Skip to main content

Creating Non-legacy Named Credentials and setting up Valence Sync

When using non-legacy named credentials in Salesforce, user receives an error when attempting to set up a valence sync. This issue can happen when either the automated process user or the executing user does not have correct permissions.

System.CalloutException: We couldn't access the credential(s). You might not have the required permissions, or the external credential "SAP_CREDENTIAL" might not exist.

Credential error

Below is the step by step guide on how to successfully configure the applications.

Setup: Named Credentials

  1. Select External Credentials tab and create New External Credential by providing:
    • Label
    • Name
    • Authentication Protocol = Basic Authentication.

Creating External Credential

  1. Create New Principal by providing:
    • Parameter Name
    • Sequence Number (in case you have more than one Principal and one has to be prioritized over the other)
    • Identity Type (whether you are going to have a singe login or multiple logins). In the example Named Principal Identity Type is used.

Creating Principal

  1. Go back to Named Credentials tab and create a New non-legacy Named Credential:
    • Label
    • Name
    • URL (proxy)
    • Enabled for Callouts (yes)
    • External Credential: NonProdSAP
    • Generate Authorization Header (yes)
    • Allowed Namespaces for Callouts : ensxsync

Creating Non-Legacy Named Credential

Setup: Permission Sets

  1. Create a New Permission Set by providing
    • Label = enosix External Credentials

Creating Permission Set

  1. Under the Apps section of enosix External Credentials permission set click on Object Settings. From the list of objects select User External Credentials, edit the permissions by granting READ access.

READ access in Object Settings

  1. Under the Apps section of enosix External Credentials permission set click on External Credential Principal Access and enable earlier created Principal.

Creating Non-Legacy Named Credential

  1. Assign enosix External Credentials permission set to your user.

  2. The Automated Process user is a built-in behind-the-scenes user that exists in every single org. It is invisible to Setup > Users, but it can be viewed if queried:

SELECT Id, Name, UserType, ProfileId FROM User WHERE Alias = 'autoproc' AND UserType = 'AutomatedProcess'

Thus, User Id is extracted from the query and then associate it with a Permission Set (or Permission Set Group, so you can use Setup to add multiple Permission Sets to it).
Associate the permission set with the user using an INSERT statement from the Salesforce Developer Console > Debug > Open Execute Anonymous Window:

// for a Permission Set Group
Id myPermissionSeGrouptId = [SELECT Id FROM PermissionSetGroup WHERE DeveloperName = 'your_Permission_Set_Group_API_Name'].Id;

INSERT new PermissionSetAssignment(
    AssigneeId = [SELECT Id FROM User WHERE alias = 'autoproc'].Id,
    PermissionSetGroupId = myPermissionSeGrouptId
);
// for a Permission Set
Id myPermissionSetId = [SELECT Id FROM PermissionSet WHERE name = 'your_Permission_Set_API_Name'].Id;

INSERT new PermissionSetAssignment(
    AssigneeId = [SELECT Id FROM User WHERE alias = 'autoproc'].Id,
    PermissionSetId = myPermissionSetId
);

For any Validation Rule that needs to be bypassed by enosix Sync that isn’t controlled by a Permission Set, add the following exclusion to the validation rule:

TEXT($User.UserType) <> 'AutomatedProcess'