Introduction
This article will detail the 3 steps needed to create anS-Docs Connected App to use with S-Sign e-signatures. Note that these steps can also be found in the S-Sign Installation & Configuration articles for Lightning and Classic.
Info
This article makes several references to yourS-Sign Internal User. This user can be any licensed Salesforce user of your choosing, but we recommend choosing a generic Salesforce Administrator user. S-Sign operations that require internal data access will be conducted through this user's profile using the secure S-Docs Connected App.
You should decide who your S-Sign Internal User will be before proceeding, as you will need to know their username & which profile they are assigned to complete the Connected App Configuration.
Step 1: Create a Self-Signed Certificate
From the setup menu, type "Certificate" into theQuick Findbar, then clickCertificate and Key Managementin the dropdown menu. ClickCreate Self-Signed Certificate.
Name your certificateSDocsCert.ClickSave.
ClickDownload Certificate, and keep track of where the file is stored. We will use this in the next step.
Step 2: Create A New Connected App
Navigating to the Connected App creation page is a bit different in Classic and Lightning. InLightning, type "App Manager" into theQuick Findbar in the setup menu, then clickApp Managerin the dropdown menu. ClickNew Connected Appin the top right.
InClassic, type "Apps" into theQuick Findbar in the setup menu, then clickAppsin the dropdown menu (under Build > Create). Scroll down to theConnected Appssection and clickNew.
In theBasic Informationsection, fill in the following fields:
Connected App Name:Sdocs Connected Apps
API Name:Sdocs_Connected_Apps
Contact Email:[email protected]
Scroll down to theAPI (Enable OAuth Settings)section and checkEnable OAuth Settings. Then, enter one of the following URLs into the Callback URL field, depending on if you're working in a sandbox or production environment:
Production:https://login.salesforce.com/services/oauth2/callback
Sandbox: https://test.salesforce.com/services/oauth2/callback
Next, check theUse Digital Signatures checkbox and upload the self-signed certificate that you downloaded in step 1.
Then, scroll down to the Selected OAuth Scopes field. Add the following scopes to your selected scopes:
- Access Connect REST API resources (chatter_api)
- Manage user data via APIs (api)
- Perform requests at any time (refresh_token, offline_access)
This section should look similar to the following image when you are finished:
Leave the rest of the fields at their default settings, and clickSave. You will be redirected to the Connected App detail page. Scroll down to theAPI (Enable OAuth Settings)section and clickCopynext to theConsumer Key field. Paste this somewhere you can access later. You will use this key in Step 3. Then, click Manageat the top of the page.
On the next page, clickEdit Policies.
Scroll down to theOAuth Policiessection. Set thePermitted Usersfield toAdmin approved users are pre-authorized. Set the IP Relaxation field in accordance with your organization's policies. Keep theRefresh Token Policyset toRefresh token is valid until revoked. Then, clickSave.
Next, scroll down to theProfilessection and clickManage Profiles.
Add the profile assigned to the S-Sign Internal User. As a reminder, we recommend choosing a generic Salesforce Administrator User as the S-Sign Internal User. All S-Sign operations will be conducted through this user and the secure S-Docs Connected App.
Click Save.
Step 3: Create A New Custom Setting Entry
From the setup menu, type "Custom Settings" into theQuick Findbar, then clickCustom Settingsin the dropdown menu. FindSDocsSettingsand clickManage.
If you've created an S-DocsSettings entry in the past, you can click theEditlink next to its name to edit it now. Otherwise, clickNewto create a new SDocsSettings entry.
Fill in the following values:
Note: All field values (including the custom setting name) are case sensitive and should be entered exactly as shown here.
Name:SDocsSettings
ConnectedAppCertificateName:SDocsCert
ConnectedAppConsumerKey:Paste the consumer key that you copied in step 2
ConnectedAppLoginURL:
[Production]: https://login.salesforce.com
[Sandbox]: https://test.salesforce.com
Note:If you are using Salesforce Government Cloud, use your MyDomain URL instead of the URLS listed above.
ConnectedAppTokenURL:Enter your Salesforce domain URL.
To find your domain in Lightning, click your user profile in the upper right corner and copy it from under your username. Make sure to add "https://" at the beginning.
To find your domain in Classic, navigate to the Home screen and copy it from your browser's URL bar up to the first forward slash.
ConnectedAppUserName:Enter the username that you want to use as the S-Sign Internal User. As a reminder, we recommend choosing a generic Salesforce Administrator User as the S-Sign Internal User. All S-Sign operations will be conducted through this user and the secure S-Docs Connected App.
Note:If you are using Salesforce Government Cloud, you also need to fill in theConnectedAppAudienceURLfield with one of the URLs listed below. This field sometimes populates with your MyDomain URL, which shouldnotbe used for this field. If your MyDomain URL populates this field, replace it with one of the 2 URLs listed below.
ConnectedAppAudienceURL:
[Production]: https://login.salesforce.com
[Sandbox]: https://test.salesforce.com
Your SDocsSettings entry should look similar to the following:
ClickSave.
You've now successfully configured your S-Docs Connected App.
Troubleshooting
My Self-Signed Certificate is Expiring Soon!
Several months after setting this up, you may get an email from Salesforce informing you that your self-signed certificate expired. If that is the case, you can follow the steps below to renew your certificate. We recommend doing this after hours.
Navigate to the Certificate and Key Management page (Setup > Security > Certificate and Key Management) and find SDocsCert. ClickDelnext to its name to delete it.
Then, clickCreate Self-Signed Certificate(the button above where your previous certificate was listed).
Name your certificateSDocsCert.ClickSave.
ClickDownload Certificate.
Next, you need to update your Connected App with your new Self-Signed Certificate.
Navigating to the Connected App page is a bit different in Classic and Lightning. InLightning, type "App Manager" into theQuick Findbar in the setup menu, then clickApp Managerin the dropdown menu. FindSdocs Connected Apps, click the dropdown arrow on the right, and clickEdit.
InClassic, type "Apps" into theQuick Findbar in the setup menu, then clickAppsin the dropdown menu (under Build > Create). Scroll down to theConnected Appssection, findSdocs Connected Apps, and clickEdit.
Once you've navigated to the Connected App Edit page, scroll down to theAPI (Enable OAuth Settings)section and find theUse digital signaturesfield. ClickChoose Fileto upload your new Self-Signed Certificate.
ClickSave. Note that it may take several minutes for the new certificate to take effect.
Take the update time to double check that your connected app's Consumer Key has not changed:
- From the Sdocs Connected Apps "View" page, click "Manage Consumer Details" in the middle of the page and re-authenticate
- Click the "Copy" button for the Consumer Key
- Compare this Key against the ConnectedAppConsumerKey in your SDocsSettings record
- If the keys do not match, replace the old Key with the new value and Save
General Troubleshooting
If you performed this setup but are receiving errors, please try the following:
- Navigate to Setup > Connected Apps > SDocs Connected Apps > Profiles, and verify that the profiles of the following users are added to the app's permitted profiles list:
- The S-Sign Internal User
- Go to Setup > Remote Site Settings and verify that there are entries for the appropriate Salesforce production/sandbox URL and the customer’s home URL (Salesforce Classic). Additionally, verify that these entries areactive.
- Make sure the user's profile has theApex REST Servicespermission checked.