Named Credentials Superbadge Unit
Configure named credentials for secure authentication with an external system.
Named Credentials Superbadge Unit
What You'll Be Doing to Earn This Superbadge
- Securely store external credentials.
- Configure named credentials to make a callout.
Concepts Tested in This Superbadge
- External Credentials
- Named Credentials
Prework and Notes
Sign Up for a Developer Edition Org with Special Configuration
To complete this superbadge unit, you need a special Developer Edition org that contains special configuration and sample data. Note that this Developer Edition org is designed to work with the challenges in this superbadge unit.
-
Sign up for a free Developer Edition org with special configuration.
Fill out the form. For Email address, enter an active email address.
After you fill out the form, click Sign me up.
When you receive the activation email (this might take a few minutes), open it and click Verify Account.
Complete your registration by setting your password and challenge question. Tip: Save your username, password, and login URL in a secure place—such as a password manager—for easy access later.
You are logged in to your superbadge Developer Edition org.
Now, connect your new Developer Edition org to Trailhead.
Make sure you’re logged in to your Trailhead account.
In the Challenge section at the bottom of this page, select Connect Org from the picklist.
On the login screen, enter the username and password for the Developer Edition org you just set up.
On the Allow Access? page, click Allow.
On the Want to connect this org for hands-on challenges? page, click Yes! Save it. You are redirected back to the Challenge page and ready to use your new Developer Edition org to earn this superbadge.
Sign Up for a MuleSoft Anypoint Platform Account
To complete this superbadge unit, you need an app that will be hosted on the MuleSoft Anypoint Platform. In order to complete the hands on challenge, you will connect this app to the Developer Edition org.
Register on the Anypoint Platform.
If you already have an account, proceed to the Use Case section.
Fill out the form. For Email, enter an active email address.
After you fill out the form, click Sign me up.
Authenticate your account via the email link sent.
Now that you have a MuleSoft Anypoint Platform account and a Salesforce org with special configuration for this superbadge unit, you’re good to go.
Tips
Enter all labels exactly as described in the instructions. Labels are case-sensitive and spelling counts.
When possible, copy and paste the label names from superbadge instructions instead of typing them.
Make sure you save your work before running the challenge check.
Build your solution according to the requirements; adding more configurations can cause challenge checks to fail.
We recommend following best practices and always including descriptions for configurations. However, we’re not checking for descriptions in this superbadge unit.
Use Case
The Max Environmental Science Institute (MESI) consistently equips its researchers and students with state-of-the-art technologies for their experiments and fieldwork. A key aspect of this strategy is leasing cutting-edge equipment from Research Guardian (RG), a company that offers specialized equipment for various scientific applications. The RG catalog contains a large amount of patented and proprietary technology, which it leases to universities, contractors, and other researchers. MESI’s Natural Sciences department has recently secured funds for its ongoing research into sustainable natural resource management, including land, water, and wildlife research. This research makes use of custom tools from RG.
The full RG tool inventory is stored in a system that can be securely accessed through an application programming interface (API). In order to comply with the patent application process, API activity is tracked as an asset within the MuleSoft Anypoint Platform. To utilize this API, you must register an application in Anypoint Platform's developer portal.
- Visit Anypoint Exchange Portal.
- Log in with your MuleSoft Anypoint Platform username and password.
- Click the Integration Security tile.
- Navigate to the Home page.
- Click the Request Access button.
- Choose the v1:18886395 API Instance and opt to create a new application.
- Assign any Application Name.
- Once created, note the Client ID and Secret, as they're crucial for authentication with RG.
Business Requirements
Configure External Credentials
MESI uses a secure method to store credentials. It uses these credentials to authenticate with the RG system. Configure an authentication solution to securely store these credentials so they can be rotated and maintained in the future. Define the authentication configuration as Secure Research
and the API name as Secure_Research
.
RG’s API design supports a custom authentication protocol. The users authenticating with these credentials should have access only to the infrastructure library. Add a parameter named Infra Collection
to securely store the required input parameters to authorize with RG’s system. Name the authentication parameters client_id
and client_secret
. Assign the client ID and secret values of the MuleSoft application, respectively. Then configure this setting so these custom authorization headers can be included in the request to RG and dynamically adapt to new credentials when rotated.
Next, as best practice, make sure only teams that have contracted with RG can make requests. For now, add yourself and Natanael Sitti of the research team in the Natural Resource Management department as two people who can authenticate with these credentials. Include the User External Credentials object permission so that the users can create and update the credentials tokens of the authenticated users that will be used by named credentials. Use the label ExtCred - MuleSoft
and the API name ExtCred_MuleSoft
for this configuration. Add this configuration to a permission set group and name it Research Guardian Credentials
(API Name Research_Guardian_Credentials
).
Configure Named Credentials
Configure a solution to define the additional settings to use RG’s API. Use the name Research Guardian
and API name Research_Guardian
to specify the root endpoint as https://integration-security-proxy-33i1n3.5sc6y6-4.usa-e2.cloudhub.io
. Associate this solution with the authorization credentials created earlier. Adjust the settings so that when the credentials are rotated, the requests can dynamically adapt the new credentials. As per RG’s API security policy, authorization headers are not supported. The company must also verify that the requests are made by a partner it has contracted with.
Create a self-signed certificate named ResearchCallout
to digitally sign the requests to RG to comply with its policies. The certificate should be valid for up to 1 year. To safely store the certificate to the keystore, make sure the private key is included with the certificate upon download. Secure requests to RG's system by using this certificate as a digital signature.
Finally, update the ResearchServiceController Apex class to request an inventory of specialized tools from its collection using the /equipments
path. With this setup, MESI will be able to access RG’s catalog of resources.
Tip: To confirm a successful connection, check debug logs when executing processEquipmentsRequest() anonymously in the Developer Console.