salesforce admin.
• Immediately expire refresh token—
• The refresh token is invalid immediately. The user can use the current session (access token) already issued, but
can’t obtain a new session when the access token expires.
• Expire refresh token if not used for n:
• The refresh token is valid as long as it’s been used within the specified amount of time.
• Expire refresh token after n
• The refresh token is valid for a fixed amount of time.
 Determine how long a refresh token is valid for.
 If refresh tokens are provided, users can continue to access the OAuth-enabled
connected app without having to reauthorize when the access token expires .
 Refresh tokens are required only when a user’s session has expired or isn’t available.
salesforcecodex.com 25
Share some inspiring words about
@salesforcecodex on twitter
salesforcecodex.com 26
Keep Exploring. Keep Learning.

More Related Content

What's hot

Lightning web components episode 2- work with salesforce data
Lightning web components   episode 2- work with salesforce dataLightning web components   episode 2- work with salesforce data
Lightning web components episode 2- work with salesforce data
Salesforce Developers
 
Security and Your Salesforce Org
Security and Your Salesforce OrgSecurity and Your Salesforce Org
Security and Your Salesforce Org
Salesforce Admins
 
Replicate Salesforce Data in Real Time with Change Data Capture
Replicate Salesforce Data in Real Time with Change Data CaptureReplicate Salesforce Data in Real Time with Change Data Capture
Replicate Salesforce Data in Real Time with Change Data Capture
Salesforce Developers
 
Webinar: Take Control of Your Org with Salesforce Optimizer
Webinar: Take Control of Your Org with Salesforce OptimizerWebinar: Take Control of Your Org with Salesforce Optimizer
Webinar: Take Control of Your Org with Salesforce Optimizer
Salesforce Admins
 
Salesforce Presentation
Salesforce PresentationSalesforce Presentation
Salesforce Presentation
Chetna Purohit
 
Salesforce Service Cloud - An overview
Salesforce Service Cloud - An overviewSalesforce Service Cloud - An overview
Salesforce Service Cloud - An overview
Ajay Balakrishnan
 
OAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedOAuth with Salesforce - Demystified
OAuth with Salesforce - Demystified
Calvin Noronha
 
Enterprise Integration - Solution Patterns From the Field
Enterprise Integration - Solution Patterns From the FieldEnterprise Integration - Solution Patterns From the Field
Enterprise Integration - Solution Patterns From the Field
Salesforce Developers
 
Salesforce integration best practices columbus meetup
Salesforce integration best practices   columbus meetupSalesforce integration best practices   columbus meetup
Salesforce integration best practices columbus meetup
MuleSoft Meetup
 
Decluttering your Salesfroce org
Decluttering your Salesfroce orgDecluttering your Salesfroce org
Decluttering your Salesfroce org
Roy Gilad
 
Sharing and setting in salesforce
Sharing and setting in salesforceSharing and setting in salesforce
Sharing and setting in salesforce
Vishesh Singhal
 
Introduction to External Objects and the OData Connector
Introduction to External Objects and the OData ConnectorIntroduction to External Objects and the OData Connector
Introduction to External Objects and the OData Connector
Salesforce Developers
 
Salesforce Tutorial for Beginners: Basic Salesforce Introduction
Salesforce Tutorial for Beginners: Basic Salesforce IntroductionSalesforce Tutorial for Beginners: Basic Salesforce Introduction
Salesforce Tutorial for Beginners: Basic Salesforce Introduction
Habilelabs
 
Introducing the Salesforce platform
Introducing the Salesforce platformIntroducing the Salesforce platform
Introducing the Salesforce platform
John Stevenson
 
Lwc presentation
Lwc presentationLwc presentation
Lwc presentation
Nithesh N
 
Introduction to Lightning Web Component
Introduction to Lightning Web Component Introduction to Lightning Web Component
Introduction to Lightning Web Component
SmritiSharan1
 
Lightning web components - Episode 4 : Security and Testing
Lightning web components  - Episode 4 : Security and TestingLightning web components  - Episode 4 : Security and Testing
Lightning web components - Episode 4 : Security and Testing
Salesforce Developers
 
Planning Your Migration to the Lightning Experience
Planning Your Migration to the Lightning ExperiencePlanning Your Migration to the Lightning Experience
Planning Your Migration to the Lightning Experience
Shell Black
 
Salesforce Training For Beginners | Salesforce Tutorial | Salesforce Training...
Salesforce Training For Beginners | Salesforce Tutorial | Salesforce Training...Salesforce Training For Beginners | Salesforce Tutorial | Salesforce Training...
Salesforce Training For Beginners | Salesforce Tutorial | Salesforce Training...
Edureka!
 
