Create a Connected App
This article provides direction for creating a secure Salesforce-connected app to integrate Fullcast with your Salesforce data. It covers OAuth authorization, callback URL configuration, and essential security best practices.
Note: To disable the PKCE security feature for your OAuth authorization, uncheck the "Require Proof Key for Code Exchange (PKCE) Extension for Supported Authorization Flows" option before saving your settings.
- Navigate to Setup the App Manager.
- Select New Connected App.
Enter the below information for the new Connected App:
Basic information - Type this in
- Name: Fullcast Motion Package
- API Name: Fullcast_Motion_Package
- Contact Email: Email address
API (Enable OAuth Settings)
- Enable OAuth Setting - Check
- Callback URL: Configure based on which instance you are working with. The start of each URL below should match the Fullcast instance URL you will authenticate motion in.
- For Production: https://app.fullcast.io/app/motion/segments
- For Pre-Production: https://sandbox.fullcast.io/app/motion/segments
- Selected OAuth Scopes:
- Access the identity URL service(id, profile, email, address, phone)
- Manage user data via APIs(API)
- Manage user data via Web Browsers (web)
- Perform requests on your behalf at any time (refresh_token, offline_access)
- Checkboxes:
- Uncheck:
- Require Proof Key for Code Exchange Leave
- Check
- Require Secret for Web Server Flow
- Require Secret for Refresh token flow
- Uncheck:
Note: To disable the PKCE security feature for your OAuth authorization, uncheck the "Require Proof Key for Code Exchange (PKCE) Extension for Supported Authorization Flows" option before saving your settings.
Leave the following sections as is:
- Web App Settings
- Custom Connected App Handler
- Mobile App Settings
- Canvas App Settings
- Select Save.
- Navigate to the Fullcast Motion Module Connected App and select Manage
- Select Edit Policies.
- Set the policies as follows:
Basic Information
- Leave As Is
OAuth Policies
- Permitted Users: All users may self-authorize
- IP Relaxation: Enforce IP restrictions, but relax for refresh tokens
- Refresh Token Policy: Refresh token is valid until revoked
Remaining Sections can be left as is:
- Session Policies
- Custom Connected App Handler
- User Provisioning Settings