Salesforce OAuth SSO Setup

Last updated on
25 February 2026

This document will help you configure Salesforce as an OAuth provider making Drupal your OAuth client. Following these steps will allow you to configure OAuth SSO between Salesforce and your Drupal site such that your users will be able to login to your Drupal site using their Salesforce credentials. 

We provide the Drupal OAuth & OpenID Connect Login - OAuth2 Client SSO Login module which is compatible with Drupal 7, Drupal 8, Drupal 9, Drupal 10,  and Drupal 11.

Download  Know more

Prerequisite:

Setup Video:

 Setup video for Salesforce OAuth Single Sign-On

Steps to configure Drupal as OAuth Client:

  • After installing the module, navigate to the Configuration tab and click on the miniOrange OAuth Client. ({BaseURL}/admin/config/people/mo-oauth-client/mo-client-config)

    On-the-Configuration-tab-and-then-click-on-miniOrange-OAuth-Client-Configuration

  • In the Manage section, under the Client Configuration tab, click on the + Add New button to configure the desired OAuth Client.

    Drupal-Salesforce-OAuth-Client-latest-Click-Add-New-button

  • Select Salesforce from the Select Application dropdown in the Configure OAuth tab.
  • Enter the name of your application in the Custom App Name text field. For example, Salesforce.
  • Once you have selected Salesforce, copy the Callback/Redirect URL provided on the screen and keep it handy.

    In-the-Configure-OAuth-tab-and-provide-the-following-information

  • If your provider only supports HTTPS Callback/Redirect URLs and you have an HTTP site, please make sure to enable the 'Enforce HTTPS Callback URL' checkbox at the bottom of the tab.

    Drupal-Salesforce-OAuth-Client-latest-check-Enforce-HTTPS-Callback-URL

Configure OAuth SSO Application in Salesforce:

  • First of all, log into your Salesforce account.
  • Once you are logged in, locate the Settings icon on the top right corner of the screen and click on it. From there, select the Setup link.

    Salesforce-Dashboard-Navigate-to-the-Profile-Icon-and-click-on-Switch-to-Salesforce-Classic

  • Navigate to the Quick Find text box and search for External Client Apps. Click on the Settings link.

    Salesforce-Professional-Edition-Click-Setup-link

  • On the External Client Apps settings window, toggle the button to Allow creation of connected apps. AFter that click the Enable button on the pop-up.

    Salesforce-Professional-Edition-Navigate-to-Build-then-Create-select-Apps

  • Now, click on the New Connected App button.

    Salesforce-Professional-Connected-Apps-click-on-New-button-to-create-new-OAuth-app

  • Enter the following information in the Basic Information section of the New Connected App screen.
    • Connected App Name: Enter the application name in Connected App Name text field.
    • Contact Email: Enter the email in the Contact Email text field.

      Salesforce-Professional-Edition-Under-the-Basic-information-and-provide-the-information

  • Under API (Enable OAuth Settings) section, enter the following information:
    • Click on the checkbox to Enable OAuth Settings.
    • Paste the previously copied Callback/Redirect URL into the Callback URL text field.
    • Next, select the OAuth scopes that your Connected App requires. Ensure that the same scopes are added to your Drupal site. This means that your Connected App has the proper rights to access the Salesforce data.

      Salesforce-Professional-Edition-API-Enable-OAuth-Settings-then-paste-the-Callback-URL

    • If you're using the free version of the miniorange OAuth client module, uncheck the Require Proof Key for Code Exchange (PKCE) Extension in the supported authorization flows, as it's available only for enterprise versions.

      Uncheck the PKCE checkbox.

  • Click on the Save button.
  • Then, click on Continue button to proceed.

    Salesforce-Professional-Edition-Click-on-Continue-button

  • Click on the Manage Consumer Details button.

    Salesforce-Professional-Edition-Click-on-Manage-Consumer-Details-button

Integrating Drupal with Salesforce:

  • Navigate to the Salesforce portal.
  • Under the Consumers Details section, copy the Consumers Key. (This is your Client ID)

    Salesforce-Professional-Edition-Copy-the-Consumer-Key

  • In Drupal’s Client Configuration tab, under the Add section, paste the copied Consumer Key into the Client ID text-field.

    Drupal-OAuth-OIDC-Client-Configuration-Paste-the-copied-consumers-key-into-the-Client-ID-field

  • From the Salesforce Portal, under the Consumer Details section, copy the Consumer secret.

    Salesforce-Professional-Edition-Copy-the-Consumer-Secret-from-Consumer-Details-section

  • The Send Client ID and Secret in checkbox allow you to specify whether the Client ID and Secret should be included in the header or the body of the Token Endpoint Request. If you're unsure which option to select, you can stick with the default settings. Click on the Save Configuration button.

    Drupal-Azure-AD-OAuth-Client-Select-Header-or-Body

Test Configuration of Drupal with Salesforce:

  • After successfully saving the configurations, click on the Perform Test Configuration button to check the connection between Drupal and Salesforce.

    Drupal-OAuth-OIDC-Client-Configuration-Click-on-Perform-Test-Configuration

  • On a Test Configuration popup, if you don't have any active session in Salesforce on the same browser, you will be asked to login into the Salesforce account. Once you are successfully logged into the Salesforce account, you will be provided with a list of the attributes that are received from the Salesforce. 
  • Click the Configure Mappings button.

    Test-Configuration-Received-the-list-of-attribute-from-Salesforce-application

  • Once you click on the Configure Mapping button, you will be redirected to the Attribute Mapping tab. From there, select the appropriate attribute from the OAuth Server Attribute dropdown where the email value is received, and then click the Save Configuration button.

    Drupal OAuth Single Sign-On - In Attribute & Role Mapping tab select Username Attribute

Please Note: Mapping the Email Attribute is mandatory for your login to work. 

Congratulations! You have successfully configured Salesforce as OAuth Provider and Drupal as OAuth Client.

How to perform the SSO login?

  • Now, open a new browser/private window and go to your Drupal site login page.
  • Click on the Login using Salesforce link to initiate the SSO from Drupal.
  • If the configuration is correct, you will be logged in to the Drupal site.

Contact our 24*7 support team

Feel free to reach out to our Drupal experts if you need any sort of assistance in setting up OAuth2 Client SSO Login on your Drupal site.

 Get In Touch With Us Join Our Slack Channel

back to top Back to top 

Help improve this page

Page status: No known problems

You can: