centersl/n8n-docs
1
0
Fork 0
mirror of https://github.com/n8n-io/n8n-docs.git synced 2026-03-27 09:28:43 +07:00
Code Issues Packages Projects Releases Wiki Activity

Update Salesforce credentials documentation to emphasize External Client Apps (#4251)

Browse Source 
Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>
This commit is contained in:
Kartik Balasubramanian
2026-02-21 00:09:13 +00:00
committed by GitHub
parent 84fa45cd2b
commit 36e3aa4d46
1 changed files with 127 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

177
docs/integrations/builtin/credentials/salesforce.md
View File

@@ -21,37 +21,82 @@ You can use these credentials to authenticate the following nodes:
Refer to [Salesforce's developer documentation](https://developer.salesforce.com/docs/atlas.en-us.sfdx_dev.meta/sfdx_dev/sfdx_dev_intro.htm) for more information about the service.
/// note | Salesforce External Client Apps
Salesforce is deprecating Connected Apps in favor of External Client Apps. Both methods work with n8n. If you're creating a new integration, use External Client Apps. Existing Connected Apps will continue to work.
///
## Using JWT
To configure this credential, you'll need a [Salesforce](https://www.salesforce.com/) account and:
- Your **Environment Type** (Production or Sandbox)
- A **Client ID**: Generated when you create a connected app.
- A **Client ID**: Generated when you create an external client app or connected app.
- Your Salesforce **Username**
- A **Private Key** for a self-signed digital certificate
### Create an External Client App (recommended)
To set things up, first you'll create a private key and certificate, then an external client app:
1. In n8n, select the **Environment Type** for your connection. Choose the option that best describes your environment from **Production** or **Sandbox**.
2. Enter your Salesforce **Username**.
3. Log in to your org in Salesforce.
4. You'll need a private key and certificate issued by a certification authority. Use your own key/cert or use OpenSSL to create a key and a self-signed digital certificate. Refer to the Salesforce [Create a Private Key and Self-Signed Digital Certificate documentation](https://developer.salesforce.com/docs/atlas.en-us.sfdx_dev.meta/sfdx_dev/sfdx_dev_auth_key_and_cert.htm) for instructions on creating your own key and certificate.
5. From **Setup** in Salesforce, enter `App Manager` in the Quick Find box, then select **App Manager**.
6. On the App Manager page, select **New External Client App**.
7. Enter the required **Basic Info** for your external client app, including a **Name** and **Contact Email address**.
8. Under **API (Enable OAuth Settings)**, select **Enable OAuth**.
9. In the **Callback URL** box, add the callback URL: `http://localhost:1717/OauthRedirect` (or your n8n instance URL if self-hosting).
10. In the **OAuth Scopes** section, select these scopes:
- **Full access (full)**
- **Perform requests at any time (refresh_token, offline_access)**
11. In the **Flow Enablement** section, select **Enable JWT Bearer Flow**.
12. Select **Upload Files** and upload the file that contains your digital certificate, such as `server.crt`.
13. Under **OAuth Policies**, make sure the following settings are **unchecked**:
- **Require Secret for Web Server Flow**
- **Require Secret for Refresh Token Flow**
- **Require Proof Key for Code Exchange (PKCE) Extension for Supported Authorization Flows**
14. Select **Save**, then **Continue**.
15. Copy the **Consumer Key** and add it to your n8n credential as the **Client ID**.
16. Enter the contents of the private key file in n8n as **Private Key**.
- Use the multi-line editor in n8n.
- Enter the private key in standard PEM key format:
```
-----BEGIN PRIVATE KEY-----
KEY DATA GOES HERE
-----END PRIVATE KEY-----
```
Refer to Salesforce's [External Client App Basics](https://help.salesforce.com/s/articleView?id=sf.external_client_app_about.htm&type=5) documentation for more information.
### Create a Connected App (legacy)
/// note | Legacy method
Salesforce is deprecating Connected Apps. Use External Client Apps instead for new integrations.
