For an external application that needs to integrate with Salesforce, we need to create a connected app in Salesforce so as to inform Salesforce about the new authentication entry point. Connected App is a framework that uses APIs and standard protocols, such as Security Assertion Markup Language (SAML), OAuth, and OpenID Connect to authorize, authenticate, and provide single sign-on (SSO) for external apps.
a) Accessing data from Salesforce:
Let say you build a web-based app that pulls in opportunity status from your Salesforce org, you can create a connected app for it. The connected app, with the help of OAuth 2.0, integrates the web-based app with your Salesforce API, giving it authorized access to the defined data.
With the OAuth 2.0 client credentials flow, your client app exchanges its client credentials defined in the connected app—its consumer key and consumer secret—for an access token.
Before you set up the client credentials flow, it’s important to understand its security risks. With this flow enabled, any person or app that has access to your connected app’s consumer key and consumer secret can get an access token. Maintain security by periodically changing your consumer secret, and change it immediately if it becomes compromised.
b) Integrate service providers with Salesforce:
Let say we build a custom app and we want our users to login into custom app with their Salesforce credentials, In this we can create a connected app with SAML 2.0 to integrate a service provider with our org. We can also use a connected app with OpenID Connect scope to integrate a service provider with our Salesforce org. To use this option, the service provider must accept OpenID Connect tokens.
c) Set security policies and provide authorization:
In addition to above we can use Connected App to set security policies to control what data a third-party app can access from our org and to provide authorization for external API gateways, such as API gateways hosted on MuleSoft’s Anypoint Platform.
As a Salesforce developer, you can build a connected app for your org, but other Salesforce orgs can install it for use, too.
As a Salesforce admin, you install, uninstall, and—when necessary—block connected apps from the Salesforce org. As an admin, you also configure permissions and policies for the apps, explicitly defining who can use the connected apps and where they can access the apps from. These permissions and policies, which include profiles, permission sets, IP range restrictions, and multi-factor authentication (MFA), provide extra security for your org.
How to determine if your org is an owner or consumer of a Connected App?
As a connected app owner, your Salesforce org built the app. You can edit the app’s characteristics and manage its access policies.
As a connected app consumer, your org installed the app from the AppExchange Marketplace or as a managed package from a third-party vendor’s website. You can only edit the app’s access policies
No comments:
Post a Comment