# Setting Up Salesforce for Authentication

In order to login to the CapStorm/Container using Salesforce, you will first need to set up a connected app in your Salesforce org. This connected org will need to have OAuth Settings enabled along with a handful of other settings. This article walks through each step required to create a Salesforce Connected App that can be used to enable Salesforce authentication in the CapStorm/Container. For more information on setting up Connected Apps in Salesforce, please visit [Salesforce’s official documentation.](https://help.salesforce.com/s/articleView?id=sf.connected_app_create.htm\&type=5)

Note: the screenshots and instructions in this page use sample values for a number of parameters.

* <http://localhost:8080> is the host/port used for the CapStorm/Container.
  * You will need to use the host and port values that are applicable to your environment.
  * Your values for the host, port, and protocol should be used for the **Callback URL** parameter and the **Start URL**parameter.
* The Connected App Name and contact details should be changed to reflect proper values for your organization.

## Steps to Setup the Connected App

1. Login to Salesforce and go to **Setup**
2. In the Quick-Find search bar, type **App Manager** and select it
3. In the top right, click **New Connected App**
4. Enter a name for the app in the **Connected App Name** field
   * The API name will auto-fill when you click enter
   * Note: This name can be anything you’d like
5. Add a **Contact Email**
   * ![](/files/iXu2wFNFKyBjFY9HYPqG)
6. In the **API (Enable OAuth Settings)** section, select **Enable OAuth Settings**
7. In the **Callback URL** box, enter \*\*<http://localhost:8080/j_security_check**>
8. For the **Selected OAuth Scopes,** add the below scopes
   * **Access the identity URL service (id,profile,email,address,phone)**
   * **Access unique user identifiers (openid)**
   * ![](/files/Pj0PTqyEq1T9219InsAi)
9. Disable the below settings
   * **Require Proof Key for Code Exchange (PKCE) Extension for Supported Authorization Flows**
   * **Require Secret for Web Server Flow**
   * **Require Secret for Refresh Token Flow**
10. Enable the below settings
    * **Enable Authorization Code and Credentials Flow**
    * **Enable Token Exchange Flow**
    * ![](/files/KUu9suVhZYuxq7KmNE3L)
11. Enable **Configure ID Token**
12. Set **Token Valid for** to **10 Minutes**
13. Select **Include Standard Claims** and **Include Custom Attributes**
    * ![](/files/ttQ0uoJLEGLLCQL1lmcu)
14. Under Web App Settings, enter <http://localhost:8080> next to **Start URL**
    * ![](/files/JgfdNYyOMWdspOTlqOJM)
15. Click **Save**
16. In the API (Enable OAuth Settings) section, click the **Manage Consumer Details** button
    * ![](/files/FcC5n5eovZmSZ2CqZIAh)
17. Note the **Consumer Key** and the **Consumer Secret**; You will need these for setup in the application.
    * Consumer Key = OIDC\_CLIENT\_ID
    * Consumer Secret = OIDC\_CLIENT\_SECRET


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://learn.capstorm.com/capstorm-container/setting-up-salesforce-for-authentication.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.