< Back to provar.com
Documentation

Looking for something in particular?

Adding a Salesforce OAuth(Web Flow) Connection

Traditional Salesforce connections in Automation are dependent on the username and password to make a connection which in turn is used to download Salesforce metadata, make API calls, and create and execute automated tests. Passwords are held independently by Automation projects and can be securely encrypted.

With our new Salesforce OAuth(Web Flow) Connection feature, Automation users can create a Salesforce connection using a connected app instead of a username and password, so the password is not shared, and enhanced security can be implemented.

Using Connected Apps also benefits teams using Single-sign-on (SSO) and/or Multi-factor authentication (MFA), including Salesforce verification codes, by avoiding changing access levels to execute tests.

OAuth is an open-standard authorization protocol that provides secure designated access. OAuth does not share the password data but instead authorizes an application to access data from a protected resource by exchanging tokens. OAuth tokens are permissions given to a client application with restricted permissions.

Overall flow of creating a Salesforce OAuth(Web Flow) Connection

The following summarizes the steps to create a new Salesforce OAuth(Web Flow) connection in Provar. 

1. Create a New Connected App with the required scopes and permissions in the Salesforce org.

Note: A Connected App is a prerequisite to creating a Salesforce OAuth connection. If you haven’t created any Connected App earlier, please create a new one in the Salesforce org first.

2. Edit the Connected App to set the field values.

3. Create a new Salesforce OAuth connection in Provar.

 3a. Use a Salesforce Web Flow authorization to generate the tokens needed to complete the Salesforce OAuth connection.

 3b. Test the Salesforce OAuth connection.

The detailed flow and steps are given in the following sections of this support article.

Step 1: Create a New Connected App.

Note: Each Connected App allows only five unique approvals per app, after the fifth approval is made, the oldest approval is revoked.

Create a new Connected App in the Salesforce org:

  • In Lightning Experience – In the Setup, enter App in the Quick Find box and select App Manager. Click New Connected App. For more information, please see Connected App.
  • In Salesforce Classic – In the Setup, enter Apps in the Quick Find box and select Apps. In Build > Create, under Connected Apps, click New.

The Consumer Key, Consumer Secret, and Callback URL must be available for this org. For example, the screenshot below shows we have created a Salesforce-connected app named Provar_Connected_App.

Only users with access to Provar_Connected_App can authorize themselves and generate tokens.

The Contact Email field is mandatory. Users must enter their contact email in this field; any login failures will be notified to this email address. Select the Enable OAuth Settings checkbox to set Selected OAuth Scopes and the Callback URLThe Selected OAuth Scopes are mandatory in the Provar_Connected_App to connect and download the metadata.

Above: View of the fields in the Connected App.

The Consumer Key and Consumer Secret don’t appear until after the first time the connected app is saved. With the Consumer Key, the Consumer Secret, the Callback URL (The Callback URL is a standard Salesforce Callback URL which is supported, but users can have their customized Callback URL as well), and the Selected OAuth Scopes, we now have OAuth codes and basic information that we require. 

Note: In Salesforce, the Consumer Secret and Callback URLs are revealed if the user wants to view these field values. In general, a Salesforce org can have any number of Callback URLs, but the URL the user provides must be the one they have in their connected app.

Salesforce has complete control when the Refresh Tokens are applied, whether expired or not. Generally, they have a time limit after which the token expires. Provar will automatically request a new token when the current one expires. 

Note: Many Salesforce OAuth connections in Provar can use one Connected App.

Step 2: Edit the Connected App settings to set the field values.

After we have created a connected app, we can make changes to its configuration. Select your connected app and edit in Apps > Connected Apps > Manage Connected Apps. A Connected App Edit screen is displayed. Edit the connected app and set the fields in the OAuth policies as given below:

Note: There can be a 2-10 minute delay before you can follow the steps below.

  • Permitted Users – Provar users who can enable the Salesforce org.

a.) The Admin-approved users are pre-authorized, allowing only users with the associated profile to access the app without first authorizing it.

b.) The All Users may self-authorize option – enables anyone in the org to authorize the app after successfully signing in.

In this example, we have selected Admin-approved users who are pre-authorized. This is the preferred way of connection. We want only pre-authorized users to run the app.

We can use profiles or permission sets to define pre-authorized users.

Note: Click Manage Profiles to select profiles to assign to the app from the Application Profile Assignment page. Assign profiles that you want to be able to access the app.

In this example, we have created a permission set. To give permissions only to some users and not for the full profile it is done through permission sets.

Above: View of the Profiles and Permission sets. 

For Permission set:

a) From Setup, enter Connected Apps in the Quick Find box, then select Manage Connected Apps. Click Provar_Connected_App.

b) Scroll to Permission Sets. Click Manage Permission Sets to select the permission sets to assign to the app from the Application Permission Set Assignment page. Assign permission sets that you want to be able to access the app.

c) The display list shows the “Provar Connected App” permission set. We have created this new permission set. Select this “Provar Connected App” permission set.

d) Click Save.

