These instructions were created with a production Salesforce instance. Where they differ from a sandbox instance will be called out specifically.
Unlike Microsoft 365 or Google Workspace, Caddi does not provide a pre-registered “standard” Salesforce connector. Every organization must configure its own custom OAuth app in Salesforce. This approach gives your IT team full control over scopes, security policies, and lifecycle management of the app.
This guide walks you through the steps to create and configure the required app in Salesforce, then connect it to Caddi.
The setup must be performed by an admin with App Manager permissions.
All instructions were validated against a production Salesforce instance; where sandbox configuration differs, the guide explicitly calls it out.
Terminology note: when a checkbox setting is mentioned, “enabled” means checked and “disabled” means unchecked.
Once complete, Caddi will use your custom OAuth app to securely access Salesforce data within the limits of the permissions you define.
Oauth App Setup In Salesforce
This process requires having App Manager permissions in Salesforce. Several admin-level permissions profiles/permission sets provide this by default, such as System Administrator.
When an instruction relates to a checkbox, the wording enabled and disabled will be used to reflect the checked and unchecked states respectively.
Login to your Salesforce instance
In the upper right, click the gear icon (⚙️) and then
Setup
In the setup page’s left sidebar, expand
Appsand then click onApp Manager
4. On the App Manager page, click the New Connected App button in the upper right
5. Select Create a Connected App and click Continue
Salesforce may prompt you to switch to Classic View at this point - if so, it is not a problem and you should click the button to switch.
Configure the application settings
Fill out the application information with the following:
Connected App Name:
Caddi AuthAPI Name:
Caddi_Auth(Salesforce will auto-generate this for you)Contact Email and Phone are optional. Provide your contact information or the information for your IT department if filled.
Logo Image URL and Icon URL are optional, however we recommend using our logo:
https://assets.www.trycaddi.com/logo/CaddiLogo.pngDescription:
Oauth application for [trycaddi.com](<http://trycaddi.com>)Enable OAuth Settings: enabled ✅. After enabling, a new set of information will appear
Enable for Device Flow: leave disabled
Callback URL: enter the following URL
https://app.trycaddi.com/oauth-callback
Selected OAuth Scopes: you must enable the following scopes:
Access the identity URL service (id, profile, email, address, phone)Access unique user identifiers (openid)Perform requests at any time (refresh_token, offline_access)
For platform interaction permissions, there are two options depending on your preferences:
(Recommended) Add the
Full access (full)scope to cover everythingIf you do not wish to use full, select the following scopes and use the
Addbutton to move them into the Selected OAuth Scopes columnAccess custom permissions (custom_permissions)Access the Salesforce API Platform (sfap_api)Manage user data via APIs (api)
If your organization's security requirements dictate using other scopes, please reach out to Caddi to confirm that they will work.
Require Proof Key for Code Exchange (PKCE): enabled ✅
Require Secret for Web Server Flow: enabled ✅
Require Secret for Refresh Token Flow: enabled ✅
All other configuration on this page should be left disabled and/or empty.
Click
Saveat the bottom of the page and thenContinueon the next page
Your app overview should look similar to this now:
Configure the application policies
This process takes place from the new app’s main page. If you are not on the correct page, navigate to the App Manager and click the far-right dropdown arrow for the Caddi Auth application, then click View
Click the
Managebutton at the top of the application’s page
2. On the next page click the Edit Policies button at the top of the page
3. In the IP Relaxation dropdown, select Relax IP restrictions
4. For Refresh Token Policy select Refresh token is valid until revoked
5. Leave all other settings blank/default and click Save at the bottom of the page.
Org-level settings
This process takes place from the Session page. If you are not on the correct page, navigate to Setup and locate the "Security" section. Open that section, and locate the "Session Settings".
Navigate to
Session Settingsfrom the Setup viewUnder the
Session Settingsheader, disableLock sessions to the domain in which they were first used
3. Click Save at the bottom of the page
Generating client ID and client secret
These values are sensitive - NEVER send them to anyone via email or instant messenger. Use a password manager or other secret management tool to share these values securely if needed.
Return the the new connected app's settings view (Apps > Apps Manager, locate
Caddi Authand click the triangle on the right and click "View"), clickManage Consumer DetailsYou may be asked to provide a verification code to Salesforce
On the next page you will see values for
Consumer KeyandConsumer Secret- these are the client ID and client secret, respectively.
3. These values will be used in the next step. You do not need to save them anywhere for this, and should not paste them into notes, documentation, or other areas. These values are sensitive and should be treated like passwords - if you do wish to save or share them, use a password manager or other secure method to do so.
If there are no values or you have accidentally shared these in an insecure way, use the Generate button to create new values. Note that if you apply new generated values, you will have to re-configure your application in Caddi with them.
Application Setup in Caddi
Now that the app is configured in Salesforce, it can be added to Caddi.
This step must be completed by an organization owner or admin.
Navigate to https://trycaddi.com and log in
On the left, select the
Integrationsoption
3. Click on the Integrations Setup tab at the top of the page.
* This option only appears for admins and owners.
4. Scroll down to the Salesforce integration and click the Configure button to expand the options.
5. Enter in the information for your Salesforce application
Client ID- this is theConsumer Keyvalue outlined in the Generating client ID and client secret section aboveClient Secret- this is theConsumer Secretvalue outlined in the Generating client ID and client secret section abocveScopes- varies depending on your scope selection during app setupIf you used the recommended
fullscope, leave this box empty.
If you used the alternative scopes outlined above, enter
openid id refresh_token offline_access custom_permissions sfap_api api
If you used a different set of scopes that is outlined in this documentation, you will need to enter all of their names here. You must include
openid id refresh_token offline_accessregardless of other scopes.
Sandbox Environment- (Optional) if the app is configured in your Salesforce Sandbox environment, enable this toggleIf this is enabled, a new
Instance URLinput will become visible. For this input use the URL you use to login to your sandbox environment, e.g.https://mysalesforceorg--dev2025.sandbox.my.salesforce.com/
6. Click the Save Configuration button
7. You should now see your newly-created connection at the top of the page in the Configured Enterprise Connectors section:
8. Go back to the My Connections tab at the top of the page, and on the connections page locate the Salesforce integration then click the Connect + button.
9. You will be directed to a Salesforce login page. Enter your information and login.
10. (First time authorizing only) After clicking login you will be directed to a page confirming the access the Caddi Auth app is requesting. Click Allow
11. You will be directed back to the Caddi app and should see a green popup indicating the connection was successful, and the Salesforce integration will appear in the top Connected Applications section.
You are now ready to automate Salesforce!