Salesforce OAuth Client Credentials Flow migration guide

AI-generated summary

Genesys Cloud provides a Salesforce OAuth Client Credential Flow credential type designed to replace the deprecated OAuth Username-Password Flow for Salesforce data actions integrations. This migration leverages OAuth 2.0 client credentials (Consumer Key and Consumer Secret from a Salesforce Connected App) instead of traditional username, password, and security token authentication, delivering enhanced security for server-to-server integrations in alignment with Salesforce's recommendations. The migration process requires initial configuration of a Connected App in Salesforce with OAuth 2.0 Client Credentials Flow enabled, followed by retrieval of the Consumer Key, Consumer Secret, and My Domain URL. Within Genesys Cloud, users navigate to the existing Salesforce data action integration's Configuration > Credentials section, replace the credential type with Salesforce (OAuth Client Credential Flow), and enter the Client ID, Client Secret, and My Domain URL. The new credential type targets the standard Salesforce token endpoint (https://your-domain.my.salesforce.com/services/oauth2/token), with the instance_url from the OAuth response automatically serving as the base URL for data action requests. No modifications to data action request or response configurations are necessary credential updates. After updating credentials, users should test the integration to confirm successful authentication and execution. As a best practice, Genesys Cloud recommends creating a test integration and importing an existing data action to validate new credentials before updating production integrations, since credential changes take effect immediately and may impact associated data actions. If issues arise post-migration, users can revert to the original credential type. The platform provides guidance for managing Salesforce data action integrations credential validation, including updating existing integrations and removing temporary test integrations. Additional technical details are available through the Test data actions for integrations documentation, community support resources, and a feedback mechanism for reporting issues such as inaccurate information, outdated content, or usability concerns. Related documentation covers general integration information, data actions integrations, and Salesforce-specific data actions integration configuration

Salesforce is deprecating the OAuth Username-Password Flow. To ensure that Salesforce data actions continue to perform successfully, Genesys Cloud provides the credential type, Salesforce OAuth Client Credential Flow, that uses OAuth 2.0 client credentials instead of a username, password, and security token.

This guide explains how to migrate existing Salesforce data actions integrations to this new credential type. A new integration is not required; instead, update the credentials in the existing integration.

Using the Salesforce OAuth Username-Password Flow after the deprecation deadline can result in authentication failures for all Salesforce data actions that use the legacy credential type. The Salesforce OAuth Client Credential Flow uses a Connected App’s Consumer Key (Client ID) and Consumer Secret (Client Secret) instead of a username, password, and security token. This authentication is more secure and recommended by Salesforce for server-to-server integrations.

Before you begin migration

Ensure that you have the following details from your Salesforce organization:

A Connected App configured in Salesforce with the OAuth 2.0 Client Credentials Flow enabled.
The Connected App’s Consumer Key (Client ID).
The Connected App’s Consumer Secret (Client Secret).
Your Salesforce’s My Domain URL. For example, https://your-domain.my.salesforce.com.

For more information, see Configure a Connected App for the OAuth 2.0 Client Credentials Flow in the Salesforce documentation.

Update the Salesforce data action integration in Genesys Cloud

To update the Salesforce data action integration:

Click Menu > IT and Integrations > Integration.
Open the existing Salesforce data action integration.
Navigate to Configuration > Credentials and click Configure.
Replace the existing credential type and select Salesforce (OAuth Client Credential Flow) from the list.
Enter the following details:
- Client ID – The Consumer Key from your Salesforce Connected App.
- Client Secret – The Consumer Secret from your Salesforce Connected App.
- My Domain URL – Your Salesforce My Domain URL.
Click Confirm and then Save.

Test and validate the integration

Test your existing Salesforce data action integration to confirm that it authenticates and executes successfully with the new credentials. Thereafter, no changes to the configuration are required for the integration.

Rollback

If you encounter any issue after migration, revert to the original OAuth Username-Password Flow credential for the integration until the issue is resolved.

Notes:

The new credential type targets the standard Salesforce token endpoint, https://your-domain.my.salesforce.com/services/oauth2/token.
The instance_url returned in the OAuth response is used automatically as the base URL for all data action requests, consistent with the previous behavior.
No changes to data action request or response configurations are required as part of this migration.

Best practice for updating credentials

When you change the credentials of an existing integration, the effect takes place immediately and can impact any associated data actions. To validate the new credentials before updating the credentials of the existing Salesforce data action integrations:

Create a Salesforce data action integration.
Import one of your existing data actions. For more information, see Import or export a custom action.
To verify the successful connection to Salesforce, use the Test option. For more information, see Test data actions for integrations.

After validating the credentials:

Update your existing Salesforce data action integrations
Remove the temporary integration created for testing and verification

[NEXT] Was this article helpful?

Get user feedback about articles.