To create a Connected App in Salesforce, navigate to Setup | Platform Tools | Apps | External Client Apps | Settings.  Click on the New Connected App button under the Connected Apps section.  Under the Basic Information section, input the following information into the corresponding fields:

1. Connected App Name - For example, AdvoLogix Secured Login Integration.  
   • Using your keyboard, tab down to the next field.
2. API Name - This will auto-populate based on the information entered into the field above.
3. Contact Email - Input your email here.

Under the API (Enable OAuth Settings) section, enable the Enable OAuth Settings checkbox and input the following information into the corresponding fields:

2. Callback URL - Enter your Salesforce My Domain URL; it should be entered in the following format:  https://[salesforce my domain url]
3. Selected OAuth Scopes - Add the following scopes:
   • Access the identity URL service (id, profile, email, address, phone)
   • Full access (full)
   • Perform requests at any time (refresh_token, offline_access)

Once the Save button is selected, you will see the screen below.  Click on the Continue button.

On the page that opens, select the Manage button and then (on the next page) select the Edit Policies button.  Under the OAuth Policies section, select All users may self-authorize from the Permitted Users list and select the Save button.

Return to the App Manager and locate the newly created connected app in the list.  On the far right, click on the drop-down menu and select the View row action.

Under the API (Enable OAuth Settings) section, note the Consumer Key and Consumer Secret, which will be used in the next step.

To create an Auth. Provider in Salesforce, navigate to Setup | Settings | Identity | Auth. Providers and select the New button.  Input the following information into the corresponding fields:

1. Provider Type - Salesforce
2. Name - For example, AdvoLogix Secured Login Provider.
   • Using your keyboard, tab down to the next field.
3. URL Suffix - This will auto-populate based on the input entered into the field above.
4. Consumer Key - Enter the Consumer Key created in Step 1.
5. Consumer Secret - Enter the Consumer Secret created in Step 1.
6. Default Scope - Enter refresh_token full in this field.

Select the Save button, and on the next page, scroll down to the Salesforce Configuration section to copy the Callback URL value.

Navigate back to the App Manager menu and select Edit on the Connected App created in Step 1.  Update the Callback URL by pasting the value from above.  Once you select the Save button, you will see the screen below.  Click on the Continue button.

To create the Named Credential in Salesforce, navigate to Setup | Settings | Security | Named Credentials and select the New Named Credential button.  Input the following information into the corresponding fields:

1. Label - For example, AdvoLogix Secured Login Named Credential.  
   • Using your keyboard, tab down to the next field.
2. Name - This will auto-populate based on the information entered into the field above.
3. URL - Enter your Salesforce My Domain URL; it should be entered in the following format:  https://[salesforce my domain url]
4. Identity Type - Named Principal
5. Authentication Protocol - OAuth 2.0
6. Authentication Provider - Search and select the Auth. Provider created in Step 2.
7. Scope - Enter refresh_token full in this field.
8. Start Authentication Flow on Save - Check
9. Generate Authorization Header - Check
10. Allow Merge Fields in HTTP Header - Check

Select the Save button to continue.

To set up the  AdvoLogix Global Configuration, navigate to Setup >> Platform Tools >> Custom Code >> Custom Metadata Types.

1. Click on the Manage Records action link to the left of the AdvoLogix Global Configurations label.
2. Click on the Edit action link to the left of the My Org Named Credential label.
3. Enter the Named Credential API Name from the Named Credential created in Step 3.

Select the Save button.