Creating External Client Application
Create External Client Apps to securely integrate external systems with Salesforce by enabling OAuth-based authentication and defining the required access scopes. External Client Apps replace Connected Apps in new orgs, where the creation of Connected Apps is disabled by default.
 |
Existing Connected Apps continue to function and can be deployed to new orgs. This change does not affect editing, installation (through packaging or OAuth installation), or deletion of Connected Apps. For more information, see External Client Apps.
|
You can create an External Client App in your Salesforce org.
1. Log in to Salesforce with your valid credentials.
2. Navigate to > > >
3. Click New External Client App.
4. Provide the following details:
Basic Information fields for External Client App.
|
Field
|
Description
|
|---|---|
|
Fields marked with * are mandatory.
|
|
|
External Client App Name*
|
Enter a unique name for the External Client App. This name helps administrators identify the app in App Manager.
|
|
API Name*
|
Enter the API name used to reference the app programmatically. By default, the system derives this value from the app name by replacing spaces with underscores. Ensure that the API name is unique and uses
• only letters, numbers, and underscores
• starts with a letter
• does not include spaces
• does not end with an underscore
• does not contain consecutive underscores
|
|
Contact Email*
|
Enter an email address that Salesforce can use to contact you or your support team if needed. This email address is not shared with Salesforce admins who install the app.
|
|
Distribution State*
|
Select how the external client app is distributed.
• Choose Local to develop the app for use only in the current org.
• Choose Packaged to develop the app for packaging and distribution.
|
OAuth Settings for External Client App.
|
Field
|
Description
|
||
|---|---|---|---|
|
Fields marked with * are mandatory.
|
|||
|
Enable OAuth
|
Select this checkbox to enable OAuth authentication for the external client app. OAuth must be enabled to allow secure, token-based access to Salesforce APIs.
|
||
|
Callback URL
|
Enter the URL that Salesforce redirects users to after successful authorization. This URL must match the callback URL configured in the client application.
You can enter one of the following URLs
• https://pnx-acd20.ptcnet.ptc.com:8443/ACD/saml/SSO
• https://pnx-acd20.ptcnet.ptc.com:8443/ACD/oauth2_authorization_code_redirect
|
||
|
OAuth Scopes
|
Select the following scopes from Available OAuth Scopes and move them to Selected OAuth Scopes.
• Access Interaction API resources (interaction_api)
• Access all Data cloud API resources (cdp_api)
• Access the Salesforce API Platform (sfap_api)
• Full access (full)
• Manage user data via APIs (api)
• Manage user data via Web browsers (web)
|
||
|
Require Secret for Web Server Flow
|
Select the checkbox.
|
||
|
Require Secret for Refresh Token Flow
|
Select the checkbox.
|
||
|
|
To configure more fields, see Enable an OAuth Plugin.
|
5. In the Web App (Enable SAML Settings), select Enable SAML.
6. Provide the details for the fields as explained in the following table.
|
Field
|
Description
|
|---|---|
|
Fields marked with * are mandatory.
|
|
|
Entity Id*
|
Enter the following entity ID:
ACD_publisher_DEL
|
|
ACS URL*
|
Enter the following URL:
https://pnx-acd20.ptcnet.ptc.com:8443/ACD/saml/SSO
|
|
Signing Algorithm for SAML Messages
|
Select SHA256.
|
|
IdP Certificate
|
Select the certificate downloaded in the previous step.
|
|
Encrypt SAML Response
|
Select the checkbox.
|
|
Block Encryption Algorithm
|
Select AES-128.
|
7. Click Create.
8. Navigate to > > , and then click New Custom Scope to create the InSRestAPI custom scope.