With this step-by-step guide, you'll be able to install the Akeneo PIM for Salesforce package in no time.
Requirements Check
Before installing the Akeneo PIM for Salesforce package, ensure that your Salesforce org meets the system requirements and the Akeneo system requirements. For more information on the compatibility, please see the App Compatibility.
Package installation
The package installation is completed using a secure installation link provided by the Akeneo teams.
Obtain the Installation Link
To receive your installation link, you can request it through one of the following channels:
- Via the Salesforce AppExchange: Submit a request for the package on the official Akeneo AppExchange listing
- Via your Akeneo Representative: Contact your Customer Success Manager (CSM) or Account Executive directly
Installation Procedure
Once you have received the link via email, follow these steps:
- Open the link in your web browser
- Log in to the specific Salesforce Organization (Production or Sandbox) where you intend to deploy the app
- Run the Installation: The Salesforce setup interface will appear automatically. Choose your preferred security level (e.g., Install for Admins Only) and confirm
- Confirmation: After the process starts, Salesforce will send you a confirmation email as soon as the package is fully installed and ready for configuration
After the installation process is complete, you may need to perform additional steps to configure the Akeneo App.
Akeneo Custom App creation
The process starts by creating a new Custom App in Akeneo.
- Navigate to Akeneo
- Click Connect in the menu
- Select App Store
- Click Create an App
Enter the App details and click Create
The Activate url and Callback url have to be exactly as shown. The Name can be changed to any name.
In the next screen, take note of the Client id and Client secret and click Done
Make sure to copy and save the Client id and Client secret as they will be required in a later stage on Salesforce.
Salesforce connection configuration
This part walks you through setting up the connection between Akeneo PIM and Salesforce.
Depending on your package version and your needs, you will configure the Akeneo API connection (required for all data transfers) and/or the Salesforce Self-callout (optional, used for picklist value synchronization).
Which section do I need?
To find out which configuration path to follow, look at your Akeneo PIM App home page in Salesforce:
- You are using version 3.0 or higher (you see the "Connector Setup" card):
- Follow Part A: Set up Akeneo from the home page
- The in-app setup (Part A) cannot finish or fails:
- Use Part B: Manual fallback for Akeneo as a backup solution
- You are using an older version (below v3.0) (no "Connector Setup" card and no packaged Akeneo External Credential):
- Follow Part D: Auth. Provider approach
What's new in v3.0?
Current package versions now include the pre-packaged Akeneo Named Credential, External Credential, and External Auth Identity Provider. This allows you to complete your connection seamlessly right from the app home page.
Automated Picklist Synchronization (v3.0+)
If you want the app to automatically create or update local Salesforce picklist dropdown options (like new colors or sizes) when they are added in Akeneo, you must also deploy the Salesforce Self configuration. To understand why this loopback is used and how to set it up step-by-step using modern External Client Apps, see our dedicated guide: Configuring Salesforce Self for Picklist Synchronization.
Set up Akeneo from the home page (recommended)
This is the easiest path. The connector wires the packaged Named Credential, External Credential, and External Auth Identity Provider for you.
In Salesforce, open the Akeneo PIM App home page. On the Connector Setup card, click Set Up under Configure Akeneo Credentials.
Enter your Akeneo base URL, Client ID, and Client Secret retrieved when creating the Custom App in Akeneo, then click Continue.
When Salesforce redirects you to Akeneo, authorize the connector. Complete this in the same browser session.
You need to grant all the requested permissions
After the Akeneo authorization returns to Salesforce, open Setup > Security > Named Credentials.
Click on the Named Credentials tab and select Akeneo. Make sure the Enabled for Callouts checkbox is checked. If it is off, switch Enabled for Callouts on, and save. Salesforce can turn callouts off after managed-package code updates the endpoint, so always check this before transfers.
Back on the Connector Setup card, click Grant Access so the user that runs transfers can use the packaged credentials.
When Set Up, Enabled for Callouts, and Grant Access are all complete, you are done - skip Part B: Manual fallback for Akeneo
Manual fallback for Akeneo
Use this only if the in-app Set Up on the home page does not complete. You already have your Akeneo base URL, Client ID, and Client Secret (the same values you would enter on the home page). The packaged Akeneo Named Credential, External Credential, and External Auth Identity Provider already exist in your org. Replace their placeholder URLs, credentials, and custom request parameter values, then authenticate the existing Default principal. Do not create duplicate Salesforce credential records.
Named Credential URL Replacement
Go to Setup > Security > Named Credentials. Open the packaged Akeneo named credential, replace the placeholder URL with your Akeneo domain, confirm the External Credential is “Akeneo”, and make sure Enabled for Callouts is on. If it is off, edit the record, switch it on, and save before testing transfers.
