Salesforce credentials

You can use these credentials to authenticate the following nodes:

• Salesforce
• Salesforce trigger

Supported authentication methods

• JWT
• OAuth2

Related resources

Refer to Salesforce's developer documentation (opens in a new tab) for more information about the service.

Using JWT

To configure this credential, you'll need a Salesforce (opens in a new tab) account and:

• Your Environment Type (Production or Sandbox)
• A Client ID: Generated when you create a connected app.
• Your Salesforce Username
• A Private Key for a self-signed digital certificate

To set things up, first you'll create a private key and certificate, then a connected app:

1. In n8n, select the Environment Type for your connection. Choose the option that best describes your environment from Production or Sandbox.
2. Enter your Salesforce Username.
3. Log in to your org in Salesforce.
4. You'll need a private key and certificate issued by a certification authority. Use your own key/cert or use OpenSSL to create a key and a self-signed digital certificate. Refer to the Salesforce Create a Private Key and Self-Signed Digital Certificate documentation (opens in a new tab) for instructions on creating your own key and certificate.
5. From Setup in Salesforce, enter App Manager in the Quick Find box, then select App Manager.
6. On the App Manager page, select New Connected App.
7. Enter the required Basic Info for your connected app, including a Name and Contact Email address. Refer to Salesforce's Configure Basic Connected App Settings (opens in a new tab) documentation for more information.
8. Check the box to Enable OAuth Settings.
9. For the Callback URL, enter http://localhost:1717/OauthRedirect.
10. Check the box to Use digital signatures.
11. Select Choose File and upload the file that contains your digital certificate, such as server.crt.
12. Add these OAuth scopes:
    • Full access (full)
    • Perform requests at any time (refresh_token, offline_access)
13. Select Save, then Continue. The Manage Connected Apps page should open to the app you just created.
14. In the API (Enable OAuth Settings) section, select Manage Consumer Details.
15. Copy the Consumer Key and add it to your n8n credential as the Client ID.
16. Enter the contents of the private key file in n8n as Private Key.
    • Use the multi-line editor in n8n.
    • Enter the private key in standard PEM key format:

      -----BEGIN PRIVATE KEY-----
      KEY DATA GOES HERE
      -----END PRIVATE KEY-----

These steps are what's required on the n8n side. Salesforce recommends setting refresh token policies, session policies, and OAuth policies too:

14. In Salesforce, select Back to Manage Connected Apps.
15. Select Manage.
16. Select Edit Policies.
17. Review the Refresh Token Policy field. Salesforce recommends using expire refresh token after 90 days.
18. In the Session Policies section, Salesforce recommends setting Timeout Value to 15 minutes.
19. In the OAuth Policies section, select Admin approved users are pre-authorized for permitted users for Permitted Users, and select OK.
20. Select Save.
21. Select Manage Profiles, select the profiles that are pre-authorized to use this connected app, and select Save.
22. Select Manage Permission Sets to select the permission sets. Create permission sets if necessary.

Refer to Salesforce's Create a Connected App in Your Org (opens in a new tab) documentation for more information.

Using OAuth2

To configure this credential, you'll need a Salesforce (opens in a new tab) account.

Cloud and hosted users will need to select your Environment Type. Choose between Production and Sandbox.

If you're self-hosting n8n, you'll need to configure OAuth2 from scratch by creating a connected app:

1. In n8n, select the Environment Type for your connection. Choose the option that best describes your environment from Production or Sandbox.
2. Enter your Salesforce Username.
3. Log in to your org in Salesforce.
4. From Setup in Salesforce, enter App Manager in the Quick Find box, then select App Manager.
5. On the App Manager page, select New Connected App.
6. Enter the required Basic Info for your connected app, including a Name and Contact Email address. Refer to Salesforce's Configure Basic Connected App Settings (opens in a new tab) documentation for more information.
7. Check the box to Enable OAuth Settings.
8. For the Callback URL, enter http://localhost:1717/OauthRedirect.
9. Add these OAuth scopes:
   • Full access (full)
   • Perform requests at any time (refresh_token, offline_access)
10. Make sure the following settings are unchecked:
    • Require Proof Key for Code Exchange (PKCE) Extension for Supported Authorization Flows
    • Require Secret for Web Server Flow
    • Require Secret for Refresh Token Flow
11. Select Save, then Continue. The Manage Connected Apps page should open to the app you just created.
12. In the API (Enable OAuth Settings) section, select Manage Consumer Details.
13. Copy the Consumer Key and add it to your n8n credential as the Client ID.
14. Copy the Consumer Secret and add it to your n8n credential as the Client Secret.

These steps are what's required on the n8n side. Salesforce recommends setting refresh token policies and session policies, too:

14. In Salesforce, select Back to Manage Connected Apps.
15. Select Manage.
16. Select Edit Policies.
17. Review the Refresh Token Policy field. Salesforce recommends using expire refresh token after 90 days.
18. In the Session Policies section, Salesforce recommends setting Timeout Value to 15 minutes.

Refer to Salesforce's Create a Connected App in Your Org (opens in a new tab) documentation for more information.

Common issues

Connection issues when authenticating with Salesforce from n8n Cloud

If you encounter connection issues when authenticating with Salesforce from n8n Cloud, you might need to enable a specific system permission in your Salesforce user profiles:

1. In Salesforce, go to Setup.
2. In the Quick Find box, search for Profiles.
3. Select the profile used by the user connecting to n8n (for example, System Administrator or the relevant profile).
4. Click Edit or use the new Profile interface if it's available.
5. Locate the Administrative Permissions section.
6. Enable the checkbox for Approve Connected Apps for Non-Admins. This checkbox might also appear as Approve apps connected not installed depending on your Salesforce language or translation.
7. Click Save.

This permission is not enabled by default, even for administrator profiles, and must be manually activated. Without this permission, you might experience authentication failures when trying to connect n8n to Salesforce.