“OAuth (an abbreviation of open authorization) is an open protocol which allows secure authorization of desktop and web applications to access APIs. A commonly used analogy is the valet key to a car, which allows the car to be driven (perhaps a limited distance), but does not give access to the glove box or trunk. In the same way, OAuth allows users to authorize applications to access resources on their behalf via an access token, rather than by handing over their actual username and password.” (Patterson, 2011)
Conga has enabled Salesforce OAuth in Conga Composer Release 8. OAuth, an industry-wide accepted protocol for secure API authorization, provides several key benefits:
- The identification process occurs securely between Salesforce and Conga servers, reducing client-side security risks.
- The process makes it simple for a user (or administrators) to revoke the communication between Conga and Salesforce if desired.
If you have not authorized Conga before, when you click a Conga Composer button, a Salesforce dialog box appears asking whether to allow Conga Composer to access to various Salesforce functions. If you authorize Composer, Salesforce provides a temporary code (which Composer uses in conjunction with a protected key) to allow Composer to interact with Salesforce on your behalf.
You can revoke Conga Composer’s access at any time using the revoke link found in My Settings > Personal > Connections. There may be multiple entries for Conga. If access is revoked, the Salesforce Authorization window appears the next time you use a Conga product.
To get started, see Configure the Conga Composer Connected App.
You are required to use OAuth in Salesforce Lightning. Traditional Salesforce URLs that utilize a Salesforce Session ID will operate as usual in Salesforce Classic.
Salesforce reports for Conga Composer solutions using OAuth is supported only in Conga Composer version 8.2 or later. If you are running version 8.0 or 8.1, we recommend the free upgrade to version 8.2. Alternately, you can use SOQL queries instead of Salesforce reports.