All users with the “Provar Connected App” permission set are pre-authorized to use the Provar_Connected_App.

  • IP Relaxation –  In this example, we have selected Relax IP restrictions. This allows the maximum flexibility for running your tests from different server locations, cloud-based environments, or team members working from multiple locations.
  • Refresh Token Policy – Users can select the token refresh option as required. 
  • Timeout Value – This is a session policy. This timeout value is a session inactive time. In this example, we have generated an Access Token valid for 15 minutes of inactive time. After that, it logs out or invalidates the previously generated sessions.

Above: Editing the Connected App settings. 

Note: Users can revoke the connected app’s access or refresh token if they wish to immediately remove access to Salesforce.

Step 3: Create a new Salesforce OAuth Connection in Provar.

A Provar user can connect to a particular app and download the metadata by creating a new Salesforce OAuth connection. In the Test Settings, navigate to the Connections tab and click the plus (+) sign icon.

The Add New Connection screen is displayed. Give a Connection Name. For information about creating a Salesforce connection in Provar, refer to Creating a Salesforce connection

In the Connection Type field, select Salesforce, then select Normal Salesforce Connection

Above: Selecting Salesforce OAuth(Web Flow) connection in Provar.

The connection options are displayed as given below:

  • Normal Log-in (with Username and Password).
  • Use ‘Log-on-as’ via an Admin Connection.
  • OAuth (Web Flow).
  • OAuth (JWT Flow).

Select OAuth(Web Flow).

Above: Salesforce OAuth connection created in Provar.

The Consumer Key and Consumer Secret values are populated from the Provar_Connected_App in the Basic Settings section. The Consumer Key and Secret are already available in the Normal Log-in connection in the Advanced Settings.

Step 3a: Use Salesforce Webflow Authorisation to generate the tokens.

Above: Salesforce Webflow Authorisation in Provar. 

In the Salesforce OAuth Connection feature, as we want to authenticate the user without a password, Webflow generates the Access Token, which can be refreshed when required. 

Click Authorise.

When the user clicks on Authorise, a request is made to Salesforce to communicate the Consumer Key, Consumer Secret, and the Callback URL from the Salesforce org. And, Salesforce will generate the Access Token and Refresh Token. These tokens can be renewed and revoked.

A Salesforce Webflow Authorisation screen is displayed. To generate the Salesforce token, users will need the identification and must give the credentials. Enter the Salesforce Username and Password. Click Login.

Note: Salesforce authenticates users and generates the tokens. These tokens are saved as Access Tokens and Refresh Tokens.

Above: View of the generated Access Token and Refresh Token. 

The Consumer Key, Secret, and the Callback URL, Access Token, and Refresh Token are automatically populated by Provar when the user provides the authorization. 

Note: The Consumer Key, Consumer Secret, and the Callback URL fields are editable.

To provide the Callback URL:

       a) If it is a Production or a Development environment, then please use the link login salesforce.

       b) If it is a Sandbox environment, please use the link test salesforce.

After authorization, if the user tries to change any data in the Consumer Key or Consumer Secret, then the Access Token and Refresh Token are nullified, and the user has to reauthorize.

The API Login URL and Identity Service URL fields are also automatically populated by Provar when the user provides authorization. These fields are read-only and can be viewed in Advanced Settings.

Above: View of read-only fields in the Advanced Settings.

Note: The API Login URL and Identity Service URL fields are also available in the Normal Log-in connection in Advanced Settings.

Step 3b: Test the Salesforce OAuth Connection.

Click Test Connection to check the connection. When the connection is validated, click OK.

Above: Testing the Salesforce OAuth Connection in Provar. 

Note: If the Access Token or Refresh Token expires, the user can regenerate it. , The Consumer Key, Consumer Secret, and Callback URLs are encrypted because these are saved in the Provar Secrets file.

Above: Salesforce OAuth connection is created and tested and can be used like any other.

Only the method to create the Salesforce OAuth connection is different. The user can use this connection just like any other Salesforce connection. Also, there is no limitation on the number of OAuth connections that can be created and used. 

Above: View of the fields in the Salesforce Connect test step.

Note: In the Salesforce Connect test step, the four fields given below are not applicable to Salesforce OAuth connection. Even if the user gives these values, they will be nullified.

  • User Name override
  • Password override
  • Security override
  • Environment override
Review Provar on G2
Documentation library

Trying to raise a case with our support team?

Log into the Success Portal

We use cookies to better understand how our website is used so we can tailor content for you. For more information about the different cookies we use please take a look at our Privacy Policy.

Scroll to Top