Authenticate a Salesforce Org

Task Id




This task is used to authenticate against a salesforce org to do further actions. The task supports authentication to org using JWT (recommended) or using username/password/security. The org can then further accessed by utilizing the provided alias. It is highly recommended to create a service user while using this task.

To read more about JWT based authentication and to generate the private key files, please follow the instruction here.


Install sfdx with sfpowerkit task must be added to the pipeline before utilizing this task

Task Snapshot

Service Connection
Service Connection
Authenticate a Salesforce Org using Service Connection
Authenticate a Salesforce Org using JWT
Authenticate a Salesforce Org using credentials


Input Parameters
Output Parameters
Control Options
YAML Sample
Input Parameters

Classic Designer Labels are in Bold, YAML Variables are in italics

  • Authentication Method / method

    The method to authenticate this org. Available methods are either using Service Connection, JWT or using Credentials (Username/Password/Security Token)

  • Salesforce Connection / salesforce_connection

    This option is required only if the method of authentication is using the service connection. Provide the name of the service connection in this field

  • Secure File / jwt_key_file

    Secure file containing the private key, used only if the authentication method is JWT based. Instructions to store the private key as a secure file are available here

  • Username / username

    Username for the authenticated user (available in both JWT and Credentials based authentication mode)

  • clientid / clientid

    OAuth client ID (sometimes called the consumer key) (available only in JWT based authentication mode)

  • Password / password

    Password for the authenticated user (available only in Credentials based authentication mode)

  • Security Token / securitytoken

    Security Token for this particular user, Security Token requirement can be removed by ensuring the particular user is allowed to connect to Salesforce from whitelisted IP ranges that include the IP ranges where Azure hosted agents will be executed. (available only in Credentials based authentication mode)

  • Alias / alias

    Alias of the org to be used in subsequent tasks (available in both JWT and Credentials based authentication mode)

  • Authenticate this org as a DevHub/Production / isDevhub

    Enable this variable, if the org is to be authenticated as a DevHub/Production, this is required incase this org is used in subsequent task to create a scratch org or to create an unlocked package (available in both JWT and Credentials based authentication mode)

Output Parameters


Control Options


YAML Sample
# Authenticate to an org using Service Connection
displayName: "Authenticate HubOrg using ServiceConnection"
salesforce_connection: "devhub"
alias: HubOrg

JWT based authentication is the preferred approach and it is intended for CI/CD based non human authentication

A newly established JWT Connection will take a few minutes to establish. Please wait a few minutes before you trigger the execution

Both Service Connection and Credential based authentication utlilizessfpowerkit:auth:login for authentication and is quite unstable when utilized for creating ScratchOrg. Utilize this only for login to the sandboxes for a short running task


  • 9.0.8 Update Core dependency

  • 9.0.5 Updated major versions to remove telemetry collection

  • 8.0.5 Refactored to use revamped folder structure

  • 7.0.0 Add clarity for DevHub / Production for authentication

  • 6.0.0 Support Service Connection based Authentication

  • 5.2.0 Updated to work on Hosted Windows Agents

  • 5.1.1 Updated with Telemetry

  • 4.1.0 New version with updated id

  • 3.0.0 Deprecated Version

  • 3.0.0 Initial Version

Edit on GitHub