Enter the External Auth Identity Provider data
On the External Auth Identity Providers tab, open the packaged Akeneo provider. Enter your Akeneo Client ID and Client Secret, and replace the placeholder Authorize URL and Token URL with your Akeneo domain:
https://<your-akeneo-domain>/connect/apps/v1/authorize
https://<your-akeneo-domain>/connect/apps/v1/oauth2/tokenGenerate the two Akeneo custom request parameter values in Salesforce Developer Console (Debug > Open Execute Anonymous Window). Use the same Akeneo Client Secret:
String clientSecret = 'your-akeneo-client-secret';
String codeIdentifier = EncodingUtil.convertToHex(Crypto.generateAesKey(128));
String codeChallenge = EncodingUtil.convertToHex(
Crypto.generateDigest('SHA-256', Blob.valueOf(codeIdentifier + clientSecret))
);
System.debug('code_identifier: ' + codeIdentifier);
System.debug('code_challenge : ' + codeChallenge);After executing it, open the execution log, click on Debug Only, and you should see two values as shown below. Take note of them.
In the Custom Request Parameters section, edit the existing code_identifier and code_challenge rows. Replace SET_DURING_AKENEO_SETUP with the generated values. Keep both rows as Token Request Body Parameter and do not create duplicate parameter rows.
Auth. Provider approach
Older versions of the app do not include the packaged External Credential or External Auth Identity Provider. On those versions, connect to Akeneo using the packaged Akeneo Auth. Provider (an Apex Auth. Provider plugin shipped with the app) together with a classic Named Credential. The plugin performs the Akeneo PKCE handshake for you, so you do not have to compute any code values by hand. The screenshots in this legacy section use placeholders only.
Create the Salesforce Auth. Provider
Go to Setup > Identity > Auth. Providers and click New. For Provider Type, choose Akeneo (the Apex plugin packaged with the app). Fill in the fields below and Save:
| Field | Value |
|---|---|
| Name / URL Suffix | Akeneo (the suffix becomes part of the Callback URL) |
| Client ID | The Client ID from your Akeneo Custom App |
| Client Secret | The Client Secret from your Akeneo Custom App |
| Authorize Endpoint | https://<your-akeneo-domain>/connect/apps/v1/authorize |
| Token Endpoint | https://<your-akeneo-domain>/connect/apps/v1/oauth2/token |
| Base Endpoint | https://<your-akeneo-domain> |
| Authentication Scopes | The full scope value below |
Be sure to enter the full value for the scope:
read_products read_catalog_structure read_channel_settings read_channel_localization read_attribute_options read_catalogs write_catalogs delete_catalogs read_categories
Create the Named Credential
Named Credentials are preconfigured endpoints together with safely stored authentication information.
That way, in Salesforce, we can simply use the callout name of a Named Credential to access an endpoint and its various targets without the need to deal with authentication.
Navigate to Setup > Security > Named Credentials
Do not simply click on the New button, but on the chevron next to it as shown in the image below, and then click on New Legacy.
Now enter the following information as shown below:
| Field | Value |
|---|---|
| Label | Akeneo |
| Name | Akeneo (must be exactly this) |
| URL | https://<your-akeneo-domain> |
| Identity Type | Named Principal |
| Authentication Protocol | OAuth 2.0 |
| Authentication Provider | Akeneo (from the previous step) |
| Scope | The full scope value (same as above) |
| Start Authentication Flow on Save | Checked (true) |
| Generate Authorization Header | Checked (true) |
Once completed the input fields as shown above, click Save.
Now you should be redirected to Akeneo to complete the Connected App configuration you started before. So in the next screens agree on the Privacy Policy and Terms of Use, and configure the following screens for your needs. It will automatically proceed with the OAuth authorization and finally lead you into the logged-in Salesforce org.
If this happens, you have successfully configured the connection between both systems.
Once the app is authenticated, you will see this status in the Named Credential you have created. Ignore the warnings since the refresh access token stays permanent on the Akeneo side.
PKCE handled for you
The packaged Akeneo Auth. Provider plugin generates the code_verifier, code_challenge, and code_identifier automatically. You do not need to compute or enter any code values.
User access
This classic Named Credential uses a Named Principal, so it stores one shared authentication that the connector's Apex uses (callout:Akeneo). No per-user principal assignment is required. If your org restricts Named Credential access, make sure the user that runs transfers can use it.
You have now successfully connected your Akeneo PIM to Salesforce.
Follow the steps in this documentation to setup your first catalog and launch the first transfer of products.