Loading
Feature degradation | Gmail Email delivery failureRead More
Set Up and Maintain Your Salesforce Organization
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Considerations for Named Credentials

            You are here:

            1. Salesforce Help
            2. Docs
            3. Set Up and Maintain Your Salesforce Organization

            Considerations for Named Credentials

            Keep these considerations in mind when configuring or working with named credentials.

            Required Editions

            Available in: both Salesforce Classic (not available in all orgs) and Lightning Experience
            Available in: all editions
            Important
            Important These considerations don’t apply to legacy named credentials. In Winter ’23, Salesforce introduced an improved named credential that’s extensible, customizable, and more secure. We strongly recommend that you use this preferred credential instead of legacy named credentials.

            Sandboxes

            Sensitive values in named credentials—including access tokens, API keys, and passwords—aren't copied from production environments when you create, refresh, or clone a sandbox org.

            The named credential parameters and external credential parameters from the production org are included so that you don’t have to recreate them manually in sandboxes. But user external credentials from the production org, which store the encrypted access tokens, aren’t included in cloned or refreshed sandboxes. For example, authentication parameters on an external credential's principal, such as an API key and value or a client ID and client secret, aren’t available in the sandbox. Not including user external credentials in a cloned or refreshed sandbox ensures that the sandbox isn’t connected to external production environments automatically.

            To test callouts after you create, refresh, or clone a sandbox, you must authenticate or enter credentials for a non-production environment in the external credential. We also recommend reviewing the named credential’s URL to make sure that you’re using the right endpoint for callouts to non-production environments.

            Org Migrations

            These parts of a named credential are included in org migrations from one instance to another.

            • Named credential
            • External credential
            • Named credential parameters
            • External credential parameters
            • User external credentials

            Because the user external credentials that store encrypted access tokens are included in the migration, Salesforce admins and users don’t reauthenticate to external systems. Users can still use named credentials to make authenticated callouts in the org’s new instance.

            Setup Audit Trail

            The Setup Audit Trail logs when named credentials and external credentials are created, updated, and deleted in your org. New and changed parameters on named credentials and external credentials are also tracked.

            For security reasons, the authentication parameters on external credential principals aren’t stored as metadata. The Setup Audit Trail can’t track what changes are made to these parameters or who made the change.

            See Also

             
            Loading
            Salesforce Help | Article