///
To set things up, first you'll create a private key and certificate, then a connected app:
1. In n8n, select the **Environment Type** for your connection. Choose the option that best describes your environment from **Production** or **Sandbox**.
2. Enter your Salesforce **Username**.
1. Log in to your org in Salesforce.
2. You'll need a private key and certificate issued by a certification authority. Use your own key/cert or use OpenSSL to create a key and a self-signed digital certificate. Refer to the Salesforce [Create a Private Key and Self-Signed Digital Certificate documentation](https://developer.salesforce.com/docs/atlas.en-us.sfdx_dev.meta/sfdx_dev/sfdx_dev_auth_key_and_cert.htm) for instructions on creating your own key and certificate.
3. From **Setup** in Salesforce, enter `App Manager` in the Quick Find box, then select **App Manager**.
3. On the App Manager page, select **New Connected App**.
4. Enter the required **Basic Info** for your connected app, including a **Name** and **Contact Email address**. Refer to Salesforce's [Configure Basic Connected App Settings](https://help.salesforce.com/s/articleView?id=sf.connected_app_create_basics.htm&type=5) documentation for more information.
5. Check the box to **Enable OAuth Settings**.
6. For the **Callback URL**, enter `http://localhost:1717/OauthRedirect`.
7. Check the box to **Use digital signatures**.
8. Select **Choose File** and upload the file that contains your digital certificate, such as `server.crt`.
9. Add these **OAuth scopes**:
- **Full access (full)**
- **Perform requests at any time (refresh_token, offline_access)**
10. Select **Save**, then **Continue**. The **Manage Connected Apps** page should open to the app you just created.
11. In the **API (Enable OAuth Settings)** section, select **Manage Consumer Details**.
12. Copy the **Consumer Key** and add it to your n8n credential as the **Client ID**.
13. Enter the contents of the private key file in n8n as **Private Key**.
- Use the multi-line editor in n8n.
- Enter the private key in standard PEM key format:
3. Log in to your org in Salesforce.
4. You'll need a private key and certificate issued by a certification authority. Use your own key/cert or use OpenSSL to create a key and a self-signed digital certificate. Refer to the Salesforce [Create a Private Key and Self-Signed Digital Certificate documentation](https://developer.salesforce.com/docs/atlas.en-us.sfdx_dev.meta/sfdx_dev/sfdx_dev_auth_key_and_cert.htm) for instructions on creating your own key and certificate.
5. From **Setup** in Salesforce, enter `App Manager` in the Quick Find box, then select **App Manager**.
6. On the App Manager page, select **New Connected App**.
7. Enter the required **Basic Info** for your connected app, including a **Name** and **Contact Email address**. Refer to Salesforce's [Configure Basic Connected App Settings](https://help.salesforce.com/s/articleView?id=sf.connected_app_create_basics.htm&type=5) documentation for more information.
8. Check the box to **Enable OAuth Settings**.
9. For the **Callback URL**, enter `http://localhost:1717/OauthRedirect`.
10. Check the box to **Use digital signatures**.
11. Select **Choose File** and upload the file that contains your digital certificate, such as `server.crt`.
12. Add these **OAuth scopes**:
- **Full access (full)**
- **Perform requests at any time (refresh_token, offline_access)**
13. Select **Save**, then **Continue**. The **Manage Connected Apps** page should open to the app you just created.
14. In the **API (Enable OAuth Settings)** section, select **Manage Consumer Details**.
15. Copy the **Consumer Key** and add it to your n8n credential as the **Client ID**.
16. Enter the contents of the private key file in n8n as **Private Key**.
- Use the multi-line editor in n8n.
- Enter the private key in standard PEM key format:
```
-----BEGIN PRIVATE KEY-----
KEY DATA GOES HERE
@@ -60,15 +105,15 @@ To set things up, first you'll create a private key and certificate, then a conn
These steps are what's required on the n8n side. Salesforce recommends setting refresh token policies, session policies, and OAuth policies too:
14. In Salesforce, select **Back to Manage Connected Apps**.
15. Select **Manage**.
16. Select **Edit Policies**.
17. Review the **Refresh Token Policy** field. Salesforce recommends using expire refresh token after 90 days.
18. In the **Session Policies** section, Salesforce recommends setting **Timeout Value** to 15 minutes.
19. In the **OAuth Policies** section, select **Admin approved users are pre-authorized for permitted users** for **Permitted Users**, and select **OK**.