Introduction to lightning Web Component
Introduction to lightning Web ComponentIntroduction to lightning Web Component
Introduction to lightning Web Component
Mohith Shrivastava
 

What's hot (20)

Lightning web components episode 2- work with salesforce data
Lightning web components   episode 2- work with salesforce dataLightning web components   episode 2- work with salesforce data
Lightning web components episode 2- work with salesforce data
 
Security and Your Salesforce Org
Security and Your Salesforce OrgSecurity and Your Salesforce Org
Security and Your Salesforce Org
 
Replicate Salesforce Data in Real Time with Change Data Capture
Replicate Salesforce Data in Real Time with Change Data CaptureReplicate Salesforce Data in Real Time with Change Data Capture
Replicate Salesforce Data in Real Time with Change Data Capture
 
Webinar: Take Control of Your Org with Salesforce Optimizer
Webinar: Take Control of Your Org with Salesforce OptimizerWebinar: Take Control of Your Org with Salesforce Optimizer
Webinar: Take Control of Your Org with Salesforce Optimizer
 
Salesforce Presentation
Salesforce PresentationSalesforce Presentation
Salesforce Presentation
 
Salesforce Service Cloud - An overview
Salesforce Service Cloud - An overviewSalesforce Service Cloud - An overview
Salesforce Service Cloud - An overview
 
OAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedOAuth with Salesforce - Demystified
OAuth with Salesforce - Demystified
 
Enterprise Integration - Solution Patterns From the Field
Enterprise Integration - Solution Patterns From the FieldEnterprise Integration - Solution Patterns From the Field
Enterprise Integration - Solution Patterns From the Field
 
Salesforce integration best practices columbus meetup
Salesforce integration best practices   columbus meetupSalesforce integration best practices   columbus meetup
Salesforce integration best practices columbus meetup
 
Decluttering your Salesfroce org
Decluttering your Salesfroce orgDecluttering your Salesfroce org
Decluttering your Salesfroce org
 
Sharing and setting in salesforce
Sharing and setting in salesforceSharing and setting in salesforce
Sharing and setting in salesforce
 
Introduction to External Objects and the OData Connector
Introduction to External Objects and the OData ConnectorIntroduction to External Objects and the OData Connector
Introduction to External Objects and the OData Connector
 
Salesforce Tutorial for Beginners: Basic Salesforce Introduction
Salesforce Tutorial for Beginners: Basic Salesforce IntroductionSalesforce Tutorial for Beginners: Basic Salesforce Introduction
Salesforce Tutorial for Beginners: Basic Salesforce Introduction
 
Introducing the Salesforce platform
Introducing the Salesforce platformIntroducing the Salesforce platform
Introducing the Salesforce platform
 
Lwc presentation
Lwc presentationLwc presentation
Lwc presentation
 
Introduction to Lightning Web Component
Introduction to Lightning Web Component Introduction to Lightning Web Component
Introduction to Lightning Web Component
 
Lightning web components - Episode 4 : Security and Testing
Lightning web components  - Episode 4 : Security and TestingLightning web components  - Episode 4 : Security and Testing
Lightning web components - Episode 4 : Security and Testing
 
Planning Your Migration to the Lightning Experience
Planning Your Migration to the Lightning ExperiencePlanning Your Migration to the Lightning Experience
Planning Your Migration to the Lightning Experience
 
Salesforce Training For Beginners | Salesforce Tutorial | Salesforce Training...
Salesforce Training For Beginners | Salesforce Tutorial | Salesforce Training...Salesforce Training For Beginners | Salesforce Tutorial | Salesforce Training...
Salesforce Training For Beginners | Salesforce Tutorial | Salesforce Training...
 
