Step 5. Create Connected App

At the Create Connected App step of the wizard, you must configure a Connected App in Salesforce — security credentials of the Connected App will be used to authorize access to all Salesforce organizations protected by this Veeam Backup for Salesforce installation. You can create a Connected App in any Salesforce organization, as described this Veeam KB article.

Note

You will be able to change the Connected App as described in section Changing Connected App Tokens, but you must consider that after changing the Connected App, you will have to re-authorize all Salesforce connections added to Veeam Backup for Salesforce.

When you create a Connected App, consider the following:

  • The Connected App must be assigned the Full access (full), Perform requests at any time (refresh_token, offline_access) and Access unique user identifiers (openid) OAuth scopes. For more information on OAuth scopes in Salesforce, see Salesforce Documentation.
  • The following options must be enabled: Enable oAuth Settings, Require Secret for Web Server Flow and Require Secret for Refresh Token Flow.
  • The following option must be disabled: Require Proof Key for Code Exchange (PKCE).
  • The callback URL specified in the Callback URLs list of the Connected App must match the management server FQDN that you use to access the Veeam Backup for Salesforce Web UI.

Consider the following example:

You installed Veeam Backup for Salesforce on the machine with the following IP address: 172.12.0.1. To properly configure the Connected App, you have copied the URL from the Callback URL field at the Create connected app step of the initial configuration wizard and added it to the Connected App Callback URLs list.

Later, you decide to create the following DNS name for the machine running Veeam Backup for Salesforce: acme.internal.com. In this case, you must add the following callback URL to the Connected App Callback URLs list: https://acme.internal.com.

After that, your Callback URLs list will contain the following URLs:

  • https://172.12.0.1
  • https://acme.internal.com

Important

You can protect multiple Salesforce organizations using a single Veeam Backup for Salesforce installation. However, due to the Salesforce Connected App limit of 5 authorizations per client, authorization issues may occur when you have several product installations leveraging the same Connected App. That is why it is recommended that you create a dedicated Connected App for each product deployment.

For more information on Salesforce OAuth Authorization Flows and Connected Apps, see Salesforce Documentation.

Performing Initial Configuration

Page updated 5/19/2025

Page content applies to build 3.1.2.3133