Custom Salesforce Identity Provider

Last updated 07/12/2024

Step 1

Log in to Salesforce Developer site:

Step 2

Click on your account icon at the top right of the page, and select My Developer Account. If you don't see this option, skip to the next step.

Note: You may be asked to authenticate again.

Step 3

Click on the settings icon at the top right of the page, and select Setup.

Step 3

Step 4

In the left menu, go to Platform Tools > Apps > App Manager.

Step 5

Click the New Connected App button at the top right.

Step 5

Step 6

  • Enter your contact information.
  • For the name of your application, we recommend using your organization or company name.
Step 6

Step 7

Under API (Enable OAuth Settings), check the Enable OAuth Settings option.

Step 8

For the Callback URL, enter:

Step 9

For Selected OAuth Scopes, select and add the following:

  • Access unique user identifiers (openid)

If you need the user's Access Token by enabling Authorization Data in Bread & Butter, please also add:

  • Perform requests at any time (refresh_token, offline_access)

Note: If you enable Authorization Data without adding the above Scope, users will be blocked from logging in by Salesforce.

Step 9

Step 10

Uncheck Require Proof Key for Code Exchange (PKCE) Extension for Supported Authorization Flows.

Step 10

Step 11

  • Check the Configure ID Token option.
  • More options will appear. Also check the Include Standard Claims option.
  • Click Save.
Step 11

Step 12

  • Under API (Enable OAuth Settings) click the Manage Consumer Details button.
  • Confirm your account access, if prompted
  • Copy and save the Consumer Key and Consumer Secret for the Bread & Butter setup below.
Step 12

Step 13

(Optional) If you intend to enable Authorization Data to use Access Tokens and Refresh Tokens, please follow these steps to ensure that the Refresh Token settings are correct:

  • In the left menu, go to Apps > Connected Apps > Manage Connected Apps.
  • Click Edit for your App.
  • Ensure that Refresh Token Policy is not set to expire immediately. Instead set to Refresh Token is valid until revoked, or one of the other expiry time periods, depending on your internal policies.
Step 13

Step 14

Bread & Butter Setup:

  1. Go to
  2. Click Sign In and authenticate (or Sign Up make a new account and authenticate).
  3. Go to Settings in the left menu.
  4. Click on Salesforce under SSO Settings > Social Accounts.
  5. Select "Set Salesforce for Production".
  6. Enter a custom name and description.
  7. Enter the Consumer Key from the Salesforce setup steps above into the Application (client) ID field.
  8. Enter the Consumer Secret from the Salesforce setup steps above into the Client Secret field.
  9. Click Save.
  10. Click the checkbox next to your new Salesforce provider to enable it.
Step 14

Don’t use Bread & Butter? Want to learn more about how Bread & Butter solves the four biggest problems facing marketers today? Book a demo and see how Bread & Butter is helping marketers make the most of their first-party data