Create Local External Client App

You can create a local external client app via App Manager in Salesforce to enable OAuth 2.0 client credentials flow. This allows the Fivetran connector to authenticate as an integration user without interactive login. The created external client app should in the same org as to which we want to connect to.

Prerequisites

You have permissions to create or edit External Client Apps.

Setup instructions

Create external client app

1. Go to Setup.

2. In Quick Find, type App Manager.

3. Click App Manager.

4. In App Manager, click New External Client App.

5. Enter the following details:

   • Label: Enter a name for the app, for example, 'Fivetran Integration'.
   • API Name: Auto-filled from the label, can be edited.
   • Contact Email: Enter your contact email address.

6. Find the Distribution State field.

7. Set Distribution State = Local. This makes the app a local External Client App, only usable in this org and not packageable.

8. In the API (Enable OAuth Settings) section, select the Enable OAuth checkbox.

9. Expand the OAuth Settings section.

10. In the Callback URL field, enter https://fivetran.com/integrations/salesforce/oauth2/return.

11. In the OAuth Scopes menu, select the 'Manage user data via APIs (api)' scope.

12. In the Field Enablement section, select the Enable Client Credentials Flow checkbox.

    When you enable OAuth 2.0 Client Credentials on an external client app, Salesforce requires you to select an integration user for the app. Every access token issued via the client_credentials for that app acts as this integration user. Permissions are determined by both the scopes granted to the app and the profile, and the permission sets of the selected integration user.

13. Click Create. Your local external client app now appears in the external client app manager.

Modify app policy

1. Open the app you created.
2. Go to Policies and click Edit.
3. In the OAuth Policies section, under OAuth Flows and External Client App Enhancements, make sure Enable Client Credentials Flow is checked.
4. In the Security section, deselect all the checkboxes.
5. Enter the integration user for the app.
6. In the App Authorization section, select Relax IP restrictions in the IP Relaxation drop down menu if needed.

Find client credentials

1. Open the app you created.

2. Click the Settings tab.

3. Expand the OAuth Settings section.

4. In the App Settings field, click Consumer Key and Secret.

5. Make a note of the Consumer Key and Consumer Secret. We use these credentials as the Client ID and Client secret in Fivetran. You will need these to configure the Fivetran connection.

   You must also provide your My Domain URL when configuring the connector with the client credentials flow. For example, https://MyDomainName.my.salesforce.com.

6. Go back to the Fivetran Salesforce connection setup form.