Skip to main content
Select Actions to adjust the guide
Some actions may require additional configuration in the provider to be accessible. Choose the actions you need and the guide will be updated.
Action
Scope(s)
Loading actions…
Dynamic Guide URL
Scopes Selected
Separator
Admin permissions required to create a Connected App in Salesforce.

Create a Connected App in Salesforce

Register a Connected App in your Salesforce Service Cloud org to obtain OAuth credentials.

1

Sign in to Salesforce Setup

Sign in to your Salesforce account at https://login.salesforce.com (production) or https://test.salesforce.com (sandbox) and click the Setup gear icon in the top-right corner.

2

Open App Manager

In the left navigation under Platform Tools, expand Apps and click App Manager.

  • Click the New External Client App button in the top-right corner
3

Enter Application Information

Fill in the Basic Information section.

  • External Client App Name: StackOne Service Cloud Integration (or your preferred name)
  • API Name: Auto-populated
  • Contact Email: Your admin email

Configure OAuth Settings

Enable and configure OAuth settings.

1

Enable OAuth Settings

Check the Enable OAuth Settings checkbox.

2

Select OAuth Scopes

Enables actions: Create Case, Create Case Comment, Create Entitlement, Create Knowledge Article, Create Service Contract, Create Work Order, Delete Case, Delete Case Comment, Delete Entitlement, Delete Knowledge Article, Delete Service Contract, Delete Work Order, Get Case, Get Case Comment, Get Entitlement, Get Knowledge Article, Get Service Contract, Get Work Order, List Case Comments, List Cases, List Entitlements, List Knowledge Articles, List Service Contracts, List Work Orders, Publish Knowledge Article, Search Cases, Search Knowledge Articles, Search Work Orders, Update Case, Update Case Comment, Update Entitlement, Update Knowledge Article, Update Service Contract, Update Work Order

Move the scopes required for your use case from Available OAuth Scopes to Selected OAuth Scopes.

3

Configure Security Settings

Configure the security settings for the Connected App.

  • In Security, keep Require Secret for Web Server Flow and Require Secret for Refresh Token Flow checked (defaults)
  • In Security, uncheck Require Proof Key for Code Exchange (PKCE) Extension for Supported Authorization Flows (otherwise Salesforce returns missing required code challenge)
4

Save the Connected App

Click Create at the bottom of the page.

  • You will be redirected to the Connected App detail page
  • It may take 10-20 minutes for the app to become active

Configure the Refresh Token Policy

Open the External Client App’s policies and set how long refresh tokens remain valid. Without this, refresh tokens may expire and break the connection.

1

Open Policies

Under Platform Tools > Apps > External Client Apps > External Client App Manager, open the app you created, then go to the Policies tab and click Edit.

2

Choose a Refresh Token Policy

In the OAuth Policies section, pick one of the following under Refresh Token Policy:

  • Refresh token is valid until revoked — recommended. The refresh token stays valid until a Salesforce admin revokes it, keeping the StackOne connection live indefinitely.
  • Expire refresh token after specific time — set Refresh Token Validity Period (maximum 720) and Refresh Token Validity Unit (Day(s), Hour(s), Minute(s)). Choose the longest period your use case can tolerate — once it elapses, the end user must re-authenticate.
3

Save the policy

Click Save. Policy changes apply to new authorizations; existing sessions keep their original token lifetime until revoked or refreshed.

Retrieve Consumer Credentials

Obtain the Client ID and Client Secret.

1

Access Consumer Details

Under Platform Tools > Apps > External Client Apps > External Client App Manager, open the app you created.

  • Go to Settings > OAuth Settings
  • Click Consumer Key and Secret
  • You may need to verify your identity via email or authenticator
2

Copy Credentials

Copy the Consumer Key and Consumer Secret.

  • The Consumer Key is your Client ID
  • The Consumer Secret is your Client Secret

Select an Environment

Choose the environment that matches your Salesforce org type. Salesforce exposes two OAuth login hosts; pick the one that matches your org.

1

Choose Your Environment

Pick Production or Sandbox.

  • Production: Live production orgs AND free Developer Edition orgs (developer.salesforce.com signup). Both log in via https://login.salesforce.com.
  • Sandbox: Test/staging copies of a paid production org. These log in via https://test.salesforce.com.
  • If you are unsure, check your org URL. Sandboxes always contain ‘.sandbox.my.salesforce.com’; Developer Edition and Production do not.

Custom OAuth Scopes

Notes on customizing scopes.

1

Required Scopes for Token Refresh

Custom scopes must include at least one of refresh_token or offline_access.

  • If the OAuth Scopes field is left blank, the defaults (api refresh_token offline_access) are used
  • If you specify custom scopes, always include refresh_token or offline_access
  • Without a refresh scope, the connection will fail because Salesforce will not issue a refresh token
  • Every custom scope you specify must also be added to the Connected App’s Selected OAuth Scopes

Creating the StackOne Connector Profile

To create the Connector Profile in StackOne for Salesforce Service Cloud:
1

Navigate to Connector Profiles

Login to StackOne and navigate to Connector Profiles
2

Create New Connector Profile

  • Click + Connector Profile
  • Search for and select Salesforce Service Cloud
  • Select Type as OAuth 2.0
  • Fill out the fields using details retrieved from your provider:
    • Client ID (Consumer Key)
    • Client Secret (Consumer Secret)
    • OAuth Scopes (Optional)
  • (Optional) Select Actions to be enabled for this Connector Profile
  • Click Create profile
Congratulations! The new Connector Profile will now show up in your project ready to be used. You can now continue to Link Accounts for Salesforce Service Cloud.