search
githubEdit

Connecting a Salesforce Org to Guard using local ECA flow

circle-info

Salesforce has introduced External Client Apps as the new standard for org connections. Learn more herearrow-up-right.

Before registering your org in Guard, please complete the following configuration in Salesforce.

hashtag
Create an External Client App

  1. Navigate to Salesforce Setup.

  2. Search for External Client Apps.

  3. Click New External Client App.

  1. Enter the required details:

Basic Information

  • External Client App Name

  • API Name (auto-populated)

  • Contact Email

Enable OAuth Settings

  1. Select Enable OAuth Settings.

  2. Provide the Callback URL in the format:

{$instance}/oauth/_callback

For example:

https://yourguard.autorabit.com/oauth/_callback

  1. Add the following OAuth scopes:

  • Access the identity URL service (id, profile, email, address, phone)

  • Full access (full)

  • Manage user data via APIs (api)

  • Manage user data via Web browsers (web)

  • Perform requests at any time (refresh_token, offline_access)

Flow Enablement

Enable the following:

  • Authorization Code and Credentials Flow (Sub-options are not required.)

Security Settings

  • Keep the first 2 options checked

  • Uncheck: Require Proof Key for Code Exchange (PKCE) extension for Supported Authorization Flows

Save and Activate

Save the application and activate it.

hashtag
Collect Client Credentials

After activation, copy the following credentials:

  • Consumer ID (Consumer Key)

  • Consumer Secret

circle-info

Newly generated credentials may take up to 10 minutes to become active. If verification fails, wait and retry.

hashtag
Register a New Salesforce Org Using OAuth via ECA

hashtag
Step 1: Open Org Registration

Navigate to:

Salesforce Orgs → Add New Org

hashtag
Step 2: Select Connection Type

Choose:

External Client App

hashtag
Step 3: Enter Required Details

Provide the following information:

  • Org Name

  • Org Type

  • Org Purpose (Production / Sandbox)

  • Client ID

  • Client Secret

Click Login with Salesforce.

hashtag
Step 4: Authorize in Salesforce

  • You will be redirected to the Salesforce login page.

  • Log in and approve Guard access.

  • Salesforce will redirect you back to Guard.

hashtag
Step 5: Successful Registration

After successful authorization:

  • The org is registered.

  • Tokens are securely encrypted and stored.

  • The org becomes available across applicable Guard modules.

  • The connection status displays as Connected.

PreviousConnecting a Salesforce Org to Guard using Connected Apps flowNextUser Management

Last updated

Was this helpful?