Enabling OAuth 2.0 Authentication for Veeva CRM Online

    iPad | iPhone | Online

Admins must configure Veeva CRM to communicate with an identity provider (IDP) to allow orgs to sign in with OAuth 2.0. Any IDP supporting the OpenID Connect protocol and having a working integration with Salesforce is supported.

Before configuring OAuth for CRM:

  1. Set up the IDP (of your choice) and retrieve the following:
    • Consumer Key
    • Consumer Secret
    • Authorize Endpoint URL
    • Token Endpoint URL
    • User Info Endpoint URL
  2. Set up the subdomain name with My Domain, register it, and deploy it to users. See the Salesforce documentation for more information.
  3. Integrate Salesforce with the IDP. After the subdomain is registered and deployed, admins must define a Registration Handler Apex class and configure an authentication provider to allow the IDP to communicate with Salesforce. To configure and test the authentication provider, see the Salesforce documentation.
  4. When configuring the authentication provider, make sure to select Open ID Connect for the Provider Type, enter openid for Default Scopes, and select the appropriate Apex class for the Registration Handler lookup field.

To allow online users to sign in with OAuth 2.0, admins must configure My Domain to redirect to the IDP’s signin page:

  1. Navigate to Setup > Administration Setup > Domain Management > My Domain.
  2. Select Edit for Authentication Configuration.
  3. Deselect Login Form for Authentication Service.
  4. Select the name of the authentication provider you just configured, for example, PingFederate.
  5. Select Save.