20. Select **Save**.
21. Select **Manage Profiles**, select the profiles that are pre-authorized to use this connected app, and select **Save**.
22. Select **Manage Permission Sets** to select the permission sets. Create permission sets if necessary.
17. In Salesforce, select **Back to Manage Connected Apps**.
18. Select **Manage**.
19. Select **Edit Policies**.
20. Review the **Refresh Token Policy** field. Salesforce recommends using expire refresh token after 90 days.
21. In the **Session Policies** section, Salesforce recommends setting **Timeout Value** to 15 minutes.
22. In the **OAuth Policies** section, select **Admin approved users are pre-authorized for permitted users** for **Permitted Users**, and select **OK**.
23. Select **Save**.
24. Select **Manage Profiles**, select the profiles that are pre-authorized to use this connected app, and select **Save**.
25. Select **Manage Permission Sets** to select the permission sets. Create permission sets if necessary.
Refer to Salesforce's [Create a Connected App in Your Org](https://developer.salesforce.com/docs/atlas.en-us.sfdx_dev.meta/sfdx_dev/sfdx_dev_auth_connected_app.htm) documentation for more information.
@@ -81,35 +126,67 @@ To configure this credential, you'll need a [Salesforce](https://www.salesforce.
Cloud and hosted users will need to select your **Environment Type**. Choose between **Production** and **Sandbox**.
If you're [self-hosting](/hosting/index.md) n8n, you'll need to configure OAuth2 from scratch by creating a connected app:
### Create an External Client App (recommended)
If you're [self-hosting](/hosting/index.md) n8n, you'll need to configure OAuth2 from scratch by creating an external client app:
1. In n8n, select the **Environment Type** for your connection. Choose the option that best describes your environment from **Production** or **Sandbox**.
2. Enter your Salesforce **Username**.
1. Log in to your org in Salesforce.
3. From **Setup** in Salesforce, enter `App Manager` in the Quick Find box, then select **App Manager**.
3. On the App Manager page, select **New Connected App**.
4. Enter the required **Basic Info** for your connected app, including a **Name** and **Contact Email address**. Refer to Salesforce's [Configure Basic Connected App Settings](https://help.salesforce.com/s/articleView?id=sf.connected_app_create_basics.htm&type=5) documentation for more information.
5. Check the box to **Enable OAuth Settings**.
6. For the **Callback URL**, enter `http://localhost:1717/OauthRedirect`.
3. Log in to your org in Salesforce.
4. From **Setup** in Salesforce, enter `App Manager` in the Quick Find box, then select **App Manager**.
5. On the App Manager page, select **New External Client App**.
6. Enter the required **Basic Info** for your external client app, including a **Name** and **Contact Email address**.
7. Under **API (Enable OAuth Settings)**, select **Enable OAuth**.
8. In the **Callback URL** box, add your n8n OAuth callback URL (for example, `https://your-n8n-instance.com/rest/oauth2-credential/callback`).
9. In the **OAuth Scopes** section, select these scopes:
- **Full access (full)**
- **Perform requests at any time (refresh_token, offline_access)**
10. In the **Flow Enablement** section, select **Enable Client Credentials Flow**.
11. Under **OAuth Policies**, make sure the following settings are **unchecked**:
- **Require Secret for Web Server Flow**
- **Require Secret for Refresh Token Flow**
- **Require Proof Key for Code Exchange (PKCE) Extension for Supported Authorization Flows**
12. Select **Save**, then **Continue**.
13. Copy the **Consumer Key** and add it to your n8n credential as the **Client ID**.
14. Copy the **Consumer Secret** and add it to your n8n credential as the **Client Secret**.
Refer to Salesforce's [External Client App Basics](https://help.salesforce.com/s/articleView?id=sf.external_client_app_about.htm&type=5) documentation for more information.
