Creating an External Named Credential in SFDC
- In Salesforce, navigate to Named Credentials.
-
Click the External Credentials tab and then click New.
-
In the New External Credential window, enter the Label and the Name, and then select JWT for the Authentication Protocol.
-
Complete the following:
Field
Description
Issuer (iss)
Enter the Salesforce Organization ID. You can find this on the Company Information page in Salesforce.
Subject (sub)
Enter the Client ID that you used when you created the Cloud Service Provider Account for SFDC. This was called the Customer Key in Salesforce.
Audience (aud)
Enter the name of the Cloud Service Provider Account that you created.
JWT Expiration (in seconds)
Set to 600 seconds (10 minutes).
Signing Certificate
Enter the name of the wrapping certificate that you used when you created the Cloud Service Provider Account for SFDC.
Signing Algorithm
Select RS256.
-
Click Save.
-
In the Principals section, click New.
-
In the Create Principal window, complete the following:
Field
Description
Parameter Name
Enter a name for the principal.
Identity Type
Select Named Principal.
-
Click Save.
-
Return to Named Credentials.
-
Click the Named Credentials tab, and click New.
-
In the Named Credentials window, enter the Label and the Name.
-
Enter the URL that you want to use for the callouts in the format https://<Cryptographic Security Platform Vault for Cloud Keys IP Address>/v5/sfdc.
The Cryptographic Security Platform Vault for Cloud Keys must have a publicly rootable address and a publicly signed certificate in order to communicate with Salesforce.
-
Under Authentication, select the External Credential that you created.
-
Click Save.
-
Navigate to Users > Permission Sets.
-
Create a permissions set that has permissions for the user to access external credentials.
-
Return to the named credential that you created and copy the ID from the URL. The ID is located after /NamedCredential/.
