Named Credentials Glossary
To better understand named credentials, get familiar with these common terms.
Required Editions
| Available in: both Salesforce Classic (not available in all orgs) and Lightning Experience |
| Available in: all editions |
Note The phrase named credentials is used throughout the documentation to refer to the
broader feature set and architecture described here, including but not limited to, callouts,
authentication management, and encrypted token storage.
- auth. provider
- Allows third parties to access your org from external services, typically through API integrations.
- Also referred to as authentication provider.
- authentication protocol
- Confirms secure communication between Salesforce and external systems by allowing the receiving party, such as a server, to verify the identity of another party, such as a user logging in on a mobile device.
- certificate
- Used for authenticated SSL communications with an external website to verify that a request is coming from your org. You must generate a Salesforce certificate and key pair only if you’re working with an external website that wants verification that a request is coming from a Salesforce org.
- custom header
- Provides further authentication parameters on named credentials and external credentials. Custom headers are a way for a remote system to define parameters that it needs as input to respond to a request. See Use Custom Headers with Credentials.
- external auth identity provider
- Links to an external credential and obtains the OAuth tokens necessary for outbound callouts to external systems that use OAuth 2.0 authentication.
- For seamless integration with multi-tenant services, you can attach account IDs or tenant IDs as custom request parameters.
- external credential
- Encapsulates the details of how Salesforce authenticates to a remote system. It specifies the authentication protocol to be used, such as OAuth or AWS Signature v4, and the details needed for that protocol, such as an AWS region.
- A callout to an external system references a named credential, which in turn links to an external credential.
- external credential principal
- Defines which users can use the external credential to make a callout.
- named credential
- Specifies the URL of a callout endpoint and its required authentication parameters in one definition. Use a named credential as a callout endpoint instead of hard-coding a URL and authentication information into, for example, Apex code.
- Named credentials come in three types.
- SecuredEndpoint
- The named credential includes an endpoint’s transport protocol as secured through transport layer security (TLS).
- PrivateEndpoint
- The named credential sends traffic through a private connection, bypassing the public internet.
- Legacy
- A legacy named credential specifies the URL of a callout endpoint and its required authentication parameters in one definition.
- named principal identity type
- Describes an external credential principal in which the same credential or authentication configuration is shared by all users in a given org.
- parameters
- Used to configure named and external credential callouts through a combination of the type, name, and value and lookup fields. Parameters are used internally to provide a flexible architecture and are exposed in Metadata API, Tooling API, and Connect REST API for packaging reasons.
- per user identity type
- Describes an external credential principal that provides access control at the individual user level. With the per user identity type, each Salesforce user manages their own credentials to access the external system.
- principal
- The actor that connects to the remote system via callout. The principal can be a single service account or integration user, or in a per-user scenario, an individual human user.
- Principals are mapped in external credentials to a permission set, profile, or permission set group to grant a set of Salesforce users permission to use that principal in a callout.
- Other major public cloud providers, such as AWS, also use the term principal to refer to a system process or human user that takes action on a defined resource.
- user external credential
- An object that stores encrypted tokens used by named credentials, which are passed to an external system during a callout. Users need the appropriate level of access to this object so the tokens can be read from their secure storage and passed along. Most standard permission sets and profiles have access to the User External Credentials object by default.
- Named credentials reference external credentials, which specify authentication protocols and information. In turn, external credentials use user external credentials to store encrypted authentication tokens.
Did this article solve your issue?
Let us know so we can improve!
