Salesforce allows a user to connect to an external system using their own username and password by creating a mapping of the user to a data source. This is done using named credentials mapping or external data source mapping. Click here for Salesforce Help Documentation on Named Credentials.
Overcast supports the use of Salesforce Named Credential for real-time scenarios and Salesforce External Data Source credential mapping for Salesforce Connect scenarios.
To perform per-user authentication in a real-time scenario we use the Salesforce Named Credential security feature.
Register a new named credential in Salesforce by selecting New Named Credential on the Named Credentials page.
Overcast requires the following settings for the Named Credential:
1. Label: Used in list views and reports and the identifier for the Named Credential.
2. Name: The API name for the Named Credential.
3. URL: Navigate to the Overcast Settings screen to grab the Overcast Domain. Be careful to get the Overcast Domain and not the Custom Endpoint, if it is used.
4. Certificate: No certificate is necessary.
5. Identity Type: Select the Per User Identity Type.
6. Authentication Protocol: Select Password Authentication for the Authentication Protocol.
7. Administration Username: Enter the System Administrator's username.
8. Generate Authorization Header: If selected, the named credential generates an authorization header and applies it to each callout that references the named credential. For this named credential, leave unchecked.
9. Allow Merge Fields in HTTP Header: If selected, the Apex code can construct the callout's HTTP header with merge fields. For this named credential, select this option.
10. Allow Merge Fields in HTTP Body: If selected, the Apex code can construct the callout's HTTP body with merge fields. For this named credential, select this option.
Add the name of the Named Credential to the applicable Overcast connection string record. Real-time scenarios that use a connection string with a specified Named Credential will send the user-specific credentials to the external system.
For users to add their personal credentials for the Named Credential, either an administrator can make the user assignments, or each user can make their own assignments by going to User>Settings>Authentication Settings for External System>New. Select "Named Credential" for External System Definition and select "Password Authentication" for the Authentication Protocol field. See the Salesforce help documentation.
All users who will use the data source must register their personal credentials. For users who do not have personal credentials, the user or administrator should register the shared credentials. Do not try to duplicate a connection string for use with one without a named credential. Instead, create registrations for each user using the technical user credentials.
.png?Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cHM6Ly9kemY4dnF2MjRlcWhnLmNsb3VkZnJvbnQubmV0L3VzZXJmaWxlcy83NDg4LzMyMTM5L2NrZmluZGVyL2ltYWdlcy9xdS9Vc2VyQ3JlZGVudGlhbFJlZ2lzdHJhdGlvbigyKS5wbmciLCJDb25kaXRpb24iOnsiRGF0ZUxlc3NUaGFuIjp7IkFXUzpFcG9jaFRpbWUiOjE3NjU5MzUxMzl9fX1dfQ__&Signature=jfYq3v~43QHc6nIU6KzAMoYxqCTavFiMtbvDdlYT5vigW3~HfQr6IR97NufhvZM9Ug4WxlM5cfAPJiQRXX89pcxgyHE7tIH8xYnedvSf~C4HnwOXVGGP5MdFvojsfBK8jH8QEcLj7oiNhlCX3s4~btKszqVvTl4YR67uokylOObvo0U~45y1F9b20HtjInlGlOx-Iy4H5cGtiAY~pKo0LYN0K9e~MnU94jDR63uprlTG08iUW2vmQNCT11tkWLxCinkiFFYBmNQKXDEvxa~hJyLUEepoXSka6eJBakk8mg-KGQao0m1eIxDLZG5s5lYWRGw~0raLCyj2jm6lOIsRCw__&Key-Pair-Id=K2TK3EG287XSFC)
Add access permissions for the Named Credential to necessary profiles or permission sets.
This completes the setup for per-user authentication for Real-time scenarios.
An Overcast Salesforce Connect scenario will use the authentication settings associated with the external data source. This is not the same as Named Credentials.
Edit the Overcast External Data Source to include "OVC". Set the Identity Type to "Per User" and Authentication Protocol to "Password Authentication". Add the default Administration Username and Administration Password. This will not be used by Overcast.
.png?Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cHM6Ly9kemY4dnF2MjRlcWhnLmNsb3VkZnJvbnQubmV0L3VzZXJmaWxlcy83NDg4Lzk3NDMvY2tmaW5kZXIvaW1hZ2VzL2ltYWdlKDc0KS5wbmciLCJDb25kaXRpb24iOnsiRGF0ZUxlc3NUaGFuIjp7IkFXUzpFcG9jaFRpbWUiOjE3NjU5MzUxMzl9fX1dfQ__&Signature=HwP19X7wKVX4QY~BBiUgbPEMZhBSHHfIjkhWgCHQl9TvSp3c-h5IJMHlFqWOVAZxPffjsXuYi7Bvlmz4a6we5jRw6De28~tajPCvi7M7cJwkeIJxroC9rTeB3SGHOP0UadGrfbVm970PDfFjAKFp0SnepqiCcM6NBk8cArlGamkMCsvCCvLltnYaOXCbGDoA2MCzQouwq58j6m7eCHUhoc98AjJ-Hy-YM-InzyOXnPF-3jz~5NKsgGhYVrIKsCUnz40j8jzO9NhRNfORpmFbapZHbET528mzsnmy8ejur07LwbGd6z4WzXq1oCBvOfEp6MwQAJRb0Zp18uYXojixGg__&Key-Pair-Id=K2TK3EG287XSFC)
For users to add their personal credentials for the External Data Source, either an administrator can make the user assignments, or each user can make their own assignments by going to User>Settings>Authentication Settings for External System>New. Select "External Data Source" for External System Definition and select "Password Authentication" for the Authentication Protocol field. See the Salesforce help documentation.
All users who will use the data source must register their personal credentials. For users who do not have personal credentials, the user or administrator should register the shared credentials. Do not try to duplicate a connection string for use with one without a named credential. Instead, create registrations for each user using the technical user credentials.
.png?Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cHM6Ly9kemY4dnF2MjRlcWhnLmNsb3VkZnJvbnQubmV0L3VzZXJmaWxlcy83NDg4Lzk3NDMvY2tmaW5kZXIvaW1hZ2VzL2ltYWdlKDc1KS5wbmciLCJDb25kaXRpb24iOnsiRGF0ZUxlc3NUaGFuIjp7IkFXUzpFcG9jaFRpbWUiOjE3NjU5MzUxMzl9fX1dfQ__&Signature=QyuSzjYQJajFy2JWE08GSJtqrgzvWkLCoLoGmOP~KMsdLXSztEQTVRhVDt8CFzUGsw9o~pb7z4zMoFfWPT2CtowRS28FmvInDqdokYF7aIHLPwsXLa1WC5qVqBVmdca1iV2qeLgXHmMbh3rvpzIIcT6azZJOhHNMNQcUc1XggRYxyxo2rzt78pYWjgVEF3wLsKyaqtxJnt6fjwjIu1jbnKMP9rDG6aYwr3Pmy~cNLB1YypmK0d4G8CLKKeEwW7XTa6BUPT4OsaO-p-U7-IP6T1i9CWya4WW7WIMKLRihFpUueRIGCYcyWaWyn5EdgxpN47msCaFF7bgZSg0NrvafLA__&Key-Pair-Id=K2TK3EG287XSFC)
Add access permissions for the External Data Source to necessary profiles or permission sets.
This completes the setup for per-user authentication for Salesforce Connect scenarios.