Step 5. Create Connected App

At the Create Connected App step of the wizard, you must configure a Connected App in Salesforce — security credentials of the Connected App will be used to authorize access to all Salesforce organizations protected by this Veeam Backup for Salesforce installation. You can create a Connected App in any Salesforce organization, as described this Veeam KB article.

When you create a Connected App, consider the following:

• The Connected App must be assigned the Full access (full), Perform requests at any time (refresh_token, offline_access) and Access unique user identifiers (openid) OAuth scopes. For more information on OAuth scopes in Salesforce, see Salesforce Documentation.
• The following options must be enabled: Enable oAuth Settings, Require Secret for Web Server Flow and Require Secret for Refresh Token Flow.
• The following option must be disabled: Require Proof Key for Code Exchange (PKCE).
• The callback URL specified in the Callback URLs list of the Connected App must match the management server FQDN that you use to access the Veeam Backup for Salesforce Web UI.

Consider the following example:

You installed Veeam Backup for Salesforce on the machine with the following IP address: 172.12.0.1. To properly configure the Connected App, you have copied the URL from the Callback URL field at the Create connected app step of the initial configuration wizard and added it to the Connected App Callback URLs list.

Later, you decide to create the following DNS name for the machine running Veeam Backup for Salesforce: acme.internal.com. In this case, you must add the following callback URL to the Connected App Callback URLs list: https://acme.internal.com.

After that, your Callback URLs list will contain the following URLs:

• https://172.12.0.1
• https://acme.internal.com