Salesforce Enable JWT Authentication for the ActiFi Connected App and API User

Guide to Enable JWT Authentication for the Success Pro Salesforce Connected App and API User
Introduction
This guide provides step-by-step instructions for Salesforce administrators to update the SuccessPro Connected App's settings, enabling the OAuth 2.0 JWT bearer flow. This process is essential for server-to-server integration, allowing a secure, authorized connection without requiring a user to log in interactively.
Prerequisites:
  • You must have Salesforce Administrator permissions.
  • You must have the public key certificate file (e.g., public_certificate.crt) provided by the ActiFi Development team.
    Part 1: Configure the SuccessPro Connected App
Step 1: Navigate to App Manager
    Log in to your Salesforce account.
    Click the gear icon (Setup) in the top-right corner and select Setup.
    In the "Quick Find" box on the left, type App Manager and click on it when it appears.
Step 2: Locate and Edit the SuccessPro Connected App
    In the list of applications, find the “SuccessPro Connected App” that needs to be updated.
    Click the dropdown arrow on the far right of that app's row and select Edit.
Step 3: Enable Digital Signatures & Upload Certificate
    On the main edit page for the Connected App, scroll down to the API (Enable OAuth Settings) section.
    Check the box labeled Use digital signatures.
    Once the box is checked, a Choose File button will appear. Click it.
    Select the public certificate file (.crt) that was provided by the ActiFi development team.
Step 4: Confirm OAuth Policies
    Ensure that under OAuth Policies, the "Permitted Users" dropdown is set to Admin approved users are pre-authorized.
Step 5: Assign OAuth Scopes
    In the Selected OAuth Scopes list, ensure the following 2 scopes are included. If they are not, select them from the "Available OAuth Scopes" and click the "Add" arrow.
  • Access and manage your data (api)
  • Perform requests on your behalf at any time (refresh_token, offline_access)
Step 6: Save Your Changes
    Scroll to the bottom of the page and click the Save button.
    A confirmation message will appear noting that changes can take a few minutes to take effect. Click Continue.
Part 2: Create and Configure a Permission Set
Creating a dedicated permission set is a security best practice, as it allows you to grant access to the Connected App without altering a user's broader profile permissions.
Step 7: Create a New Permission Set
    While in Setup, use the "Quick Find" box to search for Permission Sets and click on it.
    Click the New button.
    Create a Label for the permission set (e.g., " Success Pro JWT API Auth Permissions” The API Name will populate automatically.
    Click Save.
Step 8: Assign the Connected App to the Permission Set
    On the new permission set's page, find and click on Assigned Connected Apps.
    Click the Edit button.
    Select the SuccessPro Connected App from the "Available Connected Apps" list and click the Add arrow to move it to the "Enabled Connected Apps" list.
    Click Save.
Part 3: Grant User Access
The final step is to assign this new permission set to the ActiFi API User that is used for the API integration.
Step 9: Assign Permission Set to the API User
    From Setup, use the "Quick Find" box to search for Users and click on it.
    Find and click on the name of the SuccessPro API User. The API integration user’s email should be “dev@actifi.com”
    Hover over the Permission Set Assignments section and click Edit Assignments.
    Select the permission set you created in Part 2 from the "Available Permission Sets" list and click the Add arrow to move it to the "Enabled Permission Sets" list.
    Click Save.
Additional Resources
For more detailed information, please refer to the official Salesforce documentation:
  • Salesforce Help:  OAuth 2.0 JWT Bearer Flow for Server-to-Server Integration 
  • Salesforce Help:  Create Permission Sets 
  • Salesforce Help:  Assign a Permission Set to a Single User