/
Logging in

Logging in

You need to login to use SFDC Explorer. For flexibility and security you can choose to login to Salesforce with:

image-20251027-210912.png

  1. A connection string stored in the application config

  2. OAuth2 Authentication

  3. Salesforce CLI Integration Recommended

  4. An established Salesforce session using WIL Emulation

  5. OAuth2 with a JSON Web Token (JWT)

  6. Credentials and Token for the Salesforce Partner API Pending Removal This will be unavailable from Salesforce API v65.0. You can find more information here.

Load Saved Connection String

Connect using login credentials stored in the connection strings in the FuseIT.SFDC.Explorer.config file.

<connectionStrings> <add name="Example" connectionString="G4S:refresh token=YYB00TokenExampleBwENRKwCSZ;environment=mydomain.my.salesforce.com;connected app=SFDCExplorer" /> </connectionStrings>

Fields

  • Connection String: Contains the names of saved connections 

  • Connection Details: Shows the proprietary connection details of the selected string. The login credentials are not exposed.

Links

  • Edit Connection String: Allows you to edit the selected connection string.

  • Delete Connection String: Deletes the selected connection string.  

Buttons

OAuth2 Authentication

Connect to Salesforce via OAuth2 Connected App. Your username and password are never shared directly with the app. You can save the refresh token as a connection string.

You may face issues accessing Salesforce via the SFDC Explorer Connected app since restrictions were put in place for accessing uninstalled apps.

If you receive an OAUTH_APPROVAL_ERROR_GENERIC during the authorization process, contact your Salesforce Org Admin to install the connected app. For more information on why this occurs see Salesforce Help

Fields

  1. Environment: Typically either Production for a standard org or Sandbox for an environment where you usually login with http://test.salesforce.com

  2. Connected App: The Salesforce Connected App to use for accessing the selected org. The default, SFDC Explorer Connected app is recommended. This connected app allows authentication without requiring a consumer secret. FuseIT does not distribute connected app secrets and reserves the right to revoke public use of these apps at any time.

  3. Access Token: The session token returned by the OAuth process.

  4. Instance URL: The server URL that the access token is valid on 

  5. Refresh Token: Can be used to re-establish an expired session without needed to prompt for credentials again. Can be stored in a connection string.

Buttons

  • Login: Attempts to log into Salesforce Instance URL using the Access token.

  • Start OAuth: Open the Login URL of the selected environment to begin the Authorization flow and retrieve the required tokens for login.

  • Save Refresh Token: Save the refresh token as a connection string in the application config. This persists the token after SFDC Explorer is closed. You can then select the connection string using https://fuseit.atlassian.net/wiki/spaces/FSE/pages/12419076/Logging+in#Load-Saved-Connection-String.

Creating a custom Connected App

If required, you may add a customized Connected Ap in the connection strings in the FuseIT.SFDC.Explorer.config file.

<connectionStrings> <!-- Custom OAuth2 Connected App credentials may also be added here. --> <add name="Example_Connected_App" connectionString="OAUTH2:key=connectedAppId;secret=optionalSecret" /> </connectionStrings>

The secret and environment values are optional, omit them entirely if not used. If provided the environment must be a subdomain of salesforce.com. The name value can be set as desired to uniquely identify the app. Ideally avoid whitespace and special characters for maximum XML readability when generating refresh token connection strings, but this is not mandatory.

Only connected apps that provide refresh tokens are supported, to allow generated connection strings to be used in non-interactive/server processes. These use the standard /services/oauth2/token endpoint to request an access token that will be used for the duration of the session.

Custom Connected apps should:

  1. Support the api, refresh_token and web scopes.

  2. For the purposes of authorization via SFDC Explorer, allow suitable callback URL(s).

    1. https://login.salesforce.com/services/oauth2/success for production and developer environments.

    2. https://test.salesforce.com/services/oauth2/success for sandbox environments.

    3. https://(environment)/services/oauth2/success if the environment setting is defined in the OAuth2 Connected App connection string.

  3. Support self-authorization.

  4. Generate a Refresh Token.

  5. Allow authentication without a secret if this is to be omitted from the connection string.

Salesforce CLI Integration

Connect to Salesforce through the Salesforce Command Line Interface (CLI) installed on your local machine.

Fields

image-20251027-221230.png

  • Name: The organization name for Scratch Orgs or Alias for other organization types.

  • Username: The salesforce user that was used for login to the Salesforce Organization.

