To allow the SendSafely Dropzone to update existing Salesforce cases with secure links for file downloads, a SendSafely Dropzone Connector application must be configured in your Salesforce platform as an External Client Application. Follow the below steps for creating and configuring a new External Client Application. 

Step 1: Create New External Client Application

1. In the Salesforce Classic View, go to Setup, and then type “Apps” in the Quick Find box. In the menu on the left-hand side of the screen, look for and select: External Client Apps->External Client App Manager
2. Click “New External Client App” button. Configure the following sections:

Basic Information:

The following fields are required:

• External Client App Name - Enter a descriptive name like “SendSafely Dropzone Connector”
• API Name - This is auto populated by default based on the previous field (customize if needed)
• Contact Email - Enter email address of application administrator

API (Enable OAuth Settings)

• Check the “Enable OAuth Settings”
• Configure “Callback URL” - This callback URL should be "https://login.salesforce.com/services/oauth2/success" for a prod Salesforce portal and "https://test.salesforce.com/services/oauth2/success" for a Salesforce sandbox.
• Add the following OAuth Scopes:
  • Full access (full)
  • Manage user data via APIs (api)
  • Perform requests at any time (refresh_token, offline_access)
• Check “Enable Device Flow”
• Check the “Require Secret for Web Server Flow” setting (if not already checked)
• Uncheck both "Require Proof Key for Code Exchange (PKCE) Extension for Supported Authorization Flows" and "Require Secret for Refresh Token Flow" if they're checked, as they may cause the refresh token to expire immediately after its generation.

3. Click the “Create” button.

NOTE: Under the Settings tab, under “OAuth Settings”, you will see the Consumer Key and Consumer Secret fields, which will be needed during the Dropzone Connector Setup. 

Step 2: Configure Policies for Connected App

1. Policies can be configured from the Connected App Detail page, which can either be accessed from
   • The External Client Application summary page (presented in UI at end of Step 1) or
   • Navigate to the External Client App Manager, find the application in the list, and select “Edit Policies”.
2. Under the “Policies” tab, click “Edit”.

OAuth Policies

Under the OAuth policies section, select

1. “Admin approved users are pre-authorized” from the Permitted Users drop down box. When prompted, click the OK button.
2. “Refresh token is valid until revoked” radio button for the Refresh Token Policy.

Optionally configure an application specific Timeout Value under Session Policies. This will determine how long the OAuth access token issued to the application remains active for, before a token refresh is required. 

NOTE: The Dropzone Connector automatically initiates the token refresh process if an expired OAuth token is detected

Profiles

Under the App Policies section, select the profiles of the user account that will authorize the SendSafely Dropzone Connector Salesforce External Client App during the Dropzone Connector Setup. Once selected, click the Save button.

The SendSafely Dropzone Connector External Client App setup is now complete.