Salesforce: Connected Apps, Auth Provider and Named Credentials

Connected Apps

A Connected App in Salesforce is a framework that enables external applications such as mobile apps, web apps, and APIs to securely connect with Salesforce. It supports various protocols including OAuth 2.0, SAML, and OpenID Connect.

• Key Features:
  • Define OAuth scopes to specify what data the app can access.
  • Configure callback URLs for OAuth flows.
  • Control IP restrictions, session policies, and permitted users.
• Use Cases:
  • Allowing a mobile app to access Salesforce data.
  • Enabling third-party integrations with platforms like Slack and Google Workspace.
  • Providing Single Sign-On (SSO) for external applications.

🔑 Auth Provider

An Auth Provider in Salesforce allows the platform to utilize an external identity provider (IdP) for authentication purposes. It supports protocols such as OAuth 2.0, OpenID Connect, and SAML.

• Key Features:
  • Define the provider type (e.g., Salesforce, Google, Facebook, Azure AD).
  • Store client ID, client secret, authorization/token URLs.
  • Utilize registration handlers (Apex classes) for managing user provisioning.
• Use Cases:
  • Allowing Salesforce users to log in using Google, Facebook, or another Salesforce org.
  • Enabling Named Credentials for secure server-to-server callouts from Salesforce to external APIs.
  • Supporting SSO where Salesforce trusts an external IdP for authentication.

Named Credentials

Named Credentials provide a secure method to store authentication details for external callouts, such as REST or SOAP APIs, in Salesforce.

• Key Features:
  • Store the endpoint URL, authentication protocol (OAuth, Basic, JWT).
  • Automatically handle token refresh and credential rotation.
  • Simplify Apex callouts by referencing the Named Credential instead of hardcoding URLs or secrets.
• Use Cases:
  • Salesforce making callouts to external APIs like Google Maps, SAP, or AWS.
  • Securely managing credentials without exposing them in Apex code.
  • Combining with Auth Providers for OAuth flows.

How They Work Together

• Connected App: Represents an external app connecting into Salesforce.
• Auth Provider: Represents an external IdP that Salesforce trusts for authentication.
• Named Credential: Represents Salesforce making secure callouts to an external service.

Example Flow:

1. You build a Salesforce integration with Google APIs.
2. You configure an Auth Provider for Google (OAuth 2.0).
3. You create a Named Credential that uses the Auth Provider.
4. Your Apex code calls the Named Credential endpoint, and Salesforce automatically handles authentication.
5. If you want Google to call Salesforce, you configure a Connected App in Salesforce for Google.

Key Takeaways

• Connected Apps: External apps integrating into Salesforce.
• Auth Providers: Salesforce integrating out to external IdPs.
• Named Credentials: Salesforce securely storing credentials for outbound callouts.
• Together, they form the authentication and integration backbone of Salesforce.