Creating External Credentials for enosix Sync
When using external credentials in Salesforce, user receives an error when attempting to set up/execute an enosix sync. This issue can happen when either the automated process user or the executing user does not have correct permissions.
System.CalloutException: We couldn't access the credential(s). You might not have the required permissions, or the external credential "SAP_CREDENTIAL" might not exist.
Below is the step by step guide on how to successfully configure the applications.
Setup: Named Credentialsβ
- Select External Credentials tab and create New External Credential by providing:
- Label
- Name
- Authentication Protocol = Basic Authentication.
- Create New Principal by providing:
- Parameter Name
- Sequence Number (in case you have more than one Principal and one has to be prioritized over the other)
- Identity Type (whether you are going to have a singe login or multiple logins).
In the example Named Principal Identity Type is used.
- Go back to Named Credentials tab and create a new named credential (do not create a legacy named credential):
- Label
- Name
- URL (proxy)
- Enabled for Callouts (yes)
- External Credential: Select the external credential you created in step 1
- Generate Authorization Header (yes)
- Allowed Namespaces for Callouts : ensxsync, ensxapp, ensxsdk
Setup: Permission Setsβ
- Create a New Permission Set by providing
- Label = enosix External Credentials
- Label = enosix External Credentials
- Under the Apps section of enosix External Credentials permission set click on
Object Settings
. - From the list of objects select
User External Credentials
- Edit the permissions by granting READ access.
- Under the Apps section of enosix External Credentials permission set click on
External Credential Principal Access
- Enable earlier created Principal
- Assign
enosix External Credentials
permission set to your user.
Assign Permission Set to Automated Process Userβ
The Automated Process user is a built-in behind-the-scenes user that exists in every single org.
It is invisible to Setup > Users
, but it can be viewed if queried:
SELECT Id, Name, UserType, ProfileId FROM User WHERE UserType = 'AutomatedProcess'
-
Use this query to find the Automated Process user
-
Get the
User Id
and associate it with a Permission Set (or Permission Set Group, so you can use Setup to add multiple Permission Sets to it). -
Associate the permission set with the user using an
INSERT
statement from the Salesforce. -
Open
Developer Console
-
Select
Debug
-
Click
Open Execute Anonymous Window
Example: code, make sure you update values accordingly
// for a Permission Set Group
ββββββββββββββββββId myPermissionSeGrouptId = [SELECT Id FROM PermissionSetGroup WHERE DeveloperName = 'your_Permission_Set_Group_API_Name'].Id;
ββββββββββββββββββList<User> userList = [SELECT Id FROM User WHERE UserType = 'AutomatedProcess'];
ββββββββββββββββββfor (User u : userList) {
ββββββββββββββββββββββββINSERT new PermissionSetAssignment(
ββββββββββββββββββββββββββββββAssigneeId = U.ID - Unique Digital Identity ,
ββββββββββββββββββββββββββββββPermissionSetGroupId = myPermissionSeGrouptId
ββββββββββββββββββββββββ);
ββββββββββββββββββ}
β// for a Permission Set
ββββββββββββββββββId myPermissionSetId = [SELECT Id FROM PermissionSet WHERE name = 'your_Permission_Set_API_Name'].Id;
ββββββββββββββββββList<User> userList = [SELECT Id FROM User WHERE UserType = 'AutomatedProcess'];
ββββββββββββββββββfor (User u : userList) {
ββββββββββββββββββββββββINSERT new PermissionSetAssignment(
ββββββββββββββββββββββββββββββAssigneeId = U.ID - Unique Digital Identity ,
ββββββββββββββββββββββββββββββPermissionSetId = myPermissionSetId
ββββββββββββββββββββββββ);
ββββββββββββββββββ}
Validation Rulesβ
For any Validation Rule that needs to be bypassed by enosix Sync that isnβt controlled by a Permission Set, add the following exclusion to the validation rule:
TEXT($User.UserType) <> 'AutomatedProcess'
If the code throws this error:
Error System.DmlException: Insert failed. First exception on row 0; first error: TABSET_LIMIT_EXCEEDED, Can't complete this operation because you reached the limit of 0 custom tabs for Automated Process for the Automated Process user license.
Then follow the directions here Unable to Assign Permission Set to Automated Process User to delete the Knowledge tab from the org.