Provide the login endpoint to initiate communication with the SaaS provider. For example, https://<instance>.salesforce.com. Replace <instance> with your actual Salesforce instance.

Also referred to as the Client ID, this is a client identifier issued to the client to identify itself to the authorization server.

The keystore used to encrypt the JWT payload.

Use the same keystore which contains the private key of the certificate (Public keys) uploaded in the Digital Certificate section on your Connected Apps in Salesforce.

This alias is the value that is used to sign the outgoing request from Integration Cloud to the authentication server. It is auto-populated based on the keystore selected in the JWT Keystore field. This field lists all the aliases available in the chosen keystore. You must provide a key alias to sign the JWT payload.

Expiration Time (mins) is the time after which the JWT token expires. The generated access token might be valid post expiration time as well.

This token is used for authentication and is issued by the Authorization Server. Salesforce REST APIs use OAuth 2.0. The access token is passed when you invoke any of the REST API endpoints and is valid for one hour. It is not affected by password changes. The client application is responsible for storing and protecting this token. You can manage the Salesforce REST connection by enabling the connection pool and session management.

If you have selected the OAuth V2.0 (JWT Flow) as the Authentication Type, Integration Cloud will get an Access Token using the JWT flow after you save the Account.

Also referred to as the Client Secret, this is a secret matching to the client identifier.

A token used by the client to obtain a new access token without involving the resource owner.

This is the provider specific URL to refresh an Access Token, for example, https://<instance>.salesforce.com/services/oauth2/token.

The number of milliseconds Integration Cloud waits for a response before canceling its attempt to connect to the back end. In case the network is slow or the back end processing takes longer than usual, increase the Response Timeout value. It is recommended to specify a value other than 0. If you specify 0, Integration Cloud will wait indefinitely for a response.

The number of times Integration Cloud attempts to connect to the back end to read a response if the initial attempt fails. If an I/O error occurs, it will retry only if you have selected the Retry on Response Failure option.

Whether Integration Cloud should attempt to resend the request when the response has failed, even though the request was sent successfully. Select this option if you want to re-establish the connection.

The number of minutes you want Integration Cloud to wait before terminating an idle session. The value should be equal to the session timeout value specified at the SaaS provider back end.

Select the alias name of the Integration Cloud trust store configuration. The trust store contains trusted certificates used to determine trust for the remote server peer certificates. You can also add a new Truststore from this field.

Select a hostname verifier implementation. Guards against man-in-the-middle (MITM) attacks. The default is org.apache.http.conn.ssl.DefaultHostnameVerifier, which will enable hostname verification. Select org.apache.http.conn.ssl.NoopHostnameVerifier to disable hostname verification.

Select the alias for the Integration Cloud key store configuration. This is a text identifier for the keystore alias. A keystore file contains the credentials (private key/signed certificate) that a client needs for authentication. You can also add a new Keystore from this field.

Alias to the private key in the keystore file specified in the Keystore Alias field. The outbound connections use this key to send client credentials to a remote server. To send the client’s identity to a remote server, you must specify values in both the Keystore Alias and the Client Key Alias fields.

Server Name Indication (SNI) is an extension to the TLS protocol by which a client indicates which host name it is attempting to connect to at the start of the handshaking process. Enable this option if the SaaS provider offers SNI-based TLS connectivity, and if you want to connect to an SNI enabled SAAS provider to send the host name specified in the Server URL field, as part of the TLS SNI Extension server_name parameter.

If you want to explicitly specify a host name to be included as a part of the SNI extension server_name parameter, in case the host name is other than the host name specified in the Server URL field, specify the host name value in the SNI Server Name field.

The keep alive interval in milliseconds defines the interval for which a connection will be kept alive, if the back end does not respond with a Keep-Alive header. A value > 0 keeps the connection alive for the specified value. The default value of -1 implies that the connection will be kept alive until a request fails due to a connection error.

Specify the grant type through which applications can gain Access Tokens and by which you grant limited access to your resources to another entity without exposing credentials. The Authorization Code grant type is used by confidential and public clients to exchange an authorization code for an access token. The Refresh Token grant type is used by clients to exchange a refresh token for an access token when the access token has expired.

The number of milliseconds that Integration Cloud will wait to obtain a connection with the SaaS provider before the connection times out and returns an error.

For example, you have a pool with Maximum Pool Size of 20. If you receive 30 simultaneous requests for a connection, 10 requests will be waiting for a connection from the pool. If you set the Block Timeout to 5000, the 10 requests will wait for a connection for 5 seconds before they time out and return an error. If the services using the connections require 10 seconds to complete and return connections to the pool, the pending requests will fail and return an error message stating that no connections are available.

If you set the Block Timeout value too high, you may encounter problems during error conditions. If a request contains errors that delay the response, other requests will not be sent. This setting should be tuned in conjunction with the Maximum Pool Size to accommodate such bursts in processing.

Default: 1000 msec

The number of milliseconds that an inactive connection can remain in the pool before it is closed and removed from the pool, if connection pooling is enabled.

The connection pool will remove inactive connections until the number of connections in the pool is equal to the Initial Pool Size. The inactivity timer for a connection is reset, when the connection is used by the Application.

This setting should be tuned in conjunction with the Initial Pool Size to avoid excessive opening and closing of connections during normal processing.

The general recommendation is to keep the Expire Timeout value equal to the Session Timeout value.

Default: 1000 msec

The idle timeout interval in milliseconds defines the interval for which a connection will be kept alive if it's not in use. A value > 0 keeps the connection alive for the specified value. The default value of -1 implies that the connection will be kept alive until a request fails due to a connection error.