Salesforce uses an authorization process commonly called Open Auth, or OAuth. It takes a couple extra steps than you might be used to and it can be confusing to some. If you find yourself One-of-the-Confused, don’t fret, here’s a quick explanation to hopefully clear things up for you.
OAuth lets you approve outside sources, like your Ninja Forms plugin, to access information inside your Salesforce account without having to store your Salesforce credentials in WordPress. This is nice because if your WordPress site gets compromised, your Salesforce login credentials are safe from exposure.
Step by Step
- First, in Salesforce you create a Connected App. This tells Salesforce about the application ( Ninja Forms Salesforce) you plan to connect.
- Salesforce will give you two codes that identify your connected app.
- Next, in your Ninja Forms settings, save those two codes.
- Then click on a link that requests permission from Salesforce by directing you to Salesforce, where you’ll log in and approve the request. NOTE that you are logging into Salesforce, NOT entering your credentials into WordPress.
- Salesforce redirects you to a URL with a super long authorization code as part of the URL; this authorization code is the initial approval code for access. You’ll save this in your Ninja Forms settings.
- Finally, you’ll click on a link to create your access token – when you click this button, the plugin sends your connected app values along with that authorization code and Salesforce now knows that it can allow access by your website to your CRM account with your approval.
Yes, it does take four steps instead of one, but you only have to do it once for your website and protects you from having to storing your precious passwords in WordPress.
More of an audio/visual learner? Here’s a three-and-a-half minute video to walk you through the process.