Configure Salesforce JWT for the Platform

Business Background

Salesforce JWT (JSON Web Token) Authentication is a secure, token-based authentication method that enables Salesforce users to access resources without requiring a password. It’s commonly used in integration scenarios, especially when connecting Salesforce to other systems or apps.

It allows sharing identity and security information across different security domains. Salesforce verifies the authenticity of the JWT by checking its signature against a pre-configured certificate and other parameters. If the JWT is deemed valid and the connected app has been approved beforehand, Salesforce grants access by issuing an access token.

Titan Solution

Authenticate Salesforce JWT in Titan to integrate external applications with Salesforce and enable secure access to Salesforce resources without needing user credentials.

How to Guide

Open your Titan Dashboard interface and your Salesforce instance in two browser tabs. You will need to navigate between them a few times.

Do the following to configure a new connected app in Salesforce:

1. Generate Public and Private Keys and a Certificate
2. Titan Configuration to Authenticate Salesforce JWT
3. Salesforce configuration to authenticate Salesforce JWT
4. Complete Titan Configuration to Authenticate Salesforce JWT

Generate Public and Private Keys and a Certificate

For MacOS, run the following Terminal commands:

1. to generate a private key:
   • openssl genrsa -out privatekey.pem 2048
2. to generate a public key from the private key:
   • openssl rsa -in privatekey.pem -pubout -out publickey.pem
3. to generate a certificate (if needed):
   • openssl req -new -x509 -key privatekey.pem -out server.cert -days 365

For Windows, install Git for Windows and go to OpenSSL. Then run the following commands:

1. to generate a private key:
   • openssl genrsa -out privatekey.pem 2048
2. to generate a public key from the private key:
   • openssl rsa -in privatekey.pem -pubout -out publickey.pem
3. to generate a self-signed certificate (if needed):
   • openssl req -x509 -sha256 -days 365 -key privatekey.pem -in server.csr -out server.crt

Titan Configuration to Authenticate Salesforce JWT

1. Browse to the Titan Dashboard.
2. Click the Settings option.
3. Under Integrations, make sure that Salesforce has been authenticated.
4. Click the Salesforce JWT Session Authenticate button. The Salesforce JWT Auth screen opens.

5. Take note of the Callback URL. You will paste this URL into Salesforce.

Salesforce Configuration to Authenticate Salesforce JWT

1. Click the Setup icon in Salesforce and then click the Setup option on the drop-down list.

2. Search for “app manager” and click the App Manager option. The Lightning Experience App Manager screen opens.
3. Click the New Connected App button.

4. Select the Create Connected App option and click the Continue button.
   • This is the default option.

5. Type the Connected App Name in the field. The API Name field is populated automatically.
6. Type the Contact Email in the field.
7. Click the Enable OAuth Settings checkbox.
8. Paste the URL from the Salesforce JWT Auth screen into the Callback URL field.
9. Click the Use digital signature checkbox and upload the certificate (server.cert file).
10. Click the Choose File button.

11.  Select the following options from the Available OAuth Scopes list and click the Add button to move them to the Selected OAuth Scopes list.
    • Full access (full)
    • Perform requests at any time (refresh_token, offline_access)
12. Make sure that the Require Secret for Web Server Flow checkbox is enabled.
13. Click the Save button.

14. Click the Continue button. The Manage Connected Apps form opens.

15. Click the Manage button.

16. Click the Edit Policies button.

17. Use the Permitted Users drop-down list to select the Admin approved users are pre-authorized option.
18. Click the OK button on the popup screen.
19. Click the Save button on the form.

20. Scroll down and click the Manage Profiles button. The Application Profile Assignment form opens.

21. Scroll down the list and click the required checkboxes, for instance:
    • Gold Partner
    • System Administrator

22. Click the Save button.

Complete Titan Configuration to Authenticate Salesforce JWT

To complete the authentication, enable the Use for Salesforce Integration checkbox on the Salesforce JWT Auth screen and fill in the fields.

1. In Salesforce, search for “apps” and find the JWT app on the Lightning Experience App Manager page.
2. Use the drop-down list on the right of the screen and select the View option. The Manage Connected Apps form opens.

3. Click the Manage Consumer Details button. A new webpage opens, where you must paste the verification code that was sent to your email address.

4. Click the Copy button to copy the Customer Key.

5. Browse to the Titan page and paste the customer key on the Salesforce JWT Auth screen.
6. Type the username in the field.

7. In Salesforce, search for “communities” and click on the All Communities option.
8. On the Communities screen, copy the URL from the screen.

9. In Titan, paste the Community URL in the Audience field.
   • If your Titan account is connected to a production Salesforce environment, paste this URL: https://login.salesforce.com.
   • To connect to the Salesforce sandbox, use https://test.salesforce.com. 

10. Paste your private key in the field.
11. Click the Apply button.

Salesforce JWT has been authenticated.