Skip to main content

Set up JWT bearer flow

Important

Atlan currently supports Salesforce Sales Cloud and Financial Services Cloud (FSC).

Atlan recommends using OAuth 2.0 JWT bearer flow for secure server-to-server integration with Salesforce. This guide walks you through creating the connected app, uploading certificates, configuring policies, and preparing the integration user.

Prerequisites

Before you begin, make sure you have:

  • Salesforce administrator access
  • Network connectivity between Atlan and your Salesforce instance
  • Created a server key and certificate. Save the generated server.crt and server.key files securely. You need the server.crt file to upload to Salesforce and the server.key file to configure the connection in Atlan.

Create custom profile

Create a custom profile with the Modify All Data permission to crawl all Salesforce objects, including custom objects. The View All Data permission isn’t sufficient because it grants read-only access and can result in missing objects.

  1. From Setup, enter Profiles in Quick Find and select Profiles.
  2. Click New Profile and clone Standard User
  3. Enter Profile Name, for example, AtlanIntegrationProfile
  4. Click Save, then click Edit
  5. Under Connected App Access, check your connected app
  6. Under Administrative Permissions, select:
    • API Enabled
    • View All Data
    • Run Reports
  7. Under Standard Object Permissions and Custom Object Permissions, select Read and View All
  8. Click Save

Create integration user

Follow these steps to create a dedicated user account for Atlan integration and assign the custom profile.

  1. From Setup, expand Users under Administration
  2. Click Users
  3. Click New User
  4. Enter required fields: First Name, Last Name, Username, Email, Nickname
  5. Set User License: Salesforce
  6. Set Profile: custom profile created in the Create custom profile section
  7. Click Save

Integration user requires Salesforce license to crawl metadata in Atlan. If license is unavailable, check allowed license limit: Salesforce user licenses

Create connected app

A connected app enables Atlan to authenticate with Salesforce using OAuth 2.0. This section guides you through creating the app and configuring OAuth settings.

  1. Log in to Salesforce.
  2. Click settings icon, then click Setup.
  3. In Setup, enter App Manager in Quick Find and select App Manager.
  4. Click New Connected App.
  5. Under Basic Information, enter:
    • Connected App Name: AtlanConnector
    • API Name: automatically populated
    • Contact Email: your email
  6. Under API (Enable OAuth Settings):
    • Check Enable OAuth Settings
    • Enter Callback URL: your domain. For example,https://localhost
    • Add Selected OAuth Scopes:
      • Access Lightning applications (lightning)
      • Manage user data via APIs (api)
      • Perform requests at any time (refresh_token, offline_access)
    • Check Use digital signatures
    • Click Choose File and upload server.crt
  7. Click Save, then Continue
  8. On connected app page, click Manage Consumer Details and copy Consumer Key (client_id) and Consumer Secret
  9. Before proceeding, wait approximately 10 minutes for connected app activation

Edit policies

Configure OAuth policies to control who can access the connected app and from where. These settings provide secure access for Atlan's integration.

  1. From Setup, enter Manage Connected Apps in Quick Find and select Manage Connected Apps.
  2. Locate your connected app and click Edit Policies.
  3. Under OAuth Policies:
    • Set Permitted Users to Admin approved users are pre-authorized
    • Set IP Relaxation to Relax IP restrictions
    • If needed, set Refresh Token Policy to Refresh token is valid until revoked
  4. Click Save

Add server certificate

To add the server certificate (server.crt) file to the connected app:

  1. From Setup, enter app manager in the Quick Find box and select App Manager.
  2. Locate your connected app, and then click the dropdown arrow and select Edit.
  3. For API Enable OAuth Settings, check Use digital signatures.
  4. Click Choose File and upload the server.crt file.
  5. Click Save.

Assign profile

Assign the custom profile to the connected app so the integration user has the required permissions when accessing Salesforce.

  1. Open connected app page
  2. Scroll to Manage Profile
  3. Select the custom profile created in the Create custom profile section and click Save

Troubleshooting

If you encounter issues with JWT Bearer authentication, see Troubleshooting Salesforce Connectivity.

Next steps

  • Crawl Salesforce: Configure and run your first crawl to discover Salesforce data and metadata