This article explains how to create a Salesforce connector in Keepit. Before you start, you'll set up the Salesforce user Keepit will authenticate with. The Managed Package supporting the External Client App is installed as part of the connector creation process.

About the External Client App

To connect Keepit to your Salesforce organization, you install a small managed package called the External Client App (ECA). This package handles the OAuth authentication between Salesforce and Keepit, replacing the older Connected App setup method that Salesforce is phasing out.

The package contains two components:

• External Client App — establishes the secure OAuth connection that allows Keepit to access your Salesforce data.
• Permission Set — grants the permissions required to run backup and restore operations.

The permission set includes the following permissions:

Before you begin

Supported Salesforce editions

Keepit requires API access to back up and restore data and metadata. API access is supported in the following Salesforce editions:

• Professional Edition (with API access enabled)
• Enterprise Edition
• Unlimited Edition
• Performance Edition
• Einstein 1
• Developer Edition

Required roles

• System Administrator profile in Salesforce.
• Master Admin or Backup Admin role in Keepit.

Step 1: Create a Salesforce user for Keepit

Keepit requires a Salesforce user account with administrative privileges to back up and restore data and metadata. We recommend creating a dedicated user rather than using an existing account.

1. In Salesforce, go to Setup > Users > New User.

2. Enter a name, email address, and a unique username. For example: Keepit.

3. Assign a Salesforce user license.

4. Assign the System Administrator profile.

5. Select Save. Salesforce sends a password setup email to the user.

6. Set a password for the user.

Note Use the standard System Administrator profile or a custom profile with the same level of access. The user must have the API Enabled permission in Salesforce.

Step 2: Install the managed package and create the connector

1. In Keepit, go to Connectors and select Add connector > Add Salesforce connector.

2. Select the environment: Production or Sandbox.

3. Select Install. Keepit installs the managed package in your Salesforce organization.

Note: If you've previously installed the package in this organization, select Skip this step. If you are setting up a sandbox that has been created or refreshed, do not skip this step — reinstalling is required to reestablish the connection.

4. Once the package is installed, assign the Keepit Backup Admin permission set to the user you created in Step 1:

a. In Salesforce, go to Setup.

b. In the Quick Find box, enter Permission Sets and select it from the results.

c. Locate the Keepit Backup Admin permission set.

d. Select Manage Assignments, then select Add Assignments.

e. Select your Keepit user and select Assign.Confirm the assignment is saved.

5. Return to the Keepit connector setup screen and continue.

6. When prompted, sign in with the Salesforce user that has the Keepit Backup Admin permission set assigned.

Note: If your organization uses a custom Salesforce domain, select Use Custom Domain on the sign-in screen before signing in.

7. Review and approve the permission request on the Salesforce authorization screen.
Once authorized, Keepit returns you to the connector configuration screen.

Step 3: Configure the connector

On the connector configuration screen:

1. Configure your connector.

• Change the name of the connector.
• Configure API request usage by moving the toggle bar.
• Manage user access to the connector by selecting the lock icon in the lower-right corner.
• Set a custom retention period by selecting the calendar icon in the lower-right corner.

2. Select Start backup. Keepit schedules the first backup.

Set up restore target organizations

Important: This section is required if you plan to restore data to a Salesforce organization other than the one you're backing up from.

The ECA package must be installed and the Keepit Backup Admin permission set assigned in every Salesforce organization you want to restore data into. This applies to sandboxes, developer orgs, and separate production organizations.

For each restore target, repeat the full setup:

1. Install the ECA package using the same installation link from the Keepit connector setup flow.

2. Assign the Keepit Backup Admin permission set to the authenticated user in the target organization.

3. Authorize a connector for the target organization in Keepit.

Common scenarios that require this:

• Restoring production data into a sandbox for testing or validation.
• Restoring data into a developer org.
• Disaster recovery testing in a separate Salesforce organization.
• Data migration between two production organizations.

Troubleshooting

Package installation fails or shows an error

• Confirm you're logged in as a System Administrator in Salesforce.
• Check that your Salesforce organization allows managed package installation. Some organizations restrict this under security settings.

Permission set isn't visible after installation

• Wait a few minutes after installation. Salesforce may take time to make new items visible.
• Search for Keepit Backup Admin by name in the Permission Sets list.
• If it still doesn't appear, go to Setup > Installed Packages and confirm the Keepit package status shows Installed.

Authorization fails or returns an error

• Confirm the user has the Keepit Backup Admin permission set assigned before attempting authorization.
• Confirm the user has the API Enabled permission in their Salesforce profile.
• Check that the user can sign in to Salesforce normally.

Connector shows as disconnected after setup

• Verify the Keepit Backup Admin permission set is still assigned to the authenticating user.
• Check whether the user's password or MFA settings have changed since authorization.
• Select Reauthenticate on the connector in Keepit to reauthorize the connection.