Introduction to lightning Web Component
Introduction to lightning Web ComponentIntroduction to lightning Web Component
Introduction to lightning Web Component
 

Similar to Deep dive into Salesforce Connected App

Oracle APEX Social Login
Oracle APEX Social LoginOracle APEX Social Login
Oracle APEX Social Login
msewtz
 
SharePoint Add-Ins - Brief Overview
SharePoint Add-Ins - Brief OverviewSharePoint Add-Ins - Brief Overview
SharePoint Add-Ins - Brief Overview
Nous Infosystems
 
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
gemziebeth
 
Secure Development on the Salesforce Platform - Part 3
Secure Development on the Salesforce Platform - Part 3Secure Development on the Salesforce Platform - Part 3
Secure Development on the Salesforce Platform - Part 3
Mark Adcock
 
EduID Mobile App - Use-Cases, Concepts and Implementation
EduID Mobile App - Use-Cases, Concepts and ImplementationEduID Mobile App - Use-Cases, Concepts and Implementation
EduID Mobile App - Use-Cases, Concepts and Implementation
Christian Glahn
 
SharePoint 2013 App Provisioning Models
SharePoint 2013 App Provisioning ModelsSharePoint 2013 App Provisioning Models
SharePoint 2013 App Provisioning Models
Shailen Sukul
 
Implementing Microservices Security Patterns & Protocols with Spring
Implementing Microservices Security Patterns & Protocols with SpringImplementing Microservices Security Patterns & Protocols with Spring
Implementing Microservices Security Patterns & Protocols with Spring
VMware Tanzu
 
API, Integration, and SOA Convergence
API, Integration, and SOA ConvergenceAPI, Integration, and SOA Convergence
API, Integration, and SOA Convergence
Kasun Indrasiri
 
RESTful services and OAUTH protocol in IoT
RESTful services and OAUTH protocol in IoTRESTful services and OAUTH protocol in IoT
RESTful services and OAUTH protocol in IoT
Yakov Fain
 
SharePoint 2013 Apps and the App Model
SharePoint 2013 Apps and the App ModelSharePoint 2013 Apps and the App Model
SharePoint 2013 Apps and the App Model
James Tramel
 
App Model For SharePoint 2013
App Model For SharePoint 2013App Model For SharePoint 2013
App Model For SharePoint 2013
Toni Il Caiser
 
#2 connected apps_calicut_31_july
#2 connected apps_calicut_31_july#2 connected apps_calicut_31_july
#2 connected apps_calicut_31_july
JohnMathewPhilip
 
Salesforce Integration with MuleSoft | MuleSoft Mysore Meetup #12
Salesforce Integration with MuleSoft | MuleSoft Mysore Meetup #12Salesforce Integration with MuleSoft | MuleSoft Mysore Meetup #12
Salesforce Integration with MuleSoft | MuleSoft Mysore Meetup #12
MysoreMuleSoftMeetup
 
Salesforce Identity Management
Salesforce Identity ManagementSalesforce Identity Management
Salesforce Identity Management
Jayant Jindal
 
Securing Insecure
Securing InsecureSecuring Insecure
Securing Insecure
Prabath Siriwardena
 
Authentication with OAuth and Connected Apps
Authentication with OAuth and Connected AppsAuthentication with OAuth and Connected Apps
Authentication with OAuth and Connected Apps
Salesforce Developers
 
Meet up slides_mumbai_21032020_final
Meet up slides_mumbai_21032020_finalMeet up slides_mumbai_21032020_final
Meet up slides_mumbai_21032020_final
Akshata Sawant
 
OAuth
OAuthOAuth
OAuth
Adi Challa
 
OAuth for QuickBooks Online REST Services
OAuth for QuickBooks Online REST ServicesOAuth for QuickBooks Online REST Services
OAuth for QuickBooks Online REST Services
Intuit Developer
 
Azure API Manegement Introduction and Integeration with BizTalk
Azure API Manegement Introduction and Integeration with BizTalkAzure API Manegement Introduction and Integeration with BizTalk
Azure API Manegement Introduction and Integeration with BizTalk
Shailesh Dwivedi
 

Similar to Deep dive into Salesforce Connected App (20)

Oracle APEX Social Login
Oracle APEX Social LoginOracle APEX Social Login
Oracle APEX Social Login
 
