Custom Salesforce Identity Provider

Last updated 10/03/2023

Step 1

Log in to Salesforce Developer site:

Step 2

Click on your account icon at the top right of the page, and select My Developer Account.

Note: You may be asked to authenticate again.

Step 3

Click on the settings icon at the top right of the page, and select Setup.

Step 3

Step 4

In the left menu, go to Platform Tools > Apps > App Manager.

Step 5

Click the New Connected App button at the top right.

Step 5

Step 6

  • Enter your contact information.
  • For the name of your application, we recommend using your organization or company name.
Step 6

Step 7

Under API (Enable OAuth Settings), check the Enable OAuth Settings option.

Step 8

For the Callback URL, enter:

Step 9

For Selected OAuth Scopes, select and add the following:

  • Access unique user identifiers (openid)

If you need the user's Access Token by enabling Authorization Data in Bread & Butter, please also add:

  • Perform requests at any time (refresh_token, offline_access)

Note: If you enable Authorization Data without adding the above Scope, users will be blocked from logging in by Salesforce.

Step 9

Step 10

  • Check the Configure ID Token option.
  • More options will appear. Also check the Include Standard Claims option.
  • Click Save.
Step 10

Step 11

  • Under API (Enable OAuth Settings) click the Manage Consumer Details button.
  • Confirm your account access, if prompted
  • Take note of the Consumer Key and Consumer Secret for the Bread & Butter setup below.
Step 11

Step 12

(Optional) If you intend to enable Authorization Data to use Access Tokens and Refresh Tokens, please follow these steps to ensure that the Refresh Token settings are correct:

  • In the left menu, go to Apps > Connected Apps > Manage Connected Apps.
  • Click Edit for your App.
  • Ensure that Refresh Token Policy is not set to expire immediately. Instead set to Refresh Token is valid until revoked, or one of the other expiry time periods, depending on your internal policies.
Step 12

Step 13

Bread & Butter Setup:

  1. Go to
  2. Click Sign In and authenticate (or Sign Up make a new account and authenticate).
  3. Go to Settings in the left menu.
  4. Click on Salesforce under SSO Settings > Social Accounts.
  5. Select "Set Salesforce for Production".
  6. Enter a custom name and description.
  7. Enter the Consumer Key from the Salesforce setup steps above.
  8. Enter the Consumer Secret from the Salesforce setup steps above.
  9. Click Save.
  10. Click the checkbox next to your new Salesforce provider to enable it.
Step 13