Skip to content

Configure outbound provisioning with Salesforce

This guide explains how you can configure Salesforce as an outbound connector in WSO2 Identity Server.

Configure Salesforce for provisioning

Follow the steps below to learn how you can configure Salesforce for provisioning.

  1. Sign up to Salesforce.

  2. Create a connected app.

    1. Click Setup on the upper-right corner.

    2. From the left navigation, under PLATFORM TOOLS, click Apps > App Manager.

    3. Click New Connected App and enter the following details.

      Connected App Name Name of the connected app. e.g. IdentityServerProvisioning.
      API Name Name used when referring to your app from a program. This should match the name of the connected app. This defaults to a version of the name with spaces replaced with underscores. Only letters, numbers, and underscores are allowed. If the app name contains any other characters, be sure to change them.
      Contact Email The email address used by the connected app.
      Enable OAuth Settings Select the checkbox to enable. This section controls how your app communicates with Salesforce.
      Callback URL The URL a user’s browser is redirected to after successful authentication. Use the following value here:
      Selected OAuth Scopes Scopes refer to the permissions the user gives to the connected app while it is running. Choose Full access (full) and click Add.


      Full access (full) scope, while allows access to the logged-in user’s data and encompasses all other scopes, does not return a refresh token. You must explicitly request the refresh_token scope to get one.

    4. Click Save and then Continue to add the connected app.

    5. Take note of the following about the connected app.

      1. Under Consumer Key and Secret, click Manage Consumer Details and get the,

        • Consumer Key - A value that the client uses to identify itself with Salesforce. Referred to as client_id in OAuth 2.0.

        • Consumer Secret - A secret that the client uses to establish ownership of the consumer key. Referred to as client_secret in OAuth 2.0.

      2. Callback URL

  3. Add your connected app to a profile.


    Allow from 2-10 minutes for your changes to take effect on the server before using the connected app.

    1. In the setup page, go to ADMINISTRATION > Users and click Profiles.

    2. Click Edit on a profile and under Connected App Address, select the checkbox corresponding to the created app.

    3. Click Save.

    4. Make a note of the ID of the user profile.


      While in the profile, copy the URL and decode it to obtain the profile ID.


  4. Get the public certificate for Salesforce.


    For more information on generating the certificate, see the Salesforce documentation.

    1. In the setup page, go to SETTINGS > Security and click Certificate and Key Management.

    2. For a self-signed certificate, click Create Self-Signed Certificate.

    3. Enter the Label and a Unique Name and click Save.

    4. Click the Download Certificate button to download the certificate.

Configure the Salesforce outbound connector

Create an organization-level or IdP-level outbound provisioning and enter the following details to configure the Salesforce outbound connector.

API version The version of the API you are using in Salesforce.

How to find my version?

  1. Log in to Salesforce and go to the setup page
  2. Go to PLATFORM TOOLS < Integrations and click API.
  3. Generate any one of the WSDLs and you will be navigated to a page with XML syntaxes.
  4. On the top it mentions Enterprise Web Services API Version >VERSION< " Enterprise Web Services API Version 41.0
Domain Name Enter the Domain name with an HTTPS suffix so it resembles a URL.

How to create a domain?

  1. Log in to Salesforce and go to the setup page
  2. Go to SETTINGS > Company Settings and click My Domain.
  3. Under My Domain Details, click Edit.
  4. Come up with a domain name and check its availability by clicking Check Availability.
  5. Click Save
  6. Deploy the domain once it's ready.
Client ID The consumer key obtained when creating the connected app.
Client Secret The consumer secret obtained when creating the connected app.
Username Salesforce username.
Password Enable user password provisioning to a Salesforce domain.
OAuth2 Token Endpoint The Salesforce token endpoint.
Provisioning Pattern WSO2 Identity Server uses this pattern to build the user ID of the provisioned user account. Learn more about provisioning patterns.
e.g. {UD,UN,TD,IDP}
Provisioning Separator Used to separate provisioning pattern attributes of the user ID. Learn more about provisioning patterns
e.g. -(hyphen).
Provisioning Domain Domain in which the user provisioning operations occur.