Authentication in Salesforce Stages

You can configure Salesforce stages to connect to Salesforce using the following authentication methods:
Basic Authentication
You can specify a user name and password to use for basic authentication with Salesforce.

When enabled in Salesforce, you can also use mutual authentication to connect.

Connected App with OAuth
You can configure a Salesforce stage to connect to Salesforce using OAuth 2.0. The stage then uses an OAuth-enabled Salesforce connected app and the Salesforce implementation of JWT Bearer Flow to enable machine-to-machine OAuth.
To use this authentication method, you must complete several prerequisite tasks. Then in the stage, you specify a user name, consumer key, and private key.

When enabled in Salesforce, you can also use mutual authentication to connect.

Connected App with OAuth Prerequisites

You can use a Salesforce connected app to use OAuth 2.0 to connect to Salesforce. Before using OAuth 2.0 to connect to Salesforce, complete the following tasks:

  1. Generate an X.509 public key certificate and private key to use with the connected app.

    For steps on how to generate a self-signed certificate and private key, see the Salesforce documentation.

  2. Create a Salesforce connected app and copy the generated consumer key and consumer secret. For details, see the Salesforce documentation.

    You can use the same connected app for multiple Salesforce stages and pipelines, as appropriate.

  3. To specify whether Salesforce users must authorize the app, in the app, click Manage, then Edit Policies.

    Under OAuth policies, for the Permitted Users property, choose one of the following options:

    • All users may self-authorize - Requires all users to authorize the app the first time they access it. This is the default option.
    • Admin approved users are pre-authorized - Allows users with the associated profile or permission set to access the app without first authorizing it. Be sure to assign profiles or permission sets to the app if you select this option.

    For more information, see the Salesforce documentation.

  4. If users must self-authorize, use the Salesforce CLI or curl to authorize the app.

    For information about using the Salesforce CLI to authorize the app, see "Run the auth:jwt:grant CLI Command" in the Salesforce documentation.

    To use curl to authorize the app, perform the following steps:
    1. Use the consumer key from the app in the following curl command:
      curl -X GET -D - -o /dev/null "https://login.salesforce.com/services/oauth2/authorize?response_type=code&redirect_uri=https://login.salesforce.com/services/oauth2/success&client_id=<CONSUMER_KEY>"
    2. In your browser, go to the URL in the command and complete the OAuth workflow to authenticate the user.

      This redirects you to a URL with a code parameter.

    3. Copy the code and use it, as well as the consumer key and consumer secret, in the following command:
      curl -X POST "https://login.salesforce.com/services/oauth2/token?grant_type=authorization_code&redirect_uri=https://login.salesforce.com/services/oauth2/success&client_secret=<CONSUMER_SECRET>&client_id=<CONSUMER_KEY>&code=<CODE>"