Blog Posts Downloadable Resources Step-by-Step Guides

Step by Step Guide to OAuth External Credential with JWT Bearer Flow & Google Service Account

/ Leave a Comment / Flows, Integration

Here is another guide in the series of guides that we have come up with on how to use different authentication protocols in External Credentials in Salesforce to authenticate with external systems.

(External credentials enable the safe and secure storage of authentication details for external systems. Configured through the declarative, point-and-click features of Salesforce, they significantly reduce the need for custom code that would otherwise be necessary to establish connections and authenticate with external systems.)

In this guide we will learn how to configure & use External Credential “OAuth JWT Bearer Flow” to integrate Salesforce with Google using Google Service Account. But before we dive into this guide, here is an overview of all the different authentication protocols that external credentials support.

Salesforce External Credential Authentication Protocols – Lay of the Land

External Credentials in Salesforce support different authentication protocols to suit diverse requirements. The diagram below shows the lay of the land regarding the various authentication protocols available within external credentials.

In this post, we will learn how to use the OAuth JWT Bearer Flow (highlighted by the red arrow in the image below).

Salesforce External Credential Authentication Protocols Overview

Begin with the End in Mind

In this guide, we will walk you through creating a Screen Flow (with data table) to display a list of files from Google Drive using the Google Drive API. We’ll use a Google Service Account for authentication and leverage Salesforce’s Named Credentials and External Credentials features to establish a seamless connection with Google. Once you understand how to integrate Salesforce with Google Drive, you can build upon this knowledge to integrate with other Google products, such as Gmail, Google Calendar, Google Drive, etc.

Here is how the final output in screen flow will look like:

Display List of Files from Google Drive in Salesforce Flow

Google Service Account for Enhanced Security

A Google Service Account is a special Google account used for secure access to Google APIs. It’s particularly useful when you want external applications or services to interact with Google services on your behalf without compromising your personal Google Account.

Creating a Google Service Account ensures controlled and secure access to Google services for various use cases. If you’re a Google Workspace user, you can also utilize this account to perform activities on behalf of other users in your Google Workspace Domain.

Real-World Example

Here’s a real-world example. In one of our projects, we used a Google Service Account to send emails from Salesforce using the Gmail API for a client who needed to send more than 5000 emails per day. Using a Service Account eliminated the need for each user to manually authenticate and authorize Salesforce with Google.

OAuth External Credential with JWT Bearer Flow Configuration Components

Here is a visual representation of all the components that need to be configured for the OAuth JWT Bearer Flow. While this may seem like a lot (and it is), don’t worry. I have you covered with an exhaustive, step-by-step guide complete with screenshots, so that you don’t get lost.

OAuth External Credential with JWT Bearer Flow Configuration Components

And here is a visual representation of the flow between Salesforce & Google.

Here is the overview of steps we are covering in this guide. Step by step, with screenshots.

  1. Create Project in Google Cloud
  2. Enable Required APIs in Google Cloud Project
  3. Create Google Service Account
  4. Generate Java Key Store (JKS) File
  5. Upload JKS File to Salesforce
  6. Create External Credential
  7. Create Named Credential
  8. Create/Update Permission Set
  9. Create Screen Flow with HTTP Callout
  10. Test the Flow

NOTE: Certain sections of the guide will appear as locked in the free preview. You can download the unlocked version of the guide in PDF format by subscribing to our “All Access” Pass through the link below.

download pdf [ALL ACCESS PASS MEMBERS]

Not an “All Access” Pass Member Yet?

Get Download Access to this & 150+ More Step-by-Step Guides with “All Access” Pass. A simple and single plan to access our entire library of courses, guides, workshops & masterclasses on Salesforce.

Check DETAILSSubscribe now

References & Useful URLs

Other Related posts:

  1. Step by Step Guide to OAuth External Credential with Browser Flow (Per User Principal) & Google
  2. Step by Step Guide to OAuth External Credential with Client Credentials with Client Secret Flow
  3. Step by Step Guide to No Authentication External Credential in Salesforce
  4. Step By Step Guide To Setup Einstein Activity Capture with Google Service Account
  5. Step-By-Step Guide To External Account Hierarchy in Salesforce

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to Top
Introducing All Access Pass
Check Details
SUBSCRIBE NOW