Salesforce OAuth SSO Setup
This document will help you configure Salesforce as an OAuth provider making Drupal your OAuth client. Following these steps will allow you to configure OAuth SSO between Salesforce and your Drupal site such that your users will be able to login to your Drupal site using their Salesforce credentials.
We provide the Drupal OAuth & OpenID Connect Login - OAuth2 Client SSO Login module which is compatible with Drupal 7, Drupal 8, Drupal 9, Drupal 10, and Drupal 11.
Prerequisite:
- Install and activate the OAuth & OpenID Connect Login - OAuth2 Client SSO Login module on your Drupal site. Follow these steps to install the module.
Setup Video:
Steps to configure Drupal as OAuth Client:
-
After installing the module, navigate to the Configuration tab and click on the miniOrange OAuth Client. ({BaseURL}/admin/config/people/mo-oauth-client/mo-client-config)
-
In the Manage section, under the Client Configuration tab, click on the + Add New button to configure the desired OAuth Client.
- Select Salesforce from the Select Application dropdown in the Configure OAuth tab.
- Enter the name of your application in the Custom App Name text field. For example, Salesforce.
-
Once you have selected Salesforce, copy the Callback/Redirect URL provided on the screen and keep it handy.
-
If your provider only supports HTTPS Callback/Redirect URLs and you have an HTTP site, please make sure to enable the 'Enforce HTTPS Callback URL' checkbox at the bottom of the tab.
Configure OAuth SSO Application in Salesforce:
- First of all, log into your Salesforce account.
-
Once you are logged in, locate the Settings icon on the top right corner of the screen and click on it. From there, select the Setup link.
-
Navigate to the Quick Find text box and search for External Client Apps. Click on the Settings link.
-
On the External Client Apps settings window, toggle the button to Allow creation of connected apps. AFter that click the Enable button on the pop-up.
-
Now, click on the New Connected App button.
- Enter the following information in the Basic Information section of the New Connected App screen.
- Connected App Name: Enter the application name in Connected App Name text field.
-
Contact Email: Enter the email in the Contact Email text field.
- Under API (Enable OAuth Settings) section, enter the following information:
- Click on the checkbox to Enable OAuth Settings.
- Paste the previously copied Callback/Redirect URL into the Callback URL text field.
-
Next, select the OAuth scopes that your Connected App requires. Ensure that the same scopes are added to your Drupal site. This means that your Connected App has the proper rights to access the Salesforce data.
-
If you're using the free version of the miniorange OAuth client module, uncheck the Require Proof Key for Code Exchange (PKCE) Extension in the supported authorization flows, as it's available only for enterprise versions.
- Click on the Save button.
-
Then, click on Continue button to proceed.
-
Click on the Manage Consumer Details button.
Integrating Drupal with Salesforce:
- Navigate to the Salesforce portal.
-
Under the Consumers Details section, copy the Consumers Key. (This is your Client ID)
-
In Drupal’s Client Configuration tab, under the Add section, paste the copied Consumer Key into the Client ID text-field.
-
From the Salesforce Portal, under the Consumer Details section, copy the Consumer secret.
- In Drupal’s Client Configuration tab, under the Add section, paste the copied Consumer secret into the Client Secret text field.
-
After that, check the Scope and Endpoints.
You can also refer to the Salesforce Endpoints and scope from the table given below
Authorization Endpoint https://login.salesforce.com/services/oauth2/authorize Access Token Endpoint https://login.salesforce.com/services/oauth2/token Get User Info Endpoint https://login.salesforce.com/services/oauth2/userinfo Scope id
-
The Send Client ID and Secret in checkbox allow you to specify whether the Client ID and Secret should be included in the header or the body of the Token Endpoint Request. If you're unsure which option to select, you can stick with the default settings. Click on the Save Configuration button.
Test Configuration of Drupal with Salesforce:
-
After successfully saving the configurations, click on the Perform Test Configuration button to check the connection between Drupal and Salesforce.
- On a Test Configuration popup, if you don't have any active session in Salesforce on the same browser, you will be asked to login into the Salesforce account. Once you are successfully logged into the Salesforce account, you will be provided with a list of the attributes that are received from the Salesforce.
-
Click the Configure Mappings button.
-
Once you click on the Configure Mapping button, you will be redirected to the Attribute Mapping tab. From there, select the appropriate attribute from the OAuth Server Attribute dropdown where the email value is received, and then click the Save Configuration button.
Please Note: Mapping the Email Attribute is mandatory for your login to work.
Congratulations! You have successfully configured Salesforce as OAuth Provider and Drupal as OAuth Client.
How to perform the SSO login?
- Now, open a new browser/private window and go to your Drupal site login page.
- Click on the Login using Salesforce link to initiate the SSO from Drupal.
-
If the configuration is correct, you will be logged in to the Drupal site.
Back to topHelp improve this page
You can:
- Log in, click Edit, and edit this page
- Log in, click Discuss, update the Page status value, and suggest an improvement
- Log in and create a Documentation issue with your suggestion
