Create a Connected App in Salesforce
Register a Connected App in your Salesforce Service Cloud org to obtain OAuth credentials.
Sign in to Salesforce Setup
Sign in to your Salesforce account at https://login.salesforce.com (production) or https://test.salesforce.com (sandbox) and click the Setup gear icon in the top-right corner.
Open App Manager
In the left navigation under Platform Tools, expand Apps and click App Manager.
- Click the New External Client App button in the top-right corner
Configure OAuth Settings
Enable and configure OAuth settings.
Enable OAuth Settings
Check the Enable OAuth Settings checkbox.
Select OAuth Scopes
Move the scopes required for your use case from Available OAuth Scopes to Selected OAuth Scopes.
Configure Security Settings
Configure the security settings for the Connected App.
- In Security, keep Require Secret for Web Server Flow and Require Secret for Refresh Token Flow checked (defaults)
- In Security, uncheck Require Proof Key for Code Exchange (PKCE) Extension for Supported Authorization Flows (otherwise Salesforce returns missing required code challenge)
Configure the Refresh Token Policy
Open the External Client App’s policies and set how long refresh tokens remain valid. Without this, refresh tokens may expire and break the connection.
Open Policies
Under Platform Tools > Apps > External Client Apps > External Client App Manager, open the app you created, then go to the Policies tab and click Edit.
Choose a Refresh Token Policy
In the OAuth Policies section, pick one of the following under Refresh Token Policy:
- Refresh token is valid until revoked — recommended. The refresh token stays valid until a Salesforce admin revokes it, keeping the StackOne connection live indefinitely.
- Expire refresh token after specific time — set Refresh Token Validity Period (maximum
720) and Refresh Token Validity Unit (Day(s),Hour(s),Minute(s)). Choose the longest period your use case can tolerate — once it elapses, the end user must re-authenticate.
Retrieve Consumer Credentials
Obtain the Client ID and Client Secret.
Access Consumer Details
Under Platform Tools > Apps > External Client Apps > External Client App Manager, open the app you created.
- Go to Settings > OAuth Settings
- Click Consumer Key and Secret
- You may need to verify your identity via email or authenticator
Select an Environment
Choose the environment that matches your Salesforce org type. Salesforce exposes two OAuth login hosts; pick the one that matches your org.
Choose Your Environment
Pick Production or Sandbox.
- Production: Live production orgs AND free Developer Edition orgs (developer.salesforce.com signup). Both log in via https://login.salesforce.com.
- Sandbox: Test/staging copies of a paid production org. These log in via https://test.salesforce.com.
- If you are unsure, check your org URL. Sandboxes always contain ‘.sandbox.my.salesforce.com’; Developer Edition and Production do not.
Custom OAuth Scopes
Notes on customizing scopes.
Required Scopes for Token Refresh
Custom scopes must include at least one of refresh_token or offline_access.
- If the OAuth Scopes field is left blank, the defaults (api refresh_token offline_access) are used
- If you specify custom scopes, always include refresh_token or offline_access
- Without a refresh scope, the connection will fail because Salesforce will not issue a refresh token
- Every custom scope you specify must also be added to the Connected App’s Selected OAuth Scopes
Creating the StackOne Connector Profile
To create the Connector Profile in StackOne for Salesforce Service Cloud:Navigate to Connector Profiles
Create New Connector Profile
- Click + Connector Profile
- Search for and select Salesforce Service Cloud
- Select Type as OAuth 2.0
- Fill out the fields using details retrieved from your provider:
- Client ID (Consumer Key)
- Client Secret (Consumer Secret)
- OAuth Scopes (Optional)
- (Optional) Select Actions to be enabled for this Connector Profile
- Click Create profile