home

TurboEngines

Adobe Sign ServicesAdvantage Platform AdministrationApprovals for Advantage PlatformApprovals for SalesforceBilling for Advantage PlatformBilling for SalesforceCLM for Advantage PlatformCLM for SalesforceContracts for SalesforceCollaborateComposer for Advantage PlatformComposer for SalesforceContractsConga for Google DocsConga Upgrade ProgramContract Intelligence (Standalone)CPQ for Advantage PlatformCPQ for SalesforceDeal MaximizerDigital Commerce for Advantage PlatformDigital Commerce for SalesforceDiscovery AI for Advantage PlatformDiscovery AI for SalesforceDocusign ServiceseSignature Integration with Advantage PlatformGridInvoice GenerationMix FormsOrchestrateOrder Management for Advantage PlatformOrder Management for SalesforcePartner Commerce for Advantage PlatformPartner Commerce for SalesforceQuote GenerationSign for Advantage PlatformSign for SalesforceSmart SearchTurboEnginesX-Author for Contracts 1.0 (Classic)X-Author for ContractsX-Author for Contracts Advanced for Advantage PlatformX-Author for Contracts Advanced for SalesforceX-Author for ExcelX-Author for Migration ManagerRelease NotesGeneral
Adobe Sign ServicesAdvantage Platform AdministrationApprovals for Advantage PlatformApprovals for SalesforceBilling for Advantage PlatformBilling for SalesforceCLM for Advantage PlatformCLM for SalesforceContracts for SalesforceCollaborateComposer for Advantage PlatformComposer for SalesforceContractsConga for Google DocsConga Upgrade ProgramContract Intelligence (Standalone)CPQ for Advantage PlatformCPQ for SalesforceDeal MaximizerDigital Commerce for Advantage PlatformDigital Commerce for SalesforceDiscovery AI for Advantage PlatformDiscovery AI for SalesforceDocusign ServiceseSignature Integration with Advantage PlatformGridInvoice GenerationMix FormsOrchestrateOrder Management for Advantage PlatformOrder Management for SalesforcePartner Commerce for Advantage PlatformPartner Commerce for SalesforceQuote GenerationSign for Advantage PlatformSign for SalesforceSmart SearchTurboEnginesX-Author for Contracts 1.0 (Classic)X-Author for ContractsX-Author for Contracts Advanced for Advantage PlatformX-Author for Contracts Advanced for SalesforceX-Author for ExcelX-Author for Migration ManagerRelease NotesGeneral

Conga Product Documentation

Welcome to the new doc site. Some of your old bookmarks will no longer work. Please use the search bar to find your desired topic.

Show Contents

TurboEngines

Preparing Tenant Information

download

Enabling JWT Authorization

Currently, all turbo applications use the username and password authentication flow along with connected app secret for data sync. However, this flow is not recommended for server-to-server communication due to the following challenges:

  • Security Risks: Sharing sensitive data as username and password may have a chance of uninvited access.
  • Authentication Issues: Turbo applications will fail at authentication Whenever the user changes the password.
  • Maintenance: The Conga Support teams (TS) team has to change passwords in the tenant config file whenever the user changes them.

To overcome these issues, the TurboData team recommends using a JSON Web Token (JWT) based authentication for server-to-server communication where the certificate is used instead of the password to enhance security and user experience. JWT is a JSON encoded representation of a request(s) transferred between two parties and it allows the users to share the information securely. However, the validity of this certificate is one year, and the admin has to update the certificate once a year. Thus, changing the password will not affect the authentication.

Advantages of JWT based authentication:

  • Reduces Security Risks: Reduce security risk as no password or client secret is stored.
  • Low Maintenance: Users can change their passwords as required. If the user changes the password, redeployment is not required for configuration changes.

Sample Tenant Config (click to expand)