  • OrgId: A unique identifier for the salesforce organization.

  • Alias: User friendly name for easy reference and access.

  • Global Default: This organization is used for login via the Salesforce CLI when no organization is specified.

  • Status: Describes the state of the connection and organization.

Buttons

image-20251027-221156.png

  • New Org: Opens your browser at the default Salesforce CLI instance URL to prompt you for login. (Same as sf login web from the CLI)

  • Refresh Orgs: Requests the list of organizations available in the Salesforce CLI (Same as sf org list from the CLI).

    • Refresh with Status: Requests the list of organization including the connections status.

  • Login: Opens a session of Salesforce in SFDC Explorer using the selected organization.

  • Open in Browser: Opens a session of Salesforce in your browser using the selected organization.

  • Show Columns

    • Show Status: Include the connection status of organizations in the list. It will execute a ‘Refresh with Status’ in the background if the status has not already been fetched from the Salesforce CLI.

    • Show Global Default: Include the Global Default of organizations in the list.

Context Menu

image-20251027-221114.png

  • Re-Authorize: Login in to an existing organization to refresh expired credentials.

  • Remove: Use the Salesforce CLI to logout of the organization and remove it from the available list.

Other Functions

  • Filter: Only show organizations in the list that include the entered text in any field.

  • Sort: Click on the field header to sort the organization list by that field.

Authorizing Organizations

Adding or Re-Authorizing an organization through the Salesforce Organization will present the Authorization Command Dialog. This allows you to edit the organization details before running the CLI command and will allow you to cancel the command if the process fails for any reason.

image-20251027-223210.png

WIL Emulation

Use this tab if you have an existing Salesforce session, such as a tab in a web browser, and want to connect to the same session.

  1. Session Id
    The Salesforce session id. Appears in the sid cookie and via UserInfo.getSessionId() . Often interchangeable with the OAuth 2.0 access_token. 

    Use the "Apex for SessionId" button to get anonymous apex that you can run in the developer console to extract the current session id.

     

  2. Server URL
    The Salesforce instance that the session id belongs to. It can be derived from the Session Id if the org hasn't been migrated from one instance to another.

JWT Bearer Flow

Connect to Salesforce via JWT Bearer Flow. The access token returned can be saved as a connection string. Requirements:

  1. Consumer Key
    Consumer key for the connected app of the org we are connecting to

  2. Username
    Username to login with. It must belong to a pre-authorized profile for the connected app

  3. Certificate
    The subject of the certificate that was used to sign the connected app. This 

  4. Endpoint URL
    The endpoint of the org we are connecting to. Should end with “.../services/oauth2/token”

  5. Environment
    Choose 'Production / Other' for standard orgs or 'Sandbox' for orgs that login with test.salesforce.com

A detailed guide on how to set up the JWT Bearer Flow is available here

 

Partner API Login

Use this tab if you want to connect with username and password credentials. Consider using the OAuth Login if you don't want to expose your credentials to the app.

  1. Username
    Salesforce username as used to sign into the Web UI 

  2. Password
    Salesforce password as used to sign into the Web UI

  3. Security Token
    An additional token generated by Salesforce for use with API access. Salesforce emails the security token to new users. Changes to the password will change the security token. 
    See Resetting Your Security Token(if you need to reset it be aware that other applications using the API may be affected)
    It will be required unless your current IP address is listed as trusted under Network Access (Salesforce → Setup → Administer → Security Controls → Network Access).

  4. Client Id
    This is the client identifier that appears in the call options header. It is only required if working on a certified app that requires API access to professional and group edition orgs.

  5. Environment
    Typically either Production for a standard org or Sandbox for an environment where you usually login with http://test.salesforce.com

The following fields are only required if you are attempting to connect to Salesforce through a proxy - they are made visible by ticking the Proxy Settings checkbox (see screenshot above).

  1. Proxy Server
    Server name or IP address of the proxy.

  2. Proxy Port
    The port number of the proxy.

  3. Proxy Username:
    The username to be used when connecting to the proxy.

  4. Proxy Password: 
    The password to be used when connecting to the proxy.

  5. Proxy Authentication Scheme:
    The authentication method to be used for the proxy.

  6. Proxy SSL Type: 
    The SSL type for the proxy.

Use the "Create New Connection String" button to save the current details in the .config file. These can then be quickly accessed via the Load Saved Connection String tab or the Connection dropdown in the menus.