SharePoint Add-Ins - Brief Overview
SharePoint Add-Ins - Brief OverviewSharePoint Add-Ins - Brief Overview
SharePoint Add-Ins - Brief Overview
 
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
 
Secure Development on the Salesforce Platform - Part 3
Secure Development on the Salesforce Platform - Part 3Secure Development on the Salesforce Platform - Part 3
Secure Development on the Salesforce Platform - Part 3
 
EduID Mobile App - Use-Cases, Concepts and Implementation
EduID Mobile App - Use-Cases, Concepts and ImplementationEduID Mobile App - Use-Cases, Concepts and Implementation
EduID Mobile App - Use-Cases, Concepts and Implementation
 
SharePoint 2013 App Provisioning Models
SharePoint 2013 App Provisioning ModelsSharePoint 2013 App Provisioning Models
SharePoint 2013 App Provisioning Models
 
Implementing Microservices Security Patterns & Protocols with Spring
Implementing Microservices Security Patterns & Protocols with SpringImplementing Microservices Security Patterns & Protocols with Spring
Implementing Microservices Security Patterns & Protocols with Spring
 
API, Integration, and SOA Convergence
API, Integration, and SOA ConvergenceAPI, Integration, and SOA Convergence
API, Integration, and SOA Convergence
 
RESTful services and OAUTH protocol in IoT
RESTful services and OAUTH protocol in IoTRESTful services and OAUTH protocol in IoT
RESTful services and OAUTH protocol in IoT
 
SharePoint 2013 Apps and the App Model
SharePoint 2013 Apps and the App ModelSharePoint 2013 Apps and the App Model
SharePoint 2013 Apps and the App Model
 
App Model For SharePoint 2013
App Model For SharePoint 2013App Model For SharePoint 2013
App Model For SharePoint 2013
 
#2 connected apps_calicut_31_july
#2 connected apps_calicut_31_july#2 connected apps_calicut_31_july
#2 connected apps_calicut_31_july
 
Salesforce Integration with MuleSoft | MuleSoft Mysore Meetup #12
Salesforce Integration with MuleSoft | MuleSoft Mysore Meetup #12Salesforce Integration with MuleSoft | MuleSoft Mysore Meetup #12
Salesforce Integration with MuleSoft | MuleSoft Mysore Meetup #12
 
Salesforce Identity Management
Salesforce Identity ManagementSalesforce Identity Management
Salesforce Identity Management
 
Securing Insecure
Securing InsecureSecuring Insecure
Securing Insecure
 
Authentication with OAuth and Connected Apps
Authentication with OAuth and Connected AppsAuthentication with OAuth and Connected Apps
Authentication with OAuth and Connected Apps
 
Meet up slides_mumbai_21032020_final
Meet up slides_mumbai_21032020_finalMeet up slides_mumbai_21032020_final
Meet up slides_mumbai_21032020_final
 
OAuth
OAuthOAuth
OAuth
 
OAuth for QuickBooks Online REST Services
OAuth for QuickBooks Online REST ServicesOAuth for QuickBooks Online REST Services
OAuth for QuickBooks Online REST Services
 
Azure API Manegement Introduction and Integeration with BizTalk
Azure API Manegement Introduction and Integeration with BizTalkAzure API Manegement Introduction and Integeration with BizTalk
Azure API Manegement Introduction and Integeration with BizTalk
 

Recently uploaded

National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Neo4j
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Zilliz
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website
Pixlogix Infotech
 

Recently uploaded (20)