{
  "TenantId": "00XXXXXXeau",
  "TenantName": "Customer1Prod",
  "OpenIdConfiguration": {
    "Authority": "https://login.salesforce.com",
    "SalesforceUsername": "pricXXXXXdev",
    "ClientId": "3MVG9vXXXXXXXmn609",
    "RSAPrivateKey": ""
  },
  "ProcessorConfiguration": {
    "Parallel": 8,
    "BufferSize": 500
  },
  "DataSource": {
    "Type": "ElasticSearch",
    "Configuration": {
      "ServiceUrl": "https://ls-ibm-engg-elasticdata.apttuscloud.io:9200",
      "SuperAdmin": {
        "UserName": "elastic",
        "Password": "ElasXXXXXX90"
      },
      "ReadonlyUser": {
        "UserName": "elastic",
        "Password": "ElastXXXX90"
      }
    }
  },
  "CacheConfiguration": {
    "ConnectionString": "XXXXX"
  },
  "LightsaberDatabase": {
    "ConnectionName": "lightsaberdb",
    "MongoDbName": "iclsdev1-lsdb",
    "MongoDbConnectionString": "mongodb://localhost:27017"
  },
  "DatasyncConfiguration": {
    "InstanceUrl": "https://XXXXX.my.salesforce.com",
    "OAuthTokenUrl": "https://login.salesforce.com/services/oauth2/token",
    "SalesforceUsername": "pXXXev",
    "SalesforcePassword": "XXX0",
    "ClientId": "3MXXXXX609",
    "ClientSecret": "87XXXX9",
    "MongoDbConnections": [
      {
        "ConnectionName": "syncconfiguration",
        "MongoDbName": "iclsdev1-ds",
        "MongoDbConnectionString": "mongodb://localhost:27017"
      }
    ],
    "KafkaConfiguration": {
      "EventsTopicName": "XXX-datasyncEvents",
      "TriggerTopicName": "XXX-datasyncTrigger",
      "SchedulerTopicName": "XXX-datasyncScheduler",
      "PushTopicCreatedTopicName": "XXX-datasyncPushTopic",
      "ConsumerOrchestratorTopicName": "XXX-consumerorchestrator"
    }
  },
  "ElasticAdminApiEndPoint": "http://data-admin-api",
  "ActorApiEndPoint": "http://XXXXX.local",
  "x-forwarded-host": "XXXX.apttuscloud.io",
  "CMSApiEndpoint": "<CMS-PublicURL>"
}

Prerequisites:

  • Public Key (Certificate): You must collect the key (certificate) from conga TS or Conga Ops.

  • Existing users can invoke the following APIs (using datasync swagger) before enabling JWT authorization for verification purposes after enabling JWT.

    • /ds/api/dataintegration/v1/Validate - Trigger this API and copy the validation Id (guId) from the response.
    • /ds/api/dataintegration/v1/Validate/GetValidationResults - Trigger this API by passing validation id copied from the response of the above API. Then, save the response.

Enabling JWT authorization covers five major processes:

  1. Identifying the Connected App
  2. Setting up the Permitted Users
  3. Uploading Public Certificate
  4. Associating correct access for the connected app
  5. Enabling JWT OAuth using a feature flag

Order

Action

Description

1

Identifying Connected App

If you are not aware of which connected app is currently used for Turbo, contact TS/PS/Conga Ops team to get the ClientId (also called Consumer Key) and verify against existing connected apps in Salesforce org.

2

Setting up the Permitted Users

Once you have identified a connected app, perform the following.

  1. Login to Salesforce Org > Setup > Apps > App Manager.
  2. Click the


    icon of required Connected App > Manage.
  3. Click Edit Policies. The Connected App edit page is displayed.
  4. In the OAuth Policies section, select Admin approved users are pre-authorized from the Permitted Users option.

3

Uploading Public Certificate

After receiving the Public Key from Conga TS or Conga Ops.

  1. Login to Salesforce Org > Setup > Apps > App Manager.
  2. Click the


    icon of required Connected App > Edit.
  3. Enable Use Digital Signatures.
  4. Click Choose File and upload the public key (certificate) provided by the Conga TS or Cloud Ops.


4

Associating correct access for the Connected App

As per the organization's policy, select either Profile or Permission Sets, which has complete access to all turbo objects and fields configured in the consumer profiles.

To associate the access for Connected App :

  1. Login to Salesforce Org > Setup > Apps > App Manager.
  2. Click the


    icon of required Connected App > Manage.
  3. Do one of the following:
    1. To associate with the profile, click Manage Profiles > click the checkbox next to the required profile > Save or
    2. To associate with the permission sets, click Manage Permission Sets > click the checkbox next to the required permission set > Save.

Post-Onboarding Task

5

Enabling JWT OAuth using a feature flag

Note:
  • All existing customers must perform this step after enabling JWT.
  • All new tenants must perform this after completing the onboarding tasks.

After making the changes to the Connected App, contact Conga TS or Conga Ops for enabling the JWT OAuth using the feature flag called is-certbased-jwt-auth-enabled.

Note: Once this feature flag is enabled, run validation APIs against your org to check the access and permissions. For more information, see Verifying JWT Flow Settings and Access Level.
Administrator Guide
TurboEngines

February 11, 2025