PlautiSupport Portal

Configure your Salesforce Orgs

Configure your Salesforce Orgs for use with Plauti Server.

Before you can connect Plauti Server, your Salesforce Production and Sandbox Orgs need configuration. In particular, a dedicated External Client App (ECA) needs to be created in each Org's Salesforce Setup.
Apply the following steps to all Salesforce Orgs that should communicate with Plauti Server.

For installing the ECA for Plauti Cloud or Plauti Desktop, see Installing the ECA for Salesforce Connections
For connecting Plauti Server to MS Dynamics environments, no further configuration is needed on the environments' side.

To create an External Client App:

1. Gather credentials from Plauti

  1. Access the Plauti Server webinterface.
  2. At bottom left, create a new Connection.
  3. The ‘Set up Salesforce External Client App’ pop-up appears.
    Note the two values displayed:
  • Callback URL: Plauti's OAuth callback endpoint (e.g. http://your-server:8881/api/connections/oauth/callback)
  • Server Outbound IP: Plauti's outbound IP address (e.g. 12.345.67.891)
    Keep this dialog open or copy these values; you'll need them in Salesforce Setup.

2. Create the External Client App

  1. In the Salesforce Org you want to connect to, go to Salesforce Setup > External Client App Manager.
  2. Click New External Client App top right to create a new External Client App.
  3. Fill in Basic Information:
  • External Client App Name: e.g. Plauti Server ECA
  • API Name: e.g. Plauti_Server_ECA
  • Contact Email: Your email address
  • Distribution State: select Local

3. Enable and configure OAuth

  1. Still in the External Client App Manager, scroll down to 'API (Enable OAuth Settings)'.
  2. Check the Enable OAuth checkbox.
  3. Below, at the ‘App Settings’ section that appears, paste the Callback URL value from step 1. ‘Gather credentials from Plauti’. 
    If you run Plauti Server on a domain name, enter the Callback URL for both the domain and the outbound IP address, each on their own line.
  4. At OAuth Scopes, move the following scopes to 'Selected OAuth Scopes':  
    Access the identity URL service (id, profile, email, address, phone)
    Manage user data via APIs (api)
    Perform requests at any time (refresh_token, offline_access)

4. Configure Flow Enablement and Security

  1. Scroll to Flow Enablement.
  2. Check Enable Authorization Code and Credentials Flow.
  3. Below, at Security, check the following options:
  • Require secret for Web Server Flow
  • Require secret for Refresh Token Flow
  • Require Proof Key for Code Exchange (PKCE) extension
  • Enable Refresh Token Rotation
  • Limit Idle Refresh Token Time-to-Live (TTL) to 30 Days
  • Enforce Refresh Token IP Allowlist
  1. Click Create.

The External Client App has been created and its page opens.

5. Add Plauti Server IP to Refresh Token IP Allowlist

Because you enabled "Enforce Refresh Token IP Allowlist," you need to authorize Plauti's outbound IP.

  1. On the page of the External Client App you just created, go to the Settings tab and click Edit .
  2. Fold open the OAuth Settings and scroll down to the Refresh Token IP Allowlist section.
  3. At right, click Add .
  4. In the Start IP and End IP fields, enter the ‘Server Outbound IP’ value from step 1. ‘Gather credentials from Plauti’. 
    Use the same IP for both fields or enter a range for multiple IPs.
  5. In the Description field, enter a description such as Plauti Server outbound IP.
  6. Click Save or Add.

6. Review and lock Security Controls

After saving the External Client App, Salesforce displays a banner on the detail page with a Review Controls button at right.

  1. Click Review Controls.
  2. A modal appears listing all the security controls you just configured. 
    Review them to confirm they match your settings.
  3. Click Confirm to lock these security controls.Important: Once locked, only Salesforce Customer Support can modify these security settings. Make sure everything is correct before confirming.
    Important:
    Once locked, only Salesforce Customer Support can modify these security settings. Make sure everything is correct before confirming.

7. Copy the Consumer Key and Secret

  1. Go to the Settings tab again, and fold open the OAuth Settings.
  2. Click Consumer Key and Secret .
  3. Copy both the Consumer Key (Client ID) and Consumer Secret (Client Secret) values. You're going to paste them into Plauti in the next step.

8. Complete the Connection configuration

  1. Return to the Plauti Server webinterface, and the ‘Set up Salesforce External Client App’ dialog or your noted values.
  2. Click Next to proceed to Step 2 of 2: Enter External Client App Credentials.
  3. Paste the Consumer Key from Salesforce into the Consumer Key (Client ID) field.
  4. Paste the Consumer Secret from Salesforce into the Consumer Secret (Client Secret) field.
  5. Click Connect.
  6. A Salesforce OAuth login popup appears. 
    Sign in to your Salesforce Org to authorize Plauti Server. Allow Access when requested.

After authorization, you're returned to Plauti Server and the Connection is complete.
Repeat the steps for all Salesforce Orgs that you want to connect to Plauti Server.