Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
stylenone

What are Named Credentials?

Named Credentials is a feature were introduced in Salesforce introduced in their Spring ’15 release. Named Credentials relieves the need for hardcoded credentials within an organization’s Apex codebase.

Named Credentials eliminate the need to embed sensitive authentication information such as tokens or credentials and are one of the components used by ClosePlan to access Salesforce APIs.

ClosePlan needs Connected App, OAuth Provider and Named Credentials to access Metadata APIs, Tooling APIs, and UI APIs.Spring '15 and provide a reliable and secure way to store sensitive information such as authorization details. Among other features, Named Credentials allow native SFDC applications to use this information without exposing it.

Why does ClosePlan need Named Credentials?

ClosePlan needs an authorized Named Credential (+ Connected App, Auth. Provider) to access other Salesforce APIs such as Metadata, Tooling, and UI APIs. This ensures that ClosePlan doen’t need to manage any sensitive information as the entire process is automatically managed by SFDC. It is also the official and only way to access these APIs from within the Salesforce environment.

What we do with these APIs:

CloserPlan uses these APIs to access data that is not accessible with Apex / SOQL.

ClosePlan uses Metadata to tweak configurations in a controlled way.

  • Example: Sales Process:

    • Which Sales Stage belongs to what Sales Process?

  • Example: Changing Picklist Values

    • Whenever a User updates the Relationship Map Picklist Values, several objects are updated at the same time. Additional Metadata related to those Picklist values are also defined.

  • ClosePlan maintains the state of the Metadata to avoid user errors like typos.

External Access to the System

ClosePlan Connected App does not provide any access to a Client Org under any circumstances.

In order for the the Connected Application to provide access, a 3rd party would need to have the Consumer Key, the Consumer Secret Key and would also need to be a User within the system with Login and Password.

Authentication with an Integration User

In most Orgs, ClosePlan Named Credentials are authenticated by a System Administrator.

Some Orgs prefer to authenticate the Named Credentials with an Integration User. In this case the Integration User must be provided with Modify All Data permission.

In the event that Modify All Data cannot be assigned to the Integration User, ClosePlan can still function with some functionality limitations. Examples of these limitations are:

  • Picklist Values will not be editable

  • Field creation will not be permitted, such as attempting to create a Custom Attribute in the ClosePlan Admin

  • Additional Administrative limitations can also occur

Are Named Credentials required for ClosePlan to function?

ClosePlan can function without Named Credential authentication, however some Administrative functionality will be prevented such as but not limited to:

  • Picklist Values will not be editable

  • Field creation will not be permitted, such as attempting to create a Custom Attribute in the ClosePlan Admin

  • Additional Administrative limitations can also occur

Work-around

For Orgs that cannot allow authentication for Named Credentials to remain active, the following work-around may be an alternative:

  • After Installing and configuring the ClosePlan app, and completing all required templates and settings needed for ClosePlan to function as needed, a Sys Admin can remove Named Credential authentication.

  • In the event that Administrative work needs to be done on ClosePlan (Such as create a Custom Attribute) Named Credentials can be authenticated temporarily, the work completed and then Named Credential authentication can be removed again.

Important Points:

  • ClosePlan updates and changes ONLY ClosePlan metadata.

  • ClosePlan does NOT touch the metadata of the Client organization.

  • Named Credentials must be authorized by the Sys Admin (which is defined by having Customize Application permission).

  • ClosePlan provides no bypass for a Standard User to edit or change Salesforce Metadata through the ClosePlan Admin feature.

    • The User must be a System Adminstrator with corresponding required permissions.

    • If the User is not a System Administrator with corresponding required permission, ClosePlan will prohibit modification of Metadata and display a message.

...