TRY NOW
book meeting
BACK TO KB LIST

How to Create a Salesforce Connected App to Connect Veeam Backup for Salesforce to Salesforce.com

KB ID: 4240
Product: Veeam Backup for Salesforce | 1.0 | 2.0 | 2.1 | 3.0 | 3.1.1 | 3.1.2
Published: 2022-10-27
Last Modified: 2025-12-12
mailbox
Get weekly article updates
By subscribing, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.

Cheers for trusting us with the spot in your mailbox!

Now you’re less likely to miss what’s been brewing in our knowledge base with this weekly digest

error icon

Oops! Something went wrong.

Please, try again later.

This article was designed to compliment the Veeam Backup for Salesforce User Guide
Deployment > Performing Initial Configuration > Step 5. Create Connected App

Purpose

This article documents how to create a Connected App in Salesforce to integrate with Veeam Backup for Salesforce via Salesforce API. A Connected App with proper permissions is required for Veeam Backup for Salesforce to integrate with Salesforce API using the OAuth 2.0 protocol.

Solution

If you create a Connected App in the Sandbox environment, please remember that the next sandbox refresh will erase the connected app configuration, and the product will not be able to refresh the connection to Salesforce. All backup jobs will fail to run.
Expand the section below that matches your Salesforce environment:
Salesforce Lightning
New Connected App option may be hidden

With the upcoming Salesforce rollout of External Client Apps, the option to create new Connected Apps has been disabled by default for new orgs.

For details, refer to the Salesforce documentation:
Control Connected App Creation on New Orgs

If you're following the steps in this Veeam article and the New Connected App button isn't visible, follow these instructions from the Salesforce documentation to enable the option:

  1. From Setup, under Platform Tools, expand Apps, then expand External Client Apps and select the Settings section.
    Platform Tools → Apps → External Client Apps → Settings
  2. On the External Client App Settings page, in the Connected Apps section, enable Allow creation of connected apps.

Support for External Client Apps will be included in a future Veeam Backup for Salesforce release.

  1. Click Setup in the top-right corner.
    https://login.salesforce.com/lightning/setup/NavigationMenus/home 
  2. Under Platform Tools, expand Apps, and click App Manager
  3. In the App Manager, click New Connected App
KB4240-1
  1. Specify details of the New Connected App as specified below, then click Save:
  • Enable the Enable OAuth Settings option.
  • The Callback URL must match the FQDN and/or IP address of the machine where Veeam Backup for Salesforce is installed.

    Review the Veeam Backup for Salesforce user guide Create Connected App page for more details on identifying what information should be entered into the Callback URL field.

    Note: A trailing forward slash must not be included.     (Mouseover for Examples
    • https://127.0.0.1   
      • https://127.0.0.1/   
      • https://vbsf   
      • https://vbsf/   
    )
KB4240-4
Add Callback URL to IP Restriction List
If access to an Organization is controlled using IP restrictions, be sure to add the Callback URL to the list of allowed IP addresses for the users used to connect to Salesforce and execute backup and restore.
  • Add the required OAuth Scopes:
    • Access unique user identifiers (openid)
      This scope is only needed if you use Salesforce as an identity provider.
    • Full access (full)
    • Perform requests at any time (refresh_token, offline_access)
OAuthScopes
  • Uncheck the option: "Require Proof Key for Code Exchange (PKCE) Extension for Supported Authorization Flows"
  • Check the option: "Require Secret of Web Server Flow"
  • Check the option: "Require Secret for Refresh Token Flow"
PKCE
  1. Take note of the message warning to allow up to 10 minutes for settings to become active.
  2. While waiting for the settings to become active, review the Salesforce security settings to ensure that the following option is disabled (unchecked):
    Security > Session Settings > Lock sessions to the IP address from which they originated
security setting
  1. In the Consumer Key and Secret section, click the Manage Consumer Details button.
KB4240-3
  1. You'll be prompted to Verify Your Identity
Verify
  1. Copy and save the Consumer Key and Consumer Secret to use later within Veeam Backup for Salesforce.
    Note: Connection tokens will not work before the process is complete.
KB4240-5
Salesforce Classic
  1. In Salesforce navigate to  Apps section. To discover it, please go to Setup and then under Build find Create->Apps 
    https://login.salesforce.com/02u
KB4240-5
2. Click on NEW  in the section of Connected Apps  
KB4018-6
  1. Specify details of the New Connected App and click Save:
  • Enable the Enable OAuth Settings option.
  • The Callback URL must match the FQDN and/or IP address of the machine where Veeam Backup for Salesforce is installed.

    Review the Veeam Backup for Salesforce user guide Create Connected App page for more details on identifying what information should be entered into the Callback URL field.

    Note: A trailing forward slash must not be included.     (Mouseover for Examples
    • https://127.0.0.1   
      • https://127.0.0.1/   
      • https://vbsf   
      • https://vbsf/   
    )
KB4240-4
Add Callback URL to IP Restriction List
If access to an Organization is controlled using IP restrictions, be sure to add the Callback URL to the list of allowed IP addresses for the users used to connect to Salesforce and execute backup and restore.
  • Add the required OAuth Scopes:
    • Access unique user identifiers (openid)
      This scope is only needed if you use Salesforce as an identity provider.
    • Full access (full)
    • Perform requests at any time (refresh_token, offline_access)
OAuthScopes
  • Uncheck the option: "Require Proof Key for Code Exchange (PKCE) Extension for Supported Authorization Flows"
PKCE
  1. Acknowledge the message warning to allow up to 10 minutes for settings to become active.
  2. While waiting for the settings to become active, review the Salesforce security settings to ensure that the following option is disabled (unchecked):
    Security > Session Settings > Lock sessions to the IP address from which they originated
security setting
  1. Copy and save the Consumer Key and Consumer Secret to use later within the product. Connection tokens will not work before the process is complete.
Wait 10 Minutes

More Information

See also: Create a connected app

If this KB article did not resolve your issue or you need further assistance with Veeam software, please create a Veeam Support Case.

To submit feedback regarding this article, please click this link: Send Article Feedback
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.

Spelling error in text

Thank you!

Thank you!

Your feedback has been received and will be reviewed.

Oops! Something went wrong.

Please, try again later.

You have selected too large block!

Please try select less.

KB Feedback/Suggestion

This form is only for KB Feedback/Suggestions, if you need help with the software open a support case
By submitting, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.
Verify your email to continue your product download
We've sent a verification code to:
  • Incorrect verification code. Please try again.
An email with a verification code was just sent to
Didn't receive the code? Click to resend in sec
Didn't receive the code? Click to resend
Start using Veeam:
Download the product
&
Activate the license key
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

error icon

Oops! Something went wrong.

Please, try again later.