National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website
 

Deep dive into Salesforce Connected App

  • 1. Deep Dive into Connected App SalesforceCodex.com 1
  • 2. SalesforceCodex.com 2 About Me Dhanik Lal Sahni Technical Architect Conduent Business Solution Certified Application Architect Twitter : @dhaniksahni Blog : salesforcecodex.com
  • 3. SalesforceCodex.com 3 Session 13-Agenda • In a given scenario, recommend when to use API-based integrations, such as SOAP, REST, Bulk, Streaming, Canvas, Workflow outbound, APEX (Callouts, @ future, etc.), and Lightning Connect to achieve business requirements. • Compare and contrast the advantages and drawbacks (design trade-offs) of using API-based integrations such as SOAP, REST, Bulk, Streaming, Canvas, Workflow outbound, APEX (Callouts, @future, etc.), and Lightning Connect. 28% 17% 15% 10% 15% 10% 5% Integration Architecture Designer Exam 1 2 3 4 5 6 7 Salesforce Integration Capabilities:: 28%
  • 4. SalesforceCodex.com 4 AGENDA • What is Connected App? • Usage of Connected App • Connected App Terminology • Demos
  • 5. SalesforceCodex.com 5 WHAT IS CONNECTED APP?  A connected app is a framework that enables an external application to integrate with Salesforce using APIs,  Connected app uses standard protocols, such as SAML, OAuth, and OpenID Connect to authorize, authenticate, and provide single sign-on (SSO) for external apps.
  • 6. SalesforceCodex.com 6 CONNECTED APP PROTOCOLS  OAuth 2.0 is the industry-standard protocol for authorization.  OAuth 2.0 focuses on client side to provide specific authorization flows for web applications, desktop applications, mobile phones, and living room devices.  Basically it allows a user’s information to be used by third party system without exposing passwords.  Add an identity layer on top of OAuth2.0  Allows Clients to verify the End-User Identity and obtain his basic information.  Basically it is used for user authentication  Security Assertion Markup Language (SAML) 2.0 is a means to exchange authorization and authentication information between services.  SAML is frequently used to implement internal corporate single sign-on (SSO) solutions where the user logs into a service that acts as the single source of identity
  • 7. SalesforceCodex.com 7 Connected App and OAuth Terminology Access Token Authorization Code Instead of using the user’s Salesforce credentials, a consumer (connected app) can use an access token to gain access Only used in OAuth 2.0 with the web server flow, the authorization code is a token that represents the access granted by the end user. The authorization code is used to obtain an access token and a refresh token. It expires after 15 minutes. Authorization Server The authorization server is the server that authorizes a resource owner, and upon successful authorization, issues access tokens to the requesting consumer. Callback URL A callback URL is the URL that is invoked after OAuth authorization for the consumer (connected app) Consumer A consumer is the website or app that uses OAuth to authorize both the Salesforce user and itself on the user’s behalf. Consumer Key A consumer uses a key to identify itself to Salesforce.
  • 8. SalesforceCodex.com 8 Connected App and OAuth Terminology Consumer Secret Refresh Token A consumer uses a secret to establish ownership of the consumer key Only used in OAuth 2.0, a consumer can use a refresh token to obtain a new access token, without having the end user approve the access again. Resource Owner The resource owner is the entity (usually the end user) that grants access to a protected resource. Resource Server The resource server is the server that hosts the protected resource. Your Salesforce org is the resource server that protects your data.
  • 9. SalesforceCodex.com 9 CONNECTED APP USE CASES Access Data with API Integration • Use a connected app to request access to Salesforce data on behalf of an external application • Must be integrated with the Salesforce API using the OAuth 2.0 protocol Integrate Service Providers with Your Salesforce Org • Use a connected app to integrate your service provider with your Salesforce org • Use a connected app with SAML 2.0 or OpenID Connect to integrate a service provider with your Salesforce org Manage Access to Third-Party Apps • Admins can set security policies to control what data a third-party app can access from your org. • Admins can also define who can use the third-party app
  • 11. SalesforceCodex.com 11 Connected App Server Scopes Scope DESCRIPTION Access Pardot services (pardot_api) Allows access to Pardot API services on behalf of the user. Access and manage your data (api) Allows access to the current, logged-in user’s account using APIs, such as REST API and Bulk API. This scope also includes chatter_api. Access and manage your Chatter feed (chatter_api) Allows access to Connect REST API resources on behalf of the user. Access custom permissions (custom_permi ssions) Allows access to the custom permissions in an org associated with the connected app. Full access (full) Allows access to all data accessible by the logged-in user, and encompasses all other scopes.
