Advanced Authentication Private Preview

You can use our Advanced authentication mode, which incorporates Mutual TLS (mTLS), to enhance the security of your Salesforce Fivetran connector. This added layer of security ensures a 2-way authentication process, where both Salesforce and Fivetran verify each other’s identities before any data exchange occurs. During the connection setup, both Salesforce and Fivetran exchange and validate each other's certificates, ensuring a secure and trusted communication channel.

Setup instructions

Enable mutual authentication in your Salesforce account

Follow the instructions provided in this Salesforce guide to enable mutual authentication for your Salesforce account.

NOTE: Once mutual authentication is enabled for a user profile, that user cannot log in to their Salesforce account via UI.

Generate and upload CA-signed certificate

Perform the following steps to generate a Certificate Authority-signed (CA-signed) certificate to upload to your Salesforce account.

1. Follow the instructions provided in the Salesforce CA-signed certificate generation document to generate a CA-signed certificate.
2. Follow the instructions provided in this Salesforce document to upload the CA-signed certificate to your Salesforce account.
3. Make a note of the CA-signed certificate and its private key. You will need it to configure Fivetran.

IMPORTANT:

• The certificate should be in a chain of order, i.e., client certificate, intermediate certificate, and CA root certificate should be present in the uploaded certificate. For more information, see the Salesforce document.
• The certificate should be issued from a certificate authority (CA-signed) only. Self-signed certificates do not work and are invalidated by the Salesforce server.
• Ensure the generated certificate and its private key are in the .pem and .key formats.

Configure connected app

To use mTLS with OAuth2.0 client-credential flow, you need to configure a new connected app in your Salesforce account. To do this, perform the following steps:

1. Follow the instructions provided in this Salesforce document to configure a connected app for the client-credential flow. Assign the client credential flow to the user that you have enabled the mutual authentication profile for.

2. After creating the app, go to Setup > App Manager.

3. Select the configured connected app and click View.

   

4. Click Manage Consumer Details. Make a note of the consumer key and secret.

   

Find your My Domain URL

Find the My Domain URL associated with your Salesforce account. For example, https://MyDomainName.my.salesforce.com or https://MyDomainName--SandboxName.my.salesforce.com for Salesforce or Salesforce sandbox instances, respectively.

Finish Fivetran configuration

Return to the Fivetran Salesforce connector setup form, select Advanced as the Authentication Method and finish your Fivetran configuration for Salesforce connector.