Loading
Salesforce now sends email only from verified domains. Read More
Help Agent Performance DegradationRead More
Identify Your Users and Manage Access
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Create an OAuth Custom Scope

            You are here:

            1. Salesforce Help
            2. Docs
            3. Identify Your Users and Manage Access

            Create an OAuth Custom Scope

            To define permissions about the data that an external client app can access from an external entity, create an OAuth custom scope in Salesforce. The custom scope tells the external entity which information the external client app is authorized to access.

            Required Editions

            Available in: both Salesforce Classic and Lightning Experience

            External client apps can be created in: Group, Essentials, Professional, Enterprise, Performance, Unlimited, and Developer Editions

            External client apps can be installed in: All editions
            User Permissions Needed
            To manage, create, edit, and delete OAuth apps: Manage external client apps

            The OAuth custom scope that you create in your Salesforce org corresponds to a policy that you define in your external entity and assign to the resource.

            For example, you want to create a custom web app that can access customer order status data in your order status API. In Salesforce, you create an order_status OAuth custom scope. You assign the Salesforce custom scope to the external client app that is requesting access to the order status API. You then define an order_status policy in your external entity. This policy allows access to customer order status data in your order system’s API. When the external entity receives the external client app’s request to access a customer’s order status, it validates the external client app’s access token and order_status scope. With a successful validation, the app can access the customer order status information in the order system API.

            1. From Setup, enter Custom Scopes in the Quick Find box, and select OAuth Custom Scopes.
            2. Click New Custom Scope.
            3. Enter the name of the custom scope. When you define the corresponding policy in your external entity, give it the exact name as the custom scope.
              The name of the custom scope must be unique and begin with a letter. Include only alphanumeric characters and underscores. You can’t use spaces in custom scope names.
            4. Enter a description of the protected data that the scope allows access to. The description must be unique, include only alphanumeric characters, and not be more than 60 characters.
              You can enter a custom label in place of a description. An advantage of custom labels is that you can maintain reusable text in a single location and translate the text into multiple languages. See Custom Labels.
              Note
              Note The same description formatting requirements apply to the custom labels that are associated with custom scopes.
              Custom scope descriptions and custom labels display on the OAuth approval page when a user approves the external client app to which the custom scope is assigned.
            5. To include the custom scope in the external client app’s OpenID Connect discovery endpoint (https://<your_domain_name>.my.salesforce.com/.well-known/openid-configuration), select Include on well known endpoint.
              Custom scopes included in well-know endpoint.

            See Also

             
            Loading
            Salesforce Help | Article