authProvider |
- Field Type
- string
- Description
- Reference to an authentication provider that the
AuthProvider component
represents, which defines the service that provides the
login process and approves access to the external
system.
|
certificate |
- Type
- string
- Description
- If the value of parameterType is
SigningCertificate, then this field
references the certificate.
|
description |
- Field Type
- string
- Description
- A human-readable description of this external credential parameter.
|
externalAuthIdentityProvider |
- Field Type
- string
- Description
- Reference to an external authentication identity
provider that the
externalAuthIdentityProvider
component represents. The
externalAuthIdentityProvider
defines the service that provides the login process and
approves access to the external system.
- To simplify the configuration process for the
authentication providers used by your named credentials,
use an externalAuthIdentityProvider
instead of an authProvider. Link
the external auth identity provider to an external
credential.
|
parameterGroup |
- Field Type
- string
- Description
- Groups a parameter along with its respective principal.
For example, with dynamic scopes, the user can apply a
scope AuthParameter
only when authenticated against a specific principal
with a matching parameterGroup
value.
If a value for
parameterGroup isn’t
provided, parameterGroup
defaults to the parameterName
value for PER_USER and NAMED_PRINCIPAL. For all
other parameters parameterGroup
defaults to DEFAULT_GROUP.
|
parameterName |
- Field Type
- string
- Description
-
Required.
The name of the external credential
parameter.
|
parameterType |
- Field Type
- ExternalCredentialParamType (enumeration of type
string)
- Description
-
Required.
The type of external credential parameter. The value of this field
drives the behavior of the parameter. Valid values are:
-
AdditionalRefreshStatusCode: Allows the user to
specify 4xx,
6xx, 7xx,
8xx, and 9xx
HTTP status codes that trigger Salesforce to
refresh expired or invalid access tokens, in
addition to the standard 401 HTTP status code
response.
-
AuthHeader:
Allows the user to specify custom authentication
headers to be added to the callout at run time.
When using AuthHeader, the
parameterName field must be
the header name as a string, and
parameterValue must be a
formula of a header value that is evaluated at run
time. sequenceNumber
determines the order in which headers are sent out
in the callout. Headers with lower numbers are
sent out first.
-
AuthParameter: Allows the user to add
additional authentication settings.
parameterName defines the
parameter to set. For example, AwsRegion sets the
AWS Region parameter to apply for an AWS Signature
V4 authentication protocol and
parameterValue is the value for the AWS
Region.
-
AuthProtocolVariant: Used to specify a
variant of an authentication protocol. For
example, Aws
Sts as a variant when the
ParameterName is AwsSv4 and the
ParameterValue is AwsSv4_STS.
-
AuthProvider: Specifies that this
parameter configures an authentication provider
referenced by the
authProvider field.
-
AuthProviderUrl: Specifies the
authentication endpoint URL. For example, if the
authentication type is OAuth with JWT Bearer Flow,
then parameterValue is an
authentication token endpoint.
-
AuthProviderUrlQueryParameter: Allows
the user to specify custom query parameters to be
added to the callout to the authentication
provider at run time. Currently, supported only
for AWS Signature V4 with STS. The allowed AuthProviderUrlQueryParameter values are
AwsExternalId
and AwsDuration, used with AWS STS.
-
AwsStsPrincipal: Configures AWS
Signature V4 along with STS. parameterName is
AwsStsPrincipal and parameterValue
isn’t specified.
-
CreatedByNamespace: Reserved for
internal use.
-
ExternalAuthIdentityProvider: Specifies
that this parameter configures an authentication
provider referenced by the
externalAuthIdentityProvider
field.
-
GlobalNamedPrincipal: Reserved for
internal use.
-
JwtBodyClaim: Specifies a JWT (JSON Web
Token) body claim, where
parameterName is the key and
parameterValue is the value.
For example, the parameter name for a JWT audience
is aud.
-
JwtHeaderClaim: Specifies a JWT header
claim, where parameterName is
the key and parameterValue is
the value. For example, the parameter name for a
JWT key identifier is kid.
-
NamedPrincipal: Specifies that the
parameter uses the same set of user credentials
for all users who access the external system.
-
PerUserPrincipal: Provides access
control at the individual user level.
-
SigningCertificate: Specifies the
certificate used for an authentication signature.
Use the certificate field to specify the
certificate name. Used for OAuth with JWT Bearer
Flow and AwsSv4 STS with RolesAnywhere
authentication.
-
SystemUserPrincipal: Reserved for
internal use.
|
parameterValue |
- Field Type
- string
- Description
- If the parameterType field
describes a literal value then the literal value is
stored in this field.
|
principal |
- Field Type
- string
- Description
- If the value of the parameterType
field is either NamedPrincipal or PerUserPrincipal, this
field points to a permission set. That value then
determines the set of users that are allowed to use
credentials provided by the credential provider. The
value of the parameterName field
specifies the name of this principal.
-
First available in API version 56.0, this field is
removed in API version 58.0 and later.
|
sequenceNumber |
- Field Type
- int
- Description
- Specifies the order of principals to apply when a user
participates in more than one principal. For example, a
user could be part of multiple permission sets that are
applicable for a credential provider. Priority is from
lower to higher numbers.
You can set this field only
when parameterType is NamedPrincipal.
|