In this mode the extension connects as a Connected App, this is the recommended method of authentication and no user password is required.
Technically, the app implements the OAuth 2.0 JWT Bearer Flow
Dynatrace will ask for:
- The Consumer Key of the Connected App
- The Private Key of the Connected App
- The Subject of the JWT token, this is the username of a user that is part of a Profile in the Connected App
Requirements
openssl
(for generating the certificate, not needed if you already have a certificate and private key)
Note, on Windows if you have git
installed you should also have a copy of openssl.
It would be under a directory like C:\Program Files\Git\mingw64\bin
depending on your installation.
You can read more about the OAuth 2.0 JWT Bearer
Flow here
Certificate
The connected app must have a certificate.
We later authenticate with Salesforce using this certificate's private key
This command generates a certificate and a private key:
openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out cert.pem
The cert.pem
file will be later added to the Connected App.
The key.pem
file will be used by Dynatrace to authenticate with Salesforce.
Create the Connected App
In Salesforce Lightning:
- Go to Setup > Apps > App Manager
- Select New Connected App
Give the app a name and add the contact email. Under API (Enable OAuth Settings)
:
- Check Enable OAuth Settings
- The Callback URL is not used, you can input
http://localhost
- Check Use digital signatures
Upload the cert.pem
file generated above under Use digital signatures
.
Under Selected OAuth Scopes, Add these scopes:
- Manage use data via APIs (api)
- Perform requests at any time (refresh_token, offline_access)
Leave all other settings as default and click Save.
The Connected App screen should look like this (with your name, email and certificate):
OAuth policy
Now set up the OAuth Policy permitted users.
On the connected app page, select Manage, then Edit Policies.
Under OAuth Policies select Admin approved users are pre-authorized.
Click Save.
Approved users
Identify users that can use the app.
This is done by adding Profiles to the Application Profile Assignment list.
One the connected app page, under Profiles, click Manage Profiles.
Add profiles that can use the connected app.
Note: Later, any username from these profiles can be used as the Subject
when configuring the extension.
Note that the profile needs the permissions:
General User Permissions
View Real-Time Event Monitoring Data
Administrative Permissions
Customize Application
View All Data
Please check the needed permissions
documentation here