# Guard: Salesforce ECA (Local) Connection Setup Steps {% stepper %} {% step %} ### Pre-req: get your Callback URL (redirect URI) For AutoRABIT’s Guard ECA setup, you need **the callback URL** Callback URL is depending on the instance: ``` {$isntancename}/oauth/_callback ``` Example: ``` https://perf.codescan.io/_codescan/oauth2/authorize ``` {% endstep %} {% step %} ### Create the External Client App (ECA) in your Salesforce Org 1. Login into Salesforce

2. In **Salesforce**, go to **Setup**. 3. In **Quick Find**, search **External Client Apps**. 4. Open **External Client App Manager** (or the External Client Apps area).

5. Click **New External Client App**. 6. Fill in the basics: * **Name / Label ( e.g. AR\_Local)** * **API Name** (auto-filled) * **Contact Email** * **Distribution State**: * **Local** (only for this org)

{% endstep %} {% step %} ### Enable OAuth + set callback URL + scopes 1. Click **Enable OAuth** (or expand **API (Enable OAuth Settings)** and check **Enable OAuth**). 2. Set \**Callback URL* The URL you collected in step 1. 3. Choose **OAuth Scopes**: 1. Access the Identity URL service (id, profile, email, address, phone) 2. Manage user data via APIs 3. Manage user data via web browsers (web) 4. Full access (full) 5. Perform requests at any time (refresh\_token, offline\_access.

{% endstep %} {% step %} ### Turnment 1. In **Flow Enablement**, select **Enable Authorization Code and Credentials Flow**. 2. **user credentials are required in the POST body** (Salesforce shows this option when you choose that flow) should be disabled.

{% endstep %} {% step %} ### Security toggles (common defaults) In the **Security** section the next options should be enabled: * **Require secret for Web Server Flow** * **Require secret for Refresh Token Flow** {% endstep %} {% step %} ### Create the app and capture Client ID / Secret 1. Click **Create**. 2. Open the app’s **Settings** tab and locate **Consumer Key and Secret**: * **Consumer Key** = **Client ID** * **Consumer Secret** = **Client Secret**

When you click the button for Consumer Key and Secret a code will be sent to the registered email for the user creating the configuration

After getting the code and verify in Salesforce the Consumer Key (CliendID) and Consumer Secret (Client Secret) will be displayed. **IMPORTANT: STORE THIS VALUES IN A SAFE PLACE WHERE CAN BE EASILY USED FOR FUTURE REFERECES.**

{% endstep %} {% step %} ### Configure Policies (very important) After creating the ECA, open the **Policies** tab and adjust as needed (exact options vary by org/security posture), commonly: * **Permitted Users**: often set to **Admin approved users are pre-authorized** for controlled rollouts. * Add the required **profiles/permission sets** (or approved users) for who is allowed to authorize. {% endstep %} {% step %} ### What you’ll use in AutoRABIT Once created, the set of values you’ll reference in your Guard configuration are: * **Client ID** * **Client Secret** Also, the internal direction is to be clear that **one ECA per customer org** can be used across products (rather than creating one per AR product). *** After the configuration in salesforce is complete, and you have obtained the ClientID and Client Secret, we can go to Guard to create the connection Click in Salesforce Orgs

Click in the button Add a new Org

If the org that wants to be connected already has the Guard Connected App installed and active, the connected app option should be selected if not, select External Client App as the connection type and enter all the required details in the corresponding fields.

Once the form is completed, click on the button Login to Salesforce, and a salesforce login page is shown to login with the user we intend to use for the connection.

A message from Salesforce will show to require granted permissions for the user to use the scopes defined in the ECA, Click Allow

Then, the org will be added successfully. {% hint style="info" %} **Important:** This setup is **Salesforce org-specific**. You must repeat this process **for each customer Salesforce org** you want to connect, since the External Client App is created inside (and scoped to) that org and produces org-specific credentials. {% endhint %} {% endstep %} {% endstepper %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://knowledgebase.autorabit.com/fundamentals/faq/salesforce-external-connected-app-eca-configuration-for-autorabit/guard-salesforce-eca-local-connection-setup-steps.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.