### Create a Connected App (legacy)
/// note | Legacy method
Salesforce is deprecating Connected Apps. Use External Client Apps instead for new integrations.
///
If you're [self-hosting](/hosting/index.md) n8n, you can also configure OAuth2 by creating a connected app:
1. In n8n, select the **Environment Type** for your connection. Choose the option that best describes your environment from **Production** or **Sandbox**.
2. Enter your Salesforce **Username**.
3. Log in to your org in Salesforce.
4. From **Setup** in Salesforce, enter `App Manager` in the Quick Find box, then select **App Manager**.
5. On the App Manager page, select **New Connected App**.
6. Enter the required **Basic Info** for your connected app, including a **Name** and **Contact Email address**. Refer to Salesforce's [Configure Basic Connected App Settings](https://help.salesforce.com/s/articleView?id=sf.connected_app_create_basics.htm&type=5) documentation for more information.
7. Check the box to **Enable OAuth Settings**.
8. For the **Callback URL**, enter `http://localhost:1717/OauthRedirect`.
9. Add these **OAuth scopes**:
- **Full access (full)**
- **Perform requests at any time (refresh_token, offline_access)**
- **Full access (full)**
- **Perform requests at any time (refresh_token, offline_access)**
10. Make sure the following settings are unchecked:
- **Require Proof Key for Code Exchange (PKCE) Extension for Supported Authorization Flows**
- **Require Secret for Web Server Flow**
- **Require Secret for Refresh Token Flow**
10. Select **Save**, then **Continue**. The **Manage Connected Apps** page should open to the app you just created.
11. In the **API (Enable OAuth Settings)** section, select **Manage Consumer Details**.
12. Copy the **Consumer Key** and add it to your n8n credential as the **Client ID**.
13. Copy the **Consumer Secret** and add it to your n8n credential as the **Client Secret**.
- **Require Proof Key for Code Exchange (PKCE) Extension for Supported Authorization Flows**
- **Require Secret for Web Server Flow**
- **Require Secret for Refresh Token Flow**
11. Select **Save**, then **Continue**. The **Manage Connected Apps** page should open to the app you just created.
12. In the **API (Enable OAuth Settings)** section, select **Manage Consumer Details**.
13. Copy the **Consumer Key** and add it to your n8n credential as the **Client ID**.
14. Copy the **Consumer Secret** and add it to your n8n credential as the **Client Secret**.
These steps are what's required on the n8n side. Salesforce recommends setting refresh token policies and session policies, too:
14. In Salesforce, select **Back to Manage Connected Apps**.
15. Select **Manage**.
16. Select **Edit Policies**.
17. Review the **Refresh Token Policy** field. Salesforce recommends using expire refresh token after 90 days.
18. In the **Session Policies** section, Salesforce recommends setting **Timeout Value** to 15 minutes.
15. In Salesforce, select **Back to Manage Connected Apps**.
16. Select **Manage**.
17. Select **Edit Policies**.
18. Review the **Refresh Token Policy** field. Salesforce recommends using expire refresh token after 90 days.
19. In the **Session Policies** section, Salesforce recommends setting **Timeout Value** to 15 minutes.
Refer to Salesforce's [Create a Connected App in Your Org](https://developer.salesforce.com/docs/atlas.en-us.sfdx_dev.meta/sfdx_dev/sfdx_dev_auth_connected_app.htm) documentation for more information.
@@ -127,4 +204,4 @@ If you encounter connection issues when authenticating with Salesforce from n8n
6. Enable the checkbox for **Approve Connected Apps for Non-Admins**. This checkbox might also appear as **Approve apps connected not installed** depending on your Salesforce language or translation.
7. Click **Save**.
This permission is not enabled by default, even for administrator profiles, and must be manually activated. Without this permission, you might experience authentication failures when trying to connect n8n to Salesforce.
This permission isn't enabled by default, even for administrator profiles, and must be manually activated. Without this permission, you might experience authentication failures when trying to connect n8n to Salesforce.