Step 5. Create Connected App

At the Create Connected App step of the wizard, you must configure a Connected App in Salesforce. Security credentials of the Connected App will be used to authorize access to all Salesforce organizations protected by this Veeam Backup for Salesforce installation.

Salesforce Connected App allows Veeam Backup for Salesforce to authenticate with Salesforce and get access to resources that will be protected. You can create the Connected App in any Salesforce organization. To learn how to create the Connected App, see this Veeam KB article.

Note

You will be able to change the Connected App as described in section Changing Connected App Tokens, but you must consider that after changing the Connected App, you will have to re-authorize all Salesforce connections added to Veeam Backup for Salesforce.

When you create the Connected App, consider the following:

  • Creation of the Connected App and any changes to its configuration will take up to 10 minutes to apply on the Salesforce side.
  • The Connected App must be assigned the Full access (full), Perform requests at any time (refresh_token, offline_access) and Access unique user identifiers (openid) OAuth scopes. For more information on OAuth scopes in Salesforce, see Salesforce Documentation.
  • The following options must be enabled: Enable oAuth Settings, Require Secret for Web Server Flow and Require Secret for Refresh Token Flow.
  • The following option must be disabled: Require Proof Key for Code Exchange (PKCE).
  • The callback URL specified in the Callback URLs list of the Connected App must match the management server FQDN that you use to access the Veeam Backup for Salesforce Web UI.

Consider the following example:

You installed Veeam Backup for Salesforce on the machine with the following IP address: 172.12.0.1. To properly configure the Connected App, you have copied the URL from the Callback URL field at the Create connected app step of the initial configuration wizard and added it to the Connected App Callback URLs list.

Later, you decide to create the following DNS name for the machine running Veeam Backup for Salesforce: acme.internal.com. In this case, you must add the following callback URL to the Connected App Callback URLs list: https://acme.internal.com.

After that, your Callback URLs list will contain the following URLs:

  • https://172.12.0.1
  • https://acme.internal.com

Important

You can protect multiple Salesforce organizations using a single Veeam Backup for Salesforce installation. However, due to the Salesforce Connected App limit of 5 authorizations per client, authorization issues may occur when you have several product installations leveraging the same Connected App. That is why it is recommended that you create a dedicated Connected App for each product deployment.

For more information on Salesforce OAuth Authorization Flows and Connected Apps, see Salesforce Documentation.

Performing Initial Configuration

Page updated 9/27/2024

Page content applies to build 3.0.0.1769