Security change to Outbound Messaging

Note Salesforce updates are subject to change beyond our control. Sage People attempts to maintain our content in alignment: for the most up to date information, refer to Salesforce documentation.

What's happening?

Salesforce is removing a part of this feature that it uses to optionally include a temporary access token (called a Session ID) inside these messages.

This token allows the receiving system to connect back into Salesforce automatically to retrieve the information it needs without other authentication.

Will this affect you?

This change only affects customers who have configured Outbound Messages. These customers include the Sessin ID in the message, and then use that Session ID to connect back to Salesforce. If you have set up Outbound Messages and include the Session ID, but the receiving system only receives and processes them, you’re not affected.

If you’re unsure if you’re using Outbound Messages, you can check this. in Sage People, search for ‘Outbound Messages’ in Setup and check to see if you have any configured. Where you find any Outbound Messages, contact the integration owner for further details on how they’re processing the message.

Recommended action

If you’re using Session IDs from Outbound Messages to make API calls back into Sage People, contact the owner of the integration. They’ll need to change their authentication method for the integration to remain operational.

For more details, see Salesforce's article: Security updates to the Outbound Message with Session ID.