Use Connected Apps with OAuth Policies

Important: Nintex DocGen package releases 21.2 or newer have Connected Apps enabled by default. In order to run a DocGen Package, users must first authorize their Salesforce account.

Nintex DocGen supports Salesforce authorization and authentication through Connected Apps. Since Connected Apps is now enabled by default in Nintex Admin, administrators can configure security policies that give them greater control over who can access the system and how users authenticate their credentials during a package run. Additionally, there are features such as dynamic image replacement with Rich Text fields and generating documents from Salesforce Reports that require Connected Apps to function properly.

Users can authorize their accounts using one of the following methods:

  • Admins can send an authorization link to users via email and users can click the link to authorize their account. Users only need to do this once.

  • Users can also authorize their account by clicking the Authorize and Run button in the Lightning component. This process mirrors how authorization worked previously with DocuSign Individual Consent, except the button label has changed from “Authorize and Send to DocuSign” to “Authorize and Run.” As with the first method, users only need to complete this authorization once.

Note: Nintex DocGen is automatically added to Connected Apps in Salesforce when the Nintex DocGen package is first installed. You do not need to add Nintex DocGen manually.

Enable Connected Apps

Connected Apps can be enabled by an administrator by using the Connected Apps toggle in Nintex Admin.

To enable or disable Connected Apps and OAuth:

  1. Click the Nintex Admin tab.

  2. The Nintex Admin Home left navigation displays.

  3. Under Configuration, click Settings.

  4. In the Connected Apps and OAuth box, switch the toggle to Active to authorize and authenticate Connected Apps.

  5. Click Save to confirm the change.

    Caution: By default, Nintex DocGen is going to use the All users may self-authorize profile. Please refer to Use Connected Apps with OAuth PoliciesConfigure Policies for Permitted Users section for more information.

    6. Connected Apps has now been enabled for Nintex DocGen and you can integrate your connected apps with Nintex DocGen. Continue to use the same steps to authorize any other organizations, such as test or demo environments.

    Important: If the Permitted Users OAuth policy for Nintex DocGen for Salesforce is set to All users may self-authorize, enabling Connected Apps and OAuth will prompt all users to reauthorize when running a DocGen Package. Switching the setting to Admin approved users are pre-authorized will avoid this. If you are unable to change the setting, inform your users that they will need to manually reauthorize during document generation. For more information, see User Authorization Options via Salesforce Connected Apps

Configure Policies for Permitted Users

By enabling Connected Apps, administrators have the ability to use pre-configured OAuth policies in Salesforce for greater control over who can access and use Nintex DocGen. Configuring policies allows you to control access for a Nintex DocGen permitted user. For more information, see Manage OAuth Access Policies for a Connected App.

There are two OAuth policies configured for Nintex DocGen:

All users may self-authorize

By using this option you are allowing permitted Nintex DocGen users with the ability to self-authorize by logging into their Salesforce account.

If this option is selected:

  • When a permitted user runs a package they will click the Run or Authorize & Run button. This is going to trigger the document generation process and the user receives a pop-up asking them to authorize . This authorization process is done by the user logging into their Salesforce account.

  • Users need to click the Allow button in the authorization pop-up to authorize their account. Once they are authorized the user can run the document package as normal.

  • Administrators can log in or subscribe as the user and run a DocGen Package as that user.

Caution: If you have a user configured to run an automated process using Flow or other automation, the user will need to be authorized or the auto-run process will not complete.
Admin approved users are pre-authorized

By using this option administrators can determine which Profiles are authorized to use Nintex DocGen.

If this option is selected:

  • Users are pre-authorized and are not prompted to log in when running a package.

  • Auto-runs are not going to be interrupted as there is no need for users of automated user processes to authorize.

  • Allows users to be added in to Profile and administrators can choose selected users in the Profile to test run a package as that user.

To configure a policy for permitted Nintex DocGen users:

  1. From Setup, type "Manage Connected Apps" in the Quick Find box, then select Manage Connected Apps.
  2. Click Nintex DocGen for Salesforce. The Nintex DocGen for Salesforce page appears.
  3. Click Edit Policies.
  4. Under OAuth Policies, locate the Permitted Users field.
  5. Select All users may self-authorize or Admin approved users are pre-authorized from the Permitted Users drop-down list.
  6. Click Save.

    7. You have configured policies for your Nintex DocGen users.