  • 12. SalesforceCodex.com 12 Connected App Server Scopes Access your basic information (id, profile, email, address, phone) Allows access to the identity URL service. You can request profile, email, address, or phone individually to get the same result as using id; they are all synonymous. Allow access to your unique identifier (openid) Allows access to the current, logged in user’s unique identifier for OpenID Connect apps. In the OAuth 2.0 user-agent flow and the OAuth 2.0 web server flow, use the openid scope. Perform requests on your behalf at any time (refresh_token, offline_access) Allows a refresh token to be returned when the requesting client is eligible to receive one. Provide access to your data via the Web (web) Allows use of the access_token on the web. This scope also includes visualforce, allowing access to customer-created Visualforce pages.
  • 13. SalesforceCodex.com 13 CREATE A CONNECTED APP device with limited input or display capabilities, URL which is redirected to after successful authorization.
  • 14. SalesforceCodex.com 14 DEMO Integrate Salesforce In ASP.NET using API Integration
  • 15. SalesforceCodex.com 15 Integrate Service Providers with Your Salesforce Org • Single sign-on (SSO) lets users access other applications without logging in separately to each one—and without having to create (and remember) different user credentials for each app. • Two server roles important in SSO - Identity Providers and Service Providers Identity Provider Service Provider An identity provider is a system entity that creates, maintains, and manages identity information. A service provider is a vendor that provides IT solutions and/or services to end users and organizations.
  • 16. SalesforceCodex.com 16 Integrate Service Providers with Your Salesforce Org Integrate a Service Provider with SAML To integrate a service provider with your Salesforce org, you can use a connected app that implements SAML 2.0 for user authentication
  • 17. SalesforceCodex.com 17 Integrate Service Providers with Your Salesforce Org Integrate a Service Provider with OpenID Connect • OpenID Connect is a rewrite of SAML using OAuth 2.0. • In SAML, the user is redirected from the Service Provider (SP) to the Identity Provider (IDP) for sign in. • In OpenID Connect, the user is redirected from the Relying Party (RP) to the OpenID Provider (OP) for sign in.
  • 18. SalesforceCodex.com 18 Demo Single Sign-on within two Salesforce Org
  • 20. SalesforceCodex.com 20 Install a Connected App • We can install a connected app by installing a managed package that includes the connected app as a component. • We can also install it from OAuth connected app from the Connected Apps OAuth Usage page
  • 21. SalesforceCodex.com 21 Uninstall a Third-Party Connected App • We can uninstall a third-party connected app from your org. • Uninstalling an app doesn’t delete the connected app. It delete OAuth policies. • Uninstalling a connected app only when the original developer deletes the app from their org • We can also block app to make it inaccessible.
  • 22. SalesforceCodex.com 22 Manage OAuth Access Policies for a Connected App Permitted Users • All users may self-authorize • Allows all users in the org to authorize the app after successfully signing in. • Users must approve the app the first time they access it • Admin approved users are pre-authorized • Allows only users with the associated profile or permission set to access the app without first authorizing it.
  • 23. SalesforceCodex.com 23 Manage OAuth Access Policies for a Connected App IP Relaxation • Enforce IP restrictions: • Enforces the IP restrictions configured for the org, such as the IP ranges assigned to a user profile. • Enforce IP restrictions, but relax for refresh tokens: • Enforces the IP restrictions configured for the org but relax for refresj token • Relax IP restrictions for activated devices • Allows a user running the app to bypass the org’s IP restrictions • app has a list of allowed IP ranges and is using the web server authentication flow. • Relax IP restrictions • Allows a user to run this app without org IP restrictions. Determines user’s access to the app is restricted by IP ranges.
  • 24. SalesforceCodex.com 24 Manage OAuth Access Policies for a Connected App Refresh Token Policy • Refresh token is valid until revoked— • Default. The refresh token is used indefinitely, unless revoked by the user or Salesforce admin. • Immediately expire refresh token— • The refresh token is invalid immediately. The user can use the current session (access token) already issued, but can’t obtain a new session when the access token expires. • Expire refresh token if not used for n: • The refresh token is valid as long as it’s been used within the specified amount of time. • Expire refresh token after n • The refresh token is valid for a fixed amount of time.  Determine how long a refresh token is valid for.  If refresh tokens are provided, users can continue to access the OAuth-enabled connected app without having to reauthorize when the access token expires .  Refresh tokens are required only when a user’s session has expired or isn’t available.
  • 25. salesforcecodex.com 25 Share some inspiring words about @salesforcecodex on twitter