Salesforce

Overview

Connect your users to Salesforce for CRM data, opportunity management, contact records, and sales automation.

Property	Value
Provider ID	salesforce
Category	Popular
PKCE	Supported (configurable; recommended)
Token refresh	Automatic
Redirect URI	Shown in Developer Portal

Step 1: Create a Salesforce External Client App

Log into your Salesforce org

Navigate to login.salesforce.com and sign in.

Open External Client App Manager

Go to Setup. In the Quick Find box, search for External Client App Manager and open it. Click New External Client App.

Enter basic information

Fill in:

• External Client App Name and API Name (auto-populated)
• Contact Email
• Distribution State — Local for single-org use, Packaged for distribution across orgs

Enable OAuth settings

Enable OAuth Settings and add the Alter callback URL from the Developer Portal to the Callback URL field. Select the OAuth scopes the application needs (e.g., api, and refresh_token to enable refresh tokens).

Configure OAuth policies

After creating the app, open the Policies tab and click Edit. In the OAuth Policies section, enable the OAuth flows the application will use (Authorization Code is required for the standard web flow) and save.

Get credentials

Open Settings → OAuth Settings to copy the Consumer Key (Client ID) and Consumer Secret (Client Secret). Salesforce may require email verification before revealing the secret.

Note

As of Spring ‘26, Salesforce blocks creation of new Connected Apps. New integrations must use External Client Apps. Existing Connected Apps continue to function. External Client Apps separate the app definition (created by the developer) from OAuth policy enforcement (managed by an admin) — both the app and its policies must be configured before the app can be used.

Warning

Never share the Consumer Secret publicly. Store it securely and only enter it in the Alter Vault Developer Portal.

Step 2: Add to Alter Vault

Open the Developer Portal

Go to portal.alterauth.com and navigate to the application.

Add Salesforce provider

Go to OAuth Providers > Add Provider > Salesforce.

Enter credentials

• Client ID: Paste your Salesforce Consumer Key
• Client Secret: Paste your Salesforce Consumer Secret

Select scopes

Choose the scopes the application needs.

Save

Click Save. The provider is now active.

Available Scopes

Scope	Description
api	Access the Salesforce REST API
refresh_token	Obtain a refresh token for long-lived access
full	Full access to all accessible data
id	Access to the user’s identity URL
chatter_api	Access to Chatter API
web	Access to web services

Notes

• Always include refresh_token to enable long-lived access.
• Salesforce uses org-specific API URLs. The instance URL is returned in the token response.
• See the Salesforce OAuth web server